Example #1
0
        public void GeneratePasswordReturnsPassword()
        {
            var hashService = Substitute.For<IHashService>();
            var hash = new byte[] {0, 0, 0, 0, 0, 0, 0, 0};
            var expectedHash = new byte[] { 0, 0, 0, 0 };
            hashService.Hash(Arg.Any<byte[]>(), Arg.Any<byte[]>(), Arg.Any<int>(), Arg.Any<int>(), Arg.Any<int>())
                .Returns(ci=>hash);
            var controller = CreateController(hashService: hashService);
            var passwordRequest = new PasswordRequest()
                                      {
                                          HashLength = 64,
                                          Iterations = 1000,
                                          MaximumWordLength = 12,
                                          MinimumWordLength = 6,
                                          PassPhrase = "password",
                                          SaltLength = 16,
                                          SourceType = SourceType.Manual,
                                          WordComplexity = 1000,
                                          WordCount = 0
                                      };
            var password = controller.GeneratePassword(passwordRequest);

            IStructuralEquatable output = password.Model.Hash;
            Assert.True(output.Equals(expectedHash, StructuralComparisons.StructuralEqualityComparer));
        }
Example #2
0
        public JsonResult<Password> GeneratePassword(PasswordRequest passwordRequest)
        {
            if (passwordRequest.WordCount > 6)
                return null;

            if (passwordRequest.HashLength > 1024)
                return null;

            if (passwordRequest.SaltLength > passwordRequest.HashLength * 0.5m)
                return null;

            if (passwordRequest.Iterations > 10000)
                return null;

            byte[] passPhraseBytes;
            var salt = _hashService.CreateSalt(passwordRequest.SaltLength);
            string[] passwordElements;

            if (passwordRequest.SourceType == SourceType.Auto)
            {
                var wordTask = _wordService.RandomWords(passwordRequest.MinimumWordLength, passwordRequest.WordCount,
                                                        passwordRequest.MaximumWordLength,
                                                        passwordRequest.WordComplexity);
                wordTask.Wait();
                passwordElements = wordTask.Result.Select(w => w.Word).ToArray();
                passPhraseBytes = Encoding.UTF8.GetBytes(string.Join(string.Empty, passwordElements));
            }
            else
            {
                passPhraseBytes = Encoding.UTF8.GetBytes(string.Join(string.Empty, passwordRequest.PassPhrase));
                passwordElements = new[] {passwordRequest.PassPhrase};
            }

            var hash = _hashService.Hash(passPhraseBytes, salt, passwordRequest.Iterations, passwordRequest.HashLength + 4);//pad length as we will remove the version number

            var password = new Password
                               {
                                   Hash = hash.Skip(4).ToArray(),//crop the version number from the start
                                   HashSalt = salt,
                                   PasswordElements = passwordElements,
                                   SourceType = passwordRequest.SourceType
                               };

            return new JsonResult<Password>(password);
        }