protected void SetPassword(UserViewFull user, string newPassword) { var salt = hashService.GetSalt(); user.salt = Convert.ToBase64String(salt); user.password = Convert.ToBase64String(hashService.GetHash(newPassword, salt)); }
protected bool Verify(UserViewFull user, string password) { //Get hash for given password using old hash to authenticate var hash = hashService.GetHash(password, Convert.FromBase64String(user.salt)); return(hash.SequenceEqual(Convert.FromBase64String(user.password))); }
public void TestUserConvert() { var service = CreateService <UserViewSource>(); //Just some standard content view var view = new UserViewFull() { username = "******", password = "******", salt = "thesearebytefieldsbro", avatar = 88, email = "*****@*****.**", registrationKey = "12345", special = "wowzers", hidelist = new List <long>() { 5, 8, 99 } }; FillHistoricView(view); var temp = service.FromView(view); var view2 = service.ToView(temp); Assert.Equal(view, view2); }
protected Task <UserViewFull> SpecialWrite(UserViewFull original, UserViewFull updated, Requester requester) { //All of these force a public update, which is honestly simpler if (original.avatar != updated.avatar || original.username != updated.username || original.special != updated.special) { return(service.WriteAsync(updated, requester)); } else { return(service.WriteSpecialAsync(original.id, requester, p => { //Regardless of if these were updated or not, set them anyway. Shouldn't do any harm... service.Source.SetEmail(p, updated); service.Source.SetHidelist(p, updated); service.Source.SetPassword(p, updated); })); } }
public async Task <ActionResult <string> > Authenticate([FromBody] UserAuthenticate user) { UserViewFull userView = null; var requester = GetRequesterNoFail(); if (user.username != null) { userView = await service.FindByUsernameAsync(user.username, requester); } else if (user.email != null) { userView = await service.FindByEmailAsync(user.email, requester); } //Should this be the same as bad password? eeeehhhh if (userView == null) { return(BadRequest("Must provide a valid username or email!")); } if (!string.IsNullOrWhiteSpace(userView.registrationKey)) //There's a registration code pending { return(BadRequest("You must confirm your email first")); } if (!Verify(userView, user.password)) { return(BadRequest("Password incorrect!")); } TimeSpan?expireOverride = null; //Note: this allows users to create ultimate super long tokens for use like... forever. Until we get //the token expirer set up, this will be SCARY if (user.ExpireSeconds > 0) { expireOverride = TimeSpan.FromSeconds(user.ExpireSeconds); } return(GetToken(userView.id, expireOverride)); }
public ModuleViewServiceTests() { userService = CreateService <UserViewService>(); superUser = userService.WriteAsync(new UserViewFull() { username = "******" }, system).Result; basicUser = userService.WriteAsync(new UserViewFull() { username = "******" }, system).Result; super = new Requester() { userId = superUser.id }; basic = new Requester() { userId = basicUser.id }; sysConfig.SuperUsers.Add(superUser.id); }