/// <summary> /// Gets the hash code /// </summary> /// <returns>Hash code</returns> public override int GetHashCode() { unchecked // Overflow is fine, just wrap { var hashCode = 41; // Suitable nullity checks etc, of course :) if (Uuid != null) { hashCode = hashCode * 59 + Uuid.GetHashCode(); } if (Username != null) { hashCode = hashCode * 59 + Username.GetHashCode(); } if (Name != null) { hashCode = hashCode * 59 + Name.GetHashCode(); } if (Surname != null) { hashCode = hashCode * 59 + Surname.GetHashCode(); } if (Email != null) { hashCode = hashCode * 59 + Email.GetHashCode(); } if (PhoneNumber != null) { hashCode = hashCode * 59 + PhoneNumber.GetHashCode(); } if (Password != null) { hashCode = hashCode * 59 + Password.GetHashCode(); } if (HashedPassword != null) { hashCode = hashCode * 59 + HashedPassword.GetHashCode(); } hashCode = hashCode * 59 + IsDeleted.GetHashCode(); if (DeletedTime != null) { hashCode = hashCode * 59 + DeletedTime.GetHashCode(); } if (Avatar != null) { hashCode = hashCode * 59 + Avatar.GetHashCode(); } if (LdapAuthenticationMode != null) { hashCode = hashCode * 59 + LdapAuthenticationMode.GetHashCode(); } if (Roles != null) { hashCode = hashCode * 59 + Roles.GetHashCode(); } return(hashCode); } }
public CustomIdentityUser(string email, string username, string passwordHash, int age) { Email = email; UserName = username; PasswordHash = passwordHash; PasswordHashEntity = new HashedPassword(PasswordHash); Age = age; }
} // Name public override void Execute() { bool emptyPassword = string.IsNullOrWhiteSpace(this.oldPassword) || string.IsNullOrWhiteSpace(this.newPassword) || string.IsNullOrWhiteSpace(this.newPasswordAgain); if (emptyPassword) { throw new StrategyWarning(this, "Password not specified for broker '" + this.spLoad.ContactEmail + "'."); } if (this.oldPassword == this.newPassword) { throw new StrategyWarning( this, "New and old passwords are the same for broker '" + this.spLoad.ContactEmail + "'." ); } // if if (this.newPassword != this.newPasswordAgain) { throw new StrategyWarning( this, "New password and its confirmation are not the same for broker '" + this.spLoad.ContactEmail + "'." ); } // if this.spLoad.ExecuteNonQuery(); if (BrokerID < 1) { throw new StrategyWarning(this, "Failed to find broker by email '" + this.spLoad.ContactEmail + "'."); } var pu = new PasswordUtility(CurrentValues.Instance.PasswordHashCycleCount); var currentHashed = new HashedPassword( this.spLoad.ContactEmail, this.spLoad.CycleCount, this.spLoad.EzPassword, this.spLoad.Salt ); if (!pu.Validate(this.oldPassword, currentHashed)) { throw new StrategyWarning( this, "Current password does not match for broker by email '" + this.spLoad.ContactEmail + "'." ); } // if var hashed = pu.Generate(this.spLoad.ContactEmail, this.newPassword); new SpBrokerUpdatePassword(BrokerID, hashed, DB, Log).ExecuteNonQuery(); FireToBackground(new BrokerPasswordChanged(BrokerID, this.newPassword)); } // Execute
public void ChangePassword(PasswordEdit.Command request) { if (HashedPassword.NotEqual(Hash.Create(request.CurrentPassword))) { throw new DomainException("Current password does not match"); } HashedPassword = Hash.Create(request.Password); }
public void UpdatePassword(User user, HashedPassword hashedPassword) { var conn = _mySqlProvider.GetMySqlConnection(); conn.Query <dynamic>("update users set password = @Password where `uuid` = @Uuid", new { Password = hashedPassword.Value, Uuid = user.UserUuid.Value }); DispatchEvents(user); }
public bool AreMatching( HashedPassword hashedPassword, UnhashedPassword unhashedPassword) { return(BCrypt.Net.BCrypt .Verify( unhashedPassword.Value, hashedPassword.Value)); }
public void WhenTextProvided_ThenSetProperties() { var sut = new HashedPassword(ClearText); Assert.That(sut.ClearPassword, Is.EqualTo(ClearText)); Assert.That(sut.Hash, Is.EqualTo(Sha1Text)); Assert.That(sut.HashPrefix, Is.EqualTo("8CB22")); Assert.That(sut.HashSuffix, Is.EqualTo("37D0679CA88DB6464EAC60DA96345513964")); }
public void MatchWith_ReturnsCorrectResult(bool areMatching) { HashedPassword hashedPassword = CreateHashedPassword(); Assert.AreEqual( areMatching, hashedPassword.MatchWith( new UnhashedPassword("password"), CreateStubPasswordHashComparerReturning(areMatching))); }
public bool DoesPasswordMatch(string trialPassword) { if (Salt == string.Empty) { return(HashedPassword.Equals(trialPassword, StringComparison.InvariantCulture)); } var hashedTrial = EncryptPassword(trialPassword); return(HashedPassword.Equals(hashedTrial, StringComparison.InvariantCulture)); }
public void IsPasswordMatch_MatchingPasswords_Returns() { string expectedPassword = "******"; PasswordHelper passwordManager = new PasswordHelper(); HashedPassword actualHashedPassword = passwordManager.GeneratePasswordHash(expectedPassword); Assert.IsTrue(passwordManager.IsPasswordMatch(expectedPassword, actualHashedPassword)); }
// Consider password transformation (if available in plain text, we can import it). public static ImportResult Import(IDbConnection c, string inputFile, long idCreator) { var result = new ImportResult(); // TODO: // - remove this, support upload. // - support the case of empty fields. So far, height and weight cannot be empty, check with other numbers as well. inputFile = @"C:\users\dsuar\Desktop\user sample data.csv"; using (var r = File.OpenText(inputFile)) { var csv = new CsvReader(r, new Configuration { //HeaderValidated = (isValid, headerNames, headerNameIndex, context) => { }, HeaderValidated = null, MissingFieldFound = null, ReadingExceptionOccurred = (ex) => { result.Errors.Add(new ImportError { Line = ex.ReadingContext.RawRecord, Error = ex.Message, LineNumber = ex.ReadingContext.RawRow, Column = ex.ReadingContext.CurrentIndex }); result.NumRecordsWithError++; } }); var records = csv.GetRecords <Player>(); var t = c.BeginTransaction(); try { foreach (var player in records) { var p = player.UserData.Password; HashedPassword hashPass = (p != null) ? AuthTokenManager.HashPassword(p) : null; // TODO: validate email / mobile doesn't exist already PlayersController.InsertPlayer(c, t, player, player.UserData.Id, idCreator, true, hashPass, UserEventType.PlayerImported); } t.Commit(); } catch { t.Rollback(); } } return(result); }
public void Handler_ThrowsArgumentNullException_WhenPasswordIsNull() { var userStore = new Mock<IUserStore<User, int>>(MockBehavior.Strict); var userManager = new UserManager<User, int>(userStore.Object); var handler = new HandleHashedPasswordQuery(userManager); var query = new HashedPassword(null); var exception = Assert.Throws<ArgumentNullException>(() => handler.Handle(query).Result); exception.ShouldNotBeNull(); }
private User CrearUser(User usuarionuevo) { HashedPassword Password = HashHelper.Hash(usuarionuevo.Clave); User user = new User(); user.Usuario = usuarionuevo.Usuario; user.Clave = Password.Password; user.Sal = Password.Salt; CapaLogica.CrearUsuario(user); return(user); }
public void Handler_ReturnsResult_FromUserManager_PasswordHasher(string password) { var userStore = new Mock<IUserStore<User, int>>(MockBehavior.Strict); var userManager = new UserManager<User, int>(userStore.Object); var handler = new HandleHashedPasswordQuery(userManager); var query = new HashedPassword(password); string result = handler.Handle(query).Result; result.ShouldNotBeNull(); }
public void MaximumComplexityPasswordTest() { int expected = 16777216; string password = "******"; PasswordHashing provider = new PasswordHashing(complexity: 24); string hash = provider.Compute(password); HashedPassword hashed = (HashedPassword)hash; Assert.AreEqual(expected, hashed.Iterations); }
public async Task AccountService_CreateAccount_GeneratesPassword() { var repositoryMock = new EntityRepositoryMock(); var sut = new AccountService(repositoryMock, repositoryMock); await sut.CreateAccount("*****@*****.**", "testpassword"); var account = repositoryMock.GetEntities <Account>().Single(); var hashedPassword = new HashedPassword(account.PasswordHash, account.PasswordSalt); Assert.IsTrue(hashedPassword.EqualsPlainPassword("testpassword"), "Password not set correctly."); }
public IActionResult CreateUserForm(User user) { HashProvider hashProvider = new HashProvider(); HashedPassword newPasscode = hashProvider.HashPassword(user.Password); user.Salt = newPasscode.Salt; user.Password = newPasscode.Password; userDAL.CreateUser(user); return(RedirectToAction("Index", "Home")); }
public SpBrokerUpdatePassword( int brokerID, HashedPassword password, AConnection oDB, ASafeLog oLog ) : base(oDB, oLog) { BrokerID = brokerID; NewPassword = password.Password; Salt = password.Salt; CycleCount = password.CycleCount; } // constructor
public async Task <bool> PasswordEqualsHashAsync(string password, byte[] hash, byte[] salt) { HashedPassword hashedPassword = await EncryptAsync( Encoding.UTF8.GetBytes(password), salt); if (Enumerable.SequenceEqual(hash, hashedPassword.Hash)) { return(true); } return(false); }
public void CustomLengths() { var hashLength = 100; var saltLength = 8; var hash = HashedPassword.New("foo", hashLength, saltLength); Assert.IsTrue(hash.Check("foo")); Assert.IsFalse(hash.Check("bar")); Assert.AreEqual(hashLength, hash.Hash.Length); Assert.AreEqual(saltLength, hash.Salt.Length); }
public long GetCount(HashedPassword hashedPassword) { foreach (var line in RawContentLines) { if (line.StartsWith(hashedPassword.HashSuffix)) { var value = line.Substring(hashedPassword.HashSuffix.Length + 1); return(Convert.ToInt64(value)); } } return(0); }
public void IsPasswordMatch_UnmatchingPasswords_ReturnsFalse() { string expectedPassword = "******"; PasswordHelper passwordManager = new PasswordHelper(); HashedPassword actualHashedPassword = new HashedPassword(); actualHashedPassword = passwordManager.GeneratePasswordHash(expectedPassword); expectedPassword = "******"; Assert.IsFalse(passwordManager.IsPasswordMatch(expectedPassword, actualHashedPassword)); }
/// <summary> /// Changes the password of the specified account. /// </summary> /// <param name="email">E-Mail Address of the account of which to change the password.</param> /// <param name="newPassword">Password that should be used for the account.</param> /// <returns>A Task that will complete when the password has been changed.</returns> public async Task ChangePassword(int accountId, string newPassword) { var account = await _entityQuerySource.GetById <Account>(accountId); var hashedPassword = HashedPassword.CreateFromPlainPassword(newPassword); await _entityRepositoryFactory.Use(repository => { repository.Change <Account>(account.Id, a => { a.PasswordHash = hashedPassword.Hash; a.PasswordSalt = hashedPassword.Salt; }); }); }
/// <summary> /// Checks a password for the specified account. /// </summary> /// <param name="email">E-Mail Address of the account to check the password for.</param> /// <param name="password">Password that should match the password of the account.</param> /// <returns>True, if the password matches the password of the account; otherwise false.</returns> public async Task <bool> CheckAccountPassword(string email, string password) { // A non-existing account for the email will be treated as a normal // failed password check to not disclose the information about the existence. var account = await GetAccountByEmail(email, suppressException : true); if (account == null) { return(false); } var hashedPassword = new HashedPassword(account.PasswordHash, account.PasswordSalt); return(hashedPassword.EqualsPlainPassword(password)); }
public async ValueTask <bool> SignInAsync(RmanagerUser user, HttpContext httpContext, bool rememberMe = true, bool validPassword = true) { var u = await GetUserByEmailAsync(user.Email); if (u == null) { throw new _400Exception("Cannot find the Email!"); } bool auth = true; if (validPassword) { var hash = u.PassWordHash.Substring(0, 32); var salt = u.PassWordHash.Substring(32); var h = new HashedPassword(hash, salt); auth = h.Check(user.PassWordHash); } if (auth) { var authProperties = new AuthenticationProperties { //there are many properties in class AuthenticationProperties IsPersistent = rememberMe }; //这一块是干嘛的?? var claims = new List <Claim>() { new Claim(ClaimTypes.Email, u.Email), new Claim(ClaimTypes.Name, u.Id.ToString()), }; for (int i = 0; i < u.Roles.Count; i++) { claims.Add(new Claim(ClaimTypes.Role, u.Roles[i])); } var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); var c = new ClaimsPrincipal(); await httpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties); return(true); } else { throw new _401Exception("Password and email do not match!"); } }
public async ValueTask <bool> ChallengeAsync(string email, string password) { try { var pwdhash = await FindFirstAsync(u => u.Email == email, u => u.PassWordHash); var hash = pwdhash.Substring(0, 32); var salt = pwdhash.Substring(32); var h = new HashedPassword(hash, salt); return(h.Check(password)); } catch (Exception) { return(false); } }
public User Login(string userNameOrEmail, string password) { var user = _unitOfWork.Users.GetByUsernameOrEmail(userNameOrEmail); if (user == null) { return(new InvalidUser()); } var passwordHelper = new PasswordHelper(); var hashedPassword = new HashedPassword { PasswordHash = user.UserLogin.PasswordHash, Salt = user.UserLogin.Salt }; return(passwordHelper.IsPasswordMatch(password, hashedPassword) ? user : new InvalidUser()); }
public void Value_PasswordIsHashedUsingHashGenerator() { var stubHashGenerator = Substitute.For <IPasswordHashGenerator>(); stubHashGenerator .Generate(Arg.Any <UnhashedPassword>()) .Returns("HashedPassword"); var hashedPassword = new HashedPassword( CreateStubUnhashedPassword(), stubHashGenerator); Assert.AreEqual( "HashedPassword", hashedPassword.Value); }
/// <summary> /// Hashes the password and returns an object with the hashed password and salt. /// Both the hashed password and salt must be stored in order to verify it at a later stage. /// Reference: https://www.ktlsolutions.com/how-tos/effective-password-hashing/ /// </summary> /// <param name="password">The password.</param> /// <returns></returns> public HashedPassword HashPassword(string password) { var hashedPassword = new HashedPassword(); var saltBytes = new byte[64]; var provider = new RNGCryptoServiceProvider(); provider.GetNonZeroBytes(saltBytes); hashedPassword.Salt = Convert.ToBase64String(saltBytes); var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltBytes, 10000); hashedPassword.Password = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256)); return(hashedPassword); }
public void Compute_Verify_Pass() { var buf = IDPasswordCredentials.PlainPasswordToSecureBuffer("qwerty"); var hash = Manager.ComputeHash(PasswordFamily.Text, buf); bool rehash, check; check = Manager.Verify(buf, hash, out rehash); Aver.IsTrue(check); buf = IDPasswordCredentials.PlainPasswordToSecureBuffer("@8luE+5ky="); hash = Manager.ComputeHash(PasswordFamily.Text, buf); check = Manager.Verify(buf, hash, out rehash); Aver.IsTrue(check); check = Manager.Verify(buf, HashedPassword.FromString(hash.ToJSON()), out rehash); Aver.IsTrue(check); }
public void BytesLong(int cnt) { var a = new byte[cnt]; var b = new byte[cnt]; for (var i = 0; i < cnt; i++) { a[i] = (byte)i; b[i] = (byte)i; } Aver.IsTrue(HashedPassword.AreStringsEqualInLengthConstantTime(a, b)); a = ((byte)1).ConcatArray(Ambient.Random.NextRandomBytes(cnt - 1)); b = ((byte)2).ConcatArray(Ambient.Random.NextRandomBytes(cnt - 1)); Aver.IsFalse(HashedPassword.AreStringsEqualInLengthConstantTime(a, b)); }
public void StringLong(int cnt) { var a = ""; var b = ""; for (var i = 0; i < cnt; i++) { a += i.ToString(); b += i.ToString(); } Aver.IsTrue(HashedPassword.AreStringsEqualInLengthConstantTime(a, b)); a = "1" + Ambient.Random.NextRandomWebSafeString(cnt - 1); b = "2" + Ambient.Random.NextRandomWebSafeString(cnt - 1); Aver.IsFalse(HashedPassword.AreStringsEqualInLengthConstantTime(a, b)); }
public void Query_Ctor_SetsPasswordProperty() { var password = FakeData.String(); var query = new HashedPassword(password); query.Password.ShouldEqual(password); }
public bool Equals(Password password, HashedPassword hashedPassword) { string salt = hashedPassword.Salt; return string.Equals(Hash(password + salt), hashedPassword.ToString()); }