public Outcome Execute() { Outcome response = new Outcome(); if (incommingPrincipal == null) { ssoregresponse.isSuccessful = false; ssoregresponse.Messages.Add("No User"); return(response); } HMAC256 hashing = new HMAC256(); var salt = hashing.GenerateSalt(); HashDTO hashDTO = new HashDTO() { Original = incommingPrincipal.Claims.Where(c => c.Type == "password") .Select(c => c.Value).SingleOrDefault() + salt }; ssoregresponse.username = incommingPrincipal.Claims.Where(c => c.Type == "username") .Select(c => c.Value).SingleOrDefault(); ssoregresponse.password = hashing.Hash(hashDTO); ssoregresponse.salt = salt; ssoregresponse.Messages.Add("Success!"); ssoregresponse.isSuccessful = true; response.Result = ssoregresponse; return(response); }
/// <summary> /// check answers from user input /// </summary> /// <returns>returns true if correct answers</returns> public Outcome Execute() { var response = new Outcome(); incommingAnswers.Messages = new List <string>(); if (incommingAnswers.Answers == null) { incommingAnswers.isSuccessful = false; response.Result = incommingAnswers; return(response); } var loginGateway = new LoginGateway(); var dbanswers = loginGateway.GetSecurityQandAs(username); if (dbanswers.isSuccessful == false) { incommingAnswers.isSuccessful = false; response.Result = incommingAnswers; return(response); } // hash answers var hashDTO = new HashDTO(); var hash = new HMAC256(); var hashedAnswers = new Dictionary <int, string>(); foreach (var keys in incommingAnswers.Answers.Keys) { hashDTO.Original = incommingAnswers.Answers[keys]; hashedAnswers[keys] = hash.Hash(hashDTO); } foreach (var keys in hashedAnswers.Keys) { if (hashedAnswers[keys] != dbanswers.Answers[keys]) { incommingAnswers.isSuccessful = false; response.Result = incommingAnswers; return(response); } } incommingAnswers.isSuccessful = true; response.Result = incommingAnswers; return(response); }
public void HashPassword() { HMAC256 hmac256 = new HMAC256(); string password = "******"; string salt = hmac256.GenerateSalt(); HashDTO dto = new HashDTO() { Original = password, Salt = salt }; string hash = hmac256.Hash(dto); for (int i = 0; i < 1000; i++) { Assert.Equal(hash, hmac256.Hash(dto)); } }
/// <summary> /// Execute ValidateCredentials /// check if hash password is equal to hash pass on db /// </summary> /// <returns>returns true if correct pass else false</returns> public Outcome Execute() { var response = new Outcome(); var hashDTO = new HashDTO() { Original = loginDTO.Password + responseDTO.Data.Salt }; var hashedincommingpassword = new HMAC256().Hash(hashDTO); if (hashedincommingpassword == responseDTO.Data.Password) { response.Result = true; return(response); } response.Result = false; return(response); }
public void ValidMatch() { string Salt = "asdf"; string PassFromDB = "pass"; string IncommingPass = "******"; var inchashDTO = new HashDTO() { Original = IncommingPass + Salt }; var dbHashDTO = new HashDTO() { Original = PassFromDB + Salt }; var incomminghashpass = new HMAC256().Hash(inchashDTO); var dbhashpass = new HMAC256().Hash(dbHashDTO); var loginDTO = new LoginDTO() { Password = IncommingPass }; var responseDTO = new ResponseDTO <LoginDTO>() { Data = new LoginDTO() { Salt = Salt } }; var validate = new ValidateCredentials() { loginDTO = loginDTO, responseDTO = responseDTO }; Assert.False((bool)validate.Execute().Result); }
/// <summary> /// Creates dto based on validated information /// </summary> /// <param name="user"> Validated registeration information </param> /// <param name="geoCoordinates"> Validated Geocoordinates based on the location of registration information </param> /// <returns> The gateway DTO needed to create the user in the database </returns> public RegGatewayDTO CreateGatewayDTO(RegInfo user, WebAPIGeocode geoCoordinates) { var hmac = new HMAC256(); var salt = hmac.GenerateSalt(); // Returns null if salt was not generated (empty string) if (salt.Equals("")) { return(null); } var hashDTO = new HashDTO() { Original = user.UserCredInfo.Password + salt }; var hashPassword = hmac.Hash(hashDTO); // Return null if hash was not generated (empty string) if (hashPassword.Equals("")) { return(null); } var questions = new List <string>(); var answers = new List <string>(); foreach (SecurityQuestion QandA in user.SecurityQandAs) { questions.Add(QandA.Question); // hashes the answer to the security question var hmacDTO = new HashDTO() { Original = QandA.Answer }; var hashAnswer = hmac.Hash(hmacDTO); // returns null if hash was not generated if (hashAnswer.Equals("")) { return(null); } answers.Add(hashAnswer); } // Maps data to the dto for the gateway var mappedDTO = new RegGatewayDTO() { UserName = user.UserCredInfo.Username, Password = hashPassword, FirstName = user.UserProfile.FirstName, LastName = user.UserProfile.LastName, Type = user.UserProfile.UserType, Skill = user.UserProfile.Skill, Address = geoCoordinates.Street, City = geoCoordinates.City, State = geoCoordinates.State, Zipcode = geoCoordinates.ZipCode, Longitude = geoCoordinates.Longitude, Latitude = geoCoordinates.Latitude, UserClaims = new SetDefaultClaims().GetDefaultClaims(), Salt = salt, Questions = questions, Answers = answers }; return(mappedDTO); }
/// <summary> /// Set nw password for user /// </summary> /// <returns>return true if successful else false</returns> public Outcome Execute() { var response = new Outcome(); var messages = new List <string>(); ResetPasswordResponseDTO validResponse = new ResetPasswordResponseDTO(); // Returns error if user credentials are null if (incommingCredentials == null) { validResponse.isSuccessful = false; messages.Add(AccountConstants.REGISTRATION_INVALID); validResponse.Messages = messages; response.Result = validResponse; return(response); } var validator = new UserCredValidator(); var results = validator.Validate(incommingCredentials); IList <ValidationFailure> failures = results.Errors; // Returns any error messages if there was any when validating if (failures.Any()) { foreach (ValidationFailure failure in failures) { messages.Add(failure.ErrorMessage); } validResponse.isSuccessful = false; validResponse.Messages = messages; response.Result = validResponse; return(response); } if (new BadPasswordService().BadPassword(incommingCredentials.Password) == true) { validResponse.isSuccessful = false; messages.Add("Bad Password"); validResponse.Messages = messages; response.Result = validResponse; return(response); } HMAC256 hashPassword = new HMAC256(); string newSALT = hashPassword.GenerateSalt(); HashDTO hashDTO = new HashDTO() { Original = incommingCredentials.Password + newSALT }; string newPassword = hashPassword.Hash(hashDTO); LoginDTO newCredentials = new LoginDTO() { UserName = incommingCredentials.Username, Password = newPassword, SaltValue = newSALT }; LoginGateway loginGateway = new LoginGateway(); response.Result = loginGateway.SetNewPass(newCredentials); return(response); }
public Hash CreateRequestHash([FromBody] HashDTO hash) { return(_hashService.CreateRequestHash(hash)); }