public IActionResult Change(string currentPassword, string newPassword) { User currentUser = Functions.getUser(_cache); var userToChange = _db.Users.Where(a => a.Id == currentUser.Id).FirstOrDefault(); if (currentUser.isPasswordKeptAsHash == "SHA512") { if (Functions.Login(currentUser, currentPassword)) { userToChange = Functions.ChangePasswordSHA(newPassword, userToChange); _cache.Set(CacheNames.user, userToChange); _cache.Set(CacheNames.masterPassword, userToChange.Password); _cache.Set(CacheNames.getMasterPassword, "0"); // rehash passwords List <Passwd> passwds = _db.Passwds.Where(a => a.UserId == currentUser.Id).ToList(); passwds = AESHelper.rehashPasswds(passwds, currentUser.Password, userToChange.Password); _db.SaveChanges(); return(RedirectToAction("Index", "Passwd")); } } else { if (Functions.Login(currentUser, currentPassword)) { userToChange = Functions.ChangePasswordHMAC(newPassword, userToChange); List <Passwd> passwds = _db.Passwds.Where(a => a.UserId == currentUser.Id).ToList(); passwds = AESHelper.rehashPasswds(passwds, currentUser.Password, userToChange.Password); _cache.Set(CacheNames.user, userToChange); _cache.Set(CacheNames.masterPassword, userToChange.Password); _cache.Set(CacheNames.getMasterPassword, "0"); _db.SaveChanges(); return(RedirectToAction("Index", "Passwd")); } } return(RedirectToAction("ChangePassword")); }
public void ShouldRehashPasswordWhenMasterPasswordChanged() { string password0 = AESHelper.DecryptToString(Convert.FromBase64String(passwdToRehash[0].Password), userToRehash.Password); Assert.Equal("testy", password0); string password1 = AESHelper.DecryptToString(Convert.FromBase64String(passwdToRehash[1].Password), userToRehash.Password); Assert.Equal("adam", password1); var userWithChangedPassword = Functions.ChangePasswordSHA("Lab1", user); Assert.True(Functions.Login(userWithChangedPassword, "Lab1")); passwdToRehash = AESHelper.rehashPasswds(passwdToRehash, userToRehash.Password, userWithChangedPassword.Password); string rehashedpassword0 = AESHelper.DecryptToString(Convert.FromBase64String(passwdToRehash[0].Password), userWithChangedPassword.Password); Assert.Equal(password0, rehashedpassword0); string rehashedpassword1 = AESHelper.DecryptToString(Convert.FromBase64String(passwdToRehash[1].Password), userWithChangedPassword.Password); Assert.Equal(password1, rehashedpassword1); }