public static void ConfigurePasswordOptions(this PasswordOptions output, IPasswordConfiguration input)
{
output.RequiredLength = input.RequiredLength;
output.RequireNonAlphanumeric = input.RequireNonLetterOrDigit;
output.RequireDigit = input.RequireDigit;
output.RequireLowercase = input.RequireLowercase;
output.RequireUppercase = input.RequireUppercase;
}
public void Get_Stored_Password_Hashed()
{
IPasswordConfiguration passwordConfiguration = Mock.Of <IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName);
var passwordSecurity = new LegacyPasswordSecurity();
var salt = LegacyPasswordSecurity.GenerateSalt();
var stored = salt + "ThisIsAHashedPassword";
var result = passwordSecurity.ParseStoredHashPassword(passwordConfiguration.HashAlgorithmType, stored, out string initSalt);
Assert.AreEqual("ThisIsAHashedPassword", result);
}
public void Format_Pass_For_Storage_Hashed()
{
IPasswordConfiguration passwordConfiguration = Mock.Of <IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName);
var passwordSecurity = new LegacyPasswordSecurity();
var salt = LegacyPasswordSecurity.GenerateSalt();
var stored = "ThisIsAHashedPassword";
var result = passwordSecurity.FormatPasswordForStorage(passwordConfiguration.HashAlgorithmType, stored, salt);
Assert.AreEqual(salt + "ThisIsAHashedPassword", result);
}
public void Check_Password_Hashed_KeyedHashAlgorithm()
{
IPasswordConfiguration passwordConfiguration = Mock.Of <IPasswordConfiguration>(x => x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName);
var passwordSecurity = new LegacyPasswordSecurity();
var pass = "******";
var hashed = passwordSecurity.HashNewPassword(passwordConfiguration.HashAlgorithmType, pass, out string salt);
var storedPassword = passwordSecurity.FormatPasswordForStorage(passwordConfiguration.HashAlgorithmType, hashed, salt);
var result = passwordSecurity.VerifyPassword(passwordConfiguration.HashAlgorithmType, "ThisIsAHashedPassword", storedPassword);
Assert.IsTrue(result);
}
protected PasswordConfiguration(IPasswordConfiguration configSettings)
{
if (configSettings == null)
{
throw new ArgumentNullException(nameof(configSettings));
}
RequiredLength = configSettings.RequiredLength;
RequireNonLetterOrDigit = configSettings.RequireNonLetterOrDigit;
RequireDigit = configSettings.RequireDigit;
RequireLowercase = configSettings.RequireLowercase;
RequireUppercase = configSettings.RequireUppercase;
HashAlgorithmType = configSettings.HashAlgorithmType;
MaxFailedAccessAttemptsBeforeLockout = configSettings.MaxFailedAccessAttemptsBeforeLockout;
}
/// <summary>
/// Returns the configuration of the membership provider used to configure change password editors
/// </summary>
/// <param name="passwordConfiguration"></param>
/// <param name="allowManuallyChangingPassword"></param>
/// <returns></returns>
public static IDictionary <string, object> GetConfiguration(
this IPasswordConfiguration passwordConfiguration,
bool allowManuallyChangingPassword = false) =>
new Dictionary <string, object>
{
{ "minPasswordLength", passwordConfiguration.RequiredLength },
// TODO: This doesn't make a ton of sense with asp.net identity and also there's a bunch of other settings
// that we can consider with IPasswordConfiguration, but these are currently still based on how membership providers worked.
{ "minNonAlphaNumericChars", passwordConfiguration.GetMinNonAlphaNumericChars() },
// A flag to indicate if the current password box should be shown or not, only a user that has access to change other user/member passwords
// doesn't have to specify the current password for the user/member. A user changing their own password must specify their current password.
{ "allowManuallyChangingPassword", allowManuallyChangingPassword },
};
public static int GetMinNonAlphaNumericChars(this IPasswordConfiguration passwordConfiguration)
{
return(passwordConfiguration.RequireNonLetterOrDigit ? 2 : 0);
}
public PasswordGenerator(IPasswordConfiguration passwordConfiguration) =>
public PasswordAssistant(IPasswordConfiguration config)
{
Config = config;
}
public PasswordGenerator(IPasswordConfiguration passwordConfiguration)
{
_passwordConfiguration = passwordConfiguration;
}