public async Task <IActionResult> CreateUser(CreateUserViewModel model)
{
var user = new AppUser {
UserName = model.Email, Email = model.Email
};
var password = _passwordGenerator.Generate();
var result = await _userManager.CreateAsync(user, password);
if (result.Succeeded)
{
return(Ok());
}
return(BadRequest());
}
/// <summary>
/// Signs the provided resource with an Authenticode signature.
/// </summary>
/// <param name="input">Object to sign</param>
/// <param name="cert">Certificate to use for signing</param>
/// <param name="description">Description to sign the object with</param>
/// <param name="url">URL to include in the signature</param>
/// <returns>A signed copy of the file</returns>
public async Task <byte[]> SignAsync(byte[] input, X509Certificate2 cert, string description, string url)
{
// Temporarily save the cert to disk with a random password, as osslsigncode needs to read it from disk.
var password = _passwordGenerator.Generate();
var inputFile = Path.GetTempFileName();
var certFile = Path.GetTempFileName();
try
{
var exportedCert = cert.Export(X509ContentType.Pfx, password);
File.WriteAllBytes(certFile, exportedCert);
File.WriteAllBytes(inputFile, input);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
return(await SignUsingSignToolAsync(inputFile, certFile, password, description, url));
}
else
{
return(await SignUsingOpenSsl(inputFile, certFile, password, description, url));
}
}
finally
{
File.Delete(certFile);
}
}
/// <summary>
/// Imports the specified keys from the temporary storage, and encrypts them.
/// Outputs details to the console.
/// </summary>
/// <param name="keys">Keys to import</param>
/// <param name="tempHomedir">Temporary GPG homedir</param>
private void ImportAndEncryptSecretGpgKeys(IEnumerable <Key> keys, string tempHomedir)
{
foreach (var key in keys)
{
foreach (var subkey in key.Subkeys)
{
if (!subkey.CanSign)
{
continue;
}
var inputFilename = subkey.Keygrip + ".key";
var outputFilename = subkey.Keygrip + ".gpg";
var keygripPath = Path.Join(
tempHomedir,
"private-keys-v1.d",
inputFilename
);
var code = _passwordGenerator.Generate();
_secretStorage.SaveSecret(outputFilename, File.ReadAllBytes(keygripPath), code);
File.Delete(keygripPath);
Console.WriteLine($"- {subkey.KeyId}");
Console.WriteLine($" Expires: {subkey.Expires}");
Console.WriteLine($" Key name: {outputFilename}");
Console.WriteLine($" Secret Code: {code}");
Console.WriteLine();
}
}
}
public override async Task ExecuteAsync(RegisterUserCommand command)
{
Logger.ExecuteUserRegistration(command.Email);
if (!IsValidEmail(command.Email))
{
throw new ValidationException("Email address is not valid.");
}
string newPassword = _passwordGenerator.Generate();
var newUser = new User
{
Email = command.Email.ToLowerInvariant(),
PasswordHash = _passwordStorage.Create(newPassword),
DisplayName = "Newby",
Roles = new List <string> {
Roles.User
},
Location = new Location
{
City = "Bern",
PostalCode = "3011",
Latitude = 46.944699,
Longitude = 7.443788
}
};
newUser = await UnitOfWork.InsertAsync(newUser);
Logger.ExecuteUserRegistrationSuccessful(newUser.Id, command.Email);
await _eventPublisher.PublishAsync(new UserRegisteredEvent(newUser, newPassword));
}
public async Task <IActionResult> Register([FromBody] UserRegistration user)
{
// Check if the incoming request is valid
if (ModelState.IsValid)
{
// check i the user with the same email exist
var existingUser = await userManager.FindByEmailAsync(user.Email);
if (existingUser != null)
{
logger.LogWarning("Registration. Same email.{Email}", user.Email);
return(BadRequest(new RegistrationResponse {
Errors = new List <string> {
"Email already exist"
}
}));
}
ApplicationUser newUser = new()
{
Email = user.Email,
UserName = user.Email
};
var generatedPwd = passwordGenerator.Generate(32, 4);
var isCreated = await userManager.CreateAsync(newUser, generatedPwd);
await userManager.AddToRoleAsync(newUser, AppUserRoles.User);
//send email to end user with pwd assigned
await emailSender.SendPasswordToNewlyCreatedUserAsync(newUser.Email, generatedPwd);
if (isCreated.Succeeded)
{
logger.LogInformation("Registration. New {user}", user);
return(Ok(new RegistrationResponse {
Result = true
}));
}
return(new JsonResult(new RegistrationResponse()
{
Result = false,
Errors = isCreated.Errors.Select(x => x.Description).ToList()
})
{
StatusCode = (int)HttpStatusCode.InternalServerError
});
}
logger.LogInformation("Registration. model is invalid");
return(BadRequest(new RegistrationResponse {
Errors = new List <string> {
"Invalid payload"
}
}));
}
private void GeneratePassword()
{
Password = _passwordGenerator.Generate(
PasswordLength,
UseLetters,
UseDigits,
UsePunctuation
);
}
private async Task <Application> GenerateSecretAsync(Application application)
{
var secret = _passwordGenerator.Generate(64);
application.ClientSecret = _passwordHasher.Hash(secret);
await _applicationRepository.SaveAsync();
application.ClientSecret = secret;
return(application);
}
private async Task GenerateAuthorizationCodeAsync()
{
_code = new AuthorizationCode
{
Code = _passwordGenerator.Generate(_settings.AuthorizationCodeLength),
ExpirationDate = DateTime.UtcNow.AddMinutes(_settings.AuthorizationCodeLifetimeMinutes),
ClientId = _request.ClientId,
UserId = _user.UserId,
RedirectUri = _request.RedirectUri,
Scope = _request.Scope
};
_authorizationCodeRepository.Add(_code);
await _authorizationCodeRepository.SaveAsync();
}
public async Task <Result> Handle(CreateNewUser request, CancellationToken cancellationToken)
{
try
{
var user = request.NewUserData;
var username = BuildUsername(user);
var password = _password.Generate(
useLowercase: true,
useUppercase: false,
useNumbers: true,
useSpecial: false,
passwordSize: 12);
// TODO: think how to make sure that username is unique
if (!await _repository.CreateNewUserAsync(
user.Name,
user.Surname,
user.Patronymic,
username,
password,
user.UserRole,
user.OrganizationId))
{
var random = new Random();
username += random.Next(100).ToString();
if (!await _repository.CreateNewUserAsync(
user.Name,
user.Surname,
user.Patronymic,
username,
password,
user.UserRole,
user.OrganizationId))
{
return(Result
.Fail(message: $"APPLICATION Can't create user with username: {username}. Try again"));
}
}
return(Result.Success((username, password)));
}
catch (Exception e)
{
return(Result.Fail(e));
}
}
public RefreshToken GenerateRefreshToken(int applicationId, string redirectUri, Guid userId, string scope = null)
{
var refreshToken = new RefreshToken
{
RefreshTokenId = _passwordGenerator.Generate(_settings.RefreshTokenLength),
ApplicationId = applicationId,
ExpirationDate = DateTime.UtcNow.AddDays(_settings.RefreshTokenLifetimeDays),
RedirectUri = redirectUri,
UserId = userId,
Scope = scope
};
_refreshTokenRepository.Add(refreshToken);
return(refreshToken);
}
public async Task RestoreAccess(RestoreAccessModel model)
{
var user = await usersService.GetByEmailAsync(model.Email);
if (user == null)
{
throw new ApplicationException("Пользователь не найден.");
}
var password = passwordGenerator.Generate(8);
var encryptedPassword = passwordEncrypter.Encrypt(password);
user.Password = encryptedPassword;
user.IsLocked = false;
user.CountOfInvalidAttempts = 0;
await dataContext.SaveChangesAsync();
await emailService.SendRestoreAccessMailAsync(UserMap.Map(user), password);
}
/// <summary>
/// Signs the provided resource with an Authenticode signature.
/// </summary>
/// <param name="input">Object to sign</param>
/// <param name="cert">Certificate to use for signing</param>
/// <param name="description">Description to sign the object with</param>
/// <param name="url">URL to include in the signature</param>
/// <returns>A signed copy of the file</returns>
public async Task <Stream> SignAsync(Stream input, X509Certificate2 cert, string description, string url, string fileExtention)
{
// Temporarily save the cert to disk with a random password, as osslsigncode needs to read it from disk.
var password = _passwordGenerator.Generate();
var inputFile = Path.GetTempFileName() + fileExtention;
var certFile = Path.GetTempFileName();
_filesToDelete.Add(inputFile);
try
{
var exportedCert = cert.Export(X509ContentType.Pfx, password);
File.WriteAllBytes(certFile, exportedCert);
await input.CopyToFileAsync(inputFile);
if (fileExtention == "nupkg")
{
return(await SignUsingNugetAsync(inputFile, certFile, password));
}
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
if (fileExtention.Contains("ps"))
{
return(await SignUsingPowerShellAsync(inputFile, certFile, password));
}
else
{
return(await SignUsingSignToolAsync(inputFile, certFile, password, description, url));
}
}
else
{
return(await SignUsingOpenSsl(inputFile, certFile, password, description, url));
}
}
finally
{
File.Delete(certFile);
}
}
/// <summary>
/// Adds a new key to the secret storage.
/// </summary>
/// <param name="inputPath"></param>
public void AddKey(string inputPath)
{
// Ensure output file does not exist
var fileName = Path.GetFileName(inputPath);
_secretStorage.ThrowIfSecretExists(fileName);
var password = ConsoleUtils.PasswordPrompt("Password");
var cert = new X509Certificate2(File.ReadAllBytes(inputPath), password, X509KeyStorageFlags.Exportable);
var code = _passwordGenerator.Generate();
_secretStorage.SaveSecret(fileName, cert, code);
Console.WriteLine();
Console.WriteLine($"Saved {fileName} ({cert.FriendlyName})");
Console.WriteLine($"Subject: {cert.SubjectName.Format(false)}");
Console.WriteLine($"Issuer: {cert.IssuerName.Format(false)}");
Console.WriteLine($"Valid from {cert.NotBefore} until {cert.NotAfter}");
Console.WriteLine();
Console.WriteLine($"Secret Code: {code}");
}
public static User Create(Email email, IUserIdGenerator userIdGenerator, IUserUniqueChecker userUniqueChecker, IPasswordGenerator passwordGenerator, IPasswordHasher passwordHasher, CancellationToken cancellationToken)
{
if (!email.IsValid)
{
throw new EmailNotValidException(email);
}
bool unique = userUniqueChecker.CheckAsync(email, cancellationToken).GetAwaiter().GetResult();
if (!unique)
{
throw new UserAlreadyExistException(email);
}
UserId userId = userIdGenerator.Generate();
Password password = passwordGenerator.Generate();
PasswordHash passwordHash = passwordHasher.Hash(password);
var user = new User(userId, email, passwordHash, DateTime.UtcNow);
var userCreatedEvent = new UserCreatedEvent(user, password);
user.AddDomainEvent(userCreatedEvent);
return(user);
}
public async Task <IServiceReponse <bool> > Register(UserDto registration, UserType userType = UserType.Employee)
{
return(await HandleApiOperationAsync(async() =>
{
if (await _userManager.UserExistsAsync(registration.Email))
{
throw await _helper.GetExceptionAsync(ErrorConstants.UserAccountExists);
}
if (!await _userManager.RolesExistAsync(registration.Roles ?? new List <string>()))
{
throw await _helper.GetExceptionAsync(ErrorConstants.RoleNotExist);
}
var user = registration.MapTo <User>();
user.UserType = userType;
user.IsActive = true;
var password = _passwordGenerator.Generate();
if (!await _userManager.CreateUserAsync(user, password, registration.Roles ?? new List <string>()))
{
throw await _helper.GetExceptionAsync(ErrorConstants.UserAccountRegistrationFailed);
}
await _messagingFactory.GetEmailManager().SendAsync(
"Business Mobility",
user.Email,
"Welcome to Business!",
$"<div> username: {user.Email } </div> <div> password: {password} </div>",
true
);
return new ServiceResponse <bool>(true);
}));
}
private void btnGenerate_Click(object sender, RoutedEventArgs e)
{
tbInput.Text = IPasswordGenerator.Generate(20);
tbInput.SelectAll();
tbInput.Focus();
}
private void Promt_Loaded(object sender, RoutedEventArgs e)
{
btnOK.Visibility = Visibility.Collapsed;
btnYes.Visibility = Visibility.Collapsed;
btnNo.Visibility = Visibility.Collapsed;
btnCancel.Visibility = Visibility.Collapsed;
tbInput.Visibility = Visibility.Collapsed;
btnGenerate.Visibility = Visibility.Collapsed;
Title = string.IsNullOrEmpty(title) ? "" : title;
tbContent.Text = string.IsNullOrEmpty(prompt) ? "" : prompt;
LocalizeButtons();
switch (button)
{
case MessageBoxButton.OK:
btnOK.Visibility = Visibility.Visible;
break;
case MessageBoxButton.OKCancel:
btnOK.Visibility = Visibility.Visible;
btnCancel.Visibility = Visibility.Visible;
break;
case MessageBoxButton.YesNo:
btnYes.Visibility = Visibility.Visible;
btnNo.Visibility = Visibility.Visible;
break;
case MessageBoxButton.YesNoCancel:
btnYes.Visibility = Visibility.Visible;
btnNo.Visibility = Visibility.Visible;
btnCancel.Visibility = Visibility.Visible;
break;
}
switch (icon)
{
case MessageBoxImage.Information:
imgIcon.Source = new BitmapImage(new Uri("img/information.png", UriKind.Relative));
break;
case MessageBoxImage.Error:
imgIcon.Source = new BitmapImage(new Uri("img/critical.png", UriKind.Relative));
break;
case MessageBoxImage.Exclamation:
imgIcon.Source = new BitmapImage(new Uri("img/exclamation.png", UriKind.Relative));
break;
case MessageBoxImage.Question:
imgIcon.Source = new BitmapImage(new Uri("img/question.png", UriKind.Relative));
break;
}
switch (type)
{
case MessageBoxType.MessageBox:
break;
case MessageBoxType.InputBox:
tbInput.Visibility = Visibility.Visible;
tbInput.Text = string.IsNullOrEmpty(defaultResponse) ? "" : defaultResponse;
tbInput.SelectAll();
tbInput.Focus();
break;
case MessageBoxType.PasswordBox:
tbInput.Visibility = Visibility.Visible;
btnGenerate.Visibility = Visibility.Visible;
tbInput.Text = string.IsNullOrEmpty(defaultResponse) ? IPasswordGenerator.Generate(20) : defaultResponse;
tbInput.SelectAll();
tbInput.Focus();
break;
}
}
public async Task ExecuteAsync(CancellationToken cancellationToken)
{
var users = new List <User>();
// This users are for the automated tests.
if (await _unitOfWork.CountAsync <User>(u => u.Email == TestCredentials.User1) < 1)
{
users.Add(new User
{
Id = Guid.NewGuid(),
Email = TestCredentials.User1,
Roles = new List <string> {
Roles.User
},
PasswordHash = _passwordStorage.Create(TestCredentials.User1Password)
});
}
if (await _unitOfWork.CountAsync <User>(u => u.Email == TestCredentials.User2) < 1)
{
users.Add(new User
{
Id = Guid.NewGuid(),
Email = TestCredentials.User2,
Roles = new List <string> {
Roles.User
},
PasswordHash = _passwordStorage.Create(TestCredentials.User2Password),
Location = new Location
{
City = "Bern",
PostalCode = "3011",
Latitude = 46.944699,
Longitude = 7.443788
}
});
}
if (await _unitOfWork.CountAsync <User>(u => u.Email == TestCredentials.User3) < 1)
{
users.Add(new User
{
Id = Guid.NewGuid(),
Email = TestCredentials.User3,
Roles = new List <string> {
Roles.User
},
PasswordHash = _passwordStorage.Create(TestCredentials.User3Password),
Location = new Location
{
City = "Bern",
PostalCode = "3011",
Latitude = 46.944699,
Longitude = 7.443788
}
});
}
if (await _unitOfWork.CountAsync <User>() <= SeedCount)
{
IList <string> zips = new[] { "3000", "3001", "3003", "3004", "3005", "3006", "3007", "3010", "3013", "3014", "3018", "3027", "3030" };
Faker <Location> locationFaker = new Faker <Location>()
.RuleFor(u => u.PostalCode, f => f.PickRandom(zips))
.RuleFor(u => u.City, "Bern")
.RuleFor(u => u.Latitude, f => f.Location().AreaCircle(46.944699, 7.443788, 10_000).Latitude)
.RuleFor(u => u.Longitude, f => f.Location().AreaCircle(46.944699, 7.443788, 10_000).Longitude);
// At least 10% should share the same location.
// The picked locations are uniform distributed, hence just generate 10% of the seed.
List <Location> locations = locationFaker.Generate(SeedCount / 100 * 10).ToList();
Faker <User> faker = new Faker <User>()
.RuleFor(u => u.Id, f => Guid.NewGuid())
.RuleFor(u => u.Email, f => f.Internet.Email().ToLowerInvariant())
.RuleFor(u => u.PasswordHash, _passwordStorage.Create(_passwordGenerator.Generate()))
.RuleFor(u => u.DisplayName, f => f.Name.FirstName())
.RuleFor(u => u.Roles, new List <string> {
Roles.User
})
.RuleFor(u => u.Location, f => f.PickRandom(locations));
List <User> fakeUsers = faker.Generate(SeedCount);
// Yes, this is expensive but we don't allow duplicated emails.
DeduplicateEmails(fakeUsers);
// Random generate friendships
var random = new Random();
foreach (User fakeUser in fakeUsers)
{
for (var i = 0; i < SeedCount / 100 * 10; i++)
{
int index = random.Next(fakeUsers.Count);
fakeUser.Friends.Add(fakeUsers[index].Id);
}
}
users.AddRange(fakeUsers);
}
if (users.Any())
{
try
{
await _unitOfWork.InsertManyAsync(users);
}
catch (DuplicateKeyException)
{
// The tests are executed in parallel.
// Just ignore.
}
}
}
private int Run(string[] args)
{
var app = new CommandLineApplication();
app.Name = "SecureSignTools";
app.HelpOption("-?|-h|--help");
app.OnExecute(() => app.ShowHelp());
app.Command("addkey", command =>
{
command.Description = "Add a new key";
var pathArg = command.Argument("path", "Path to the key file to add");
command.OnExecute(() =>
{
var inputPath = pathArg.Value;
if (string.IsNullOrWhiteSpace(inputPath))
{
Console.WriteLine("Please include the file name to add");
return(1);
}
// Ensure input file exists
if (!File.Exists(inputPath))
{
throw new Exception("File does not exist: " + inputPath);
}
// Ensure output file does not exist
var fileName = Path.GetFileName(inputPath);
var outputPath = _secretStorage.GetPathForSecret(fileName);
if (File.Exists(outputPath))
{
throw new Exception(outputPath + " already exists! I'm not going to overwrite it.");
}
var password = ConsoleUtils.PasswordPrompt("Password");
var cert = new X509Certificate2(File.ReadAllBytes(inputPath), password, X509KeyStorageFlags.Exportable);
var code = _passwordGenerator.Generate();
_secretStorage.SaveSecret(fileName, cert, code);
Console.WriteLine();
Console.WriteLine($"Saved {fileName} ({cert.FriendlyName})");
Console.WriteLine($"Subject: {cert.SubjectName.Format(false)}");
Console.WriteLine($"Issuer: {cert.IssuerName.Format(false)}");
Console.WriteLine($"Valid from {cert.NotBefore} until {cert.NotAfter}");
Console.WriteLine();
Console.WriteLine($"Secret Code: {code}");
Console.WriteLine();
Console.WriteLine("This secret code is required whenever you create an access token that uses this key.");
Console.WriteLine("Store this secret code in a SECURE PLACE! The code is not stored anywhere, ");
Console.WriteLine("so if you lose it, you will need to re-install the key.");
return(0);
});
});
app.Command("addtoken", command =>
{
command.Description = "Add a new access token";
command.OnExecute(() =>
{
var name = ConsoleUtils.Prompt("Key name");
var code = ConsoleUtils.Prompt("Secret code");
try
{
_secretStorage.LoadSecret(name, code);
}
catch (Exception ex)
{
Console.Error.WriteLine($"Could not load key: {ex.Message}");
Console.Error.WriteLine("Please check that the name and secret code are valid.");
return(1);
}
// If we got here, the key is valid
var comment = ConsoleUtils.Prompt("Comment (optional)");
Console.WriteLine();
Console.WriteLine("Signing settings:");
var desc = ConsoleUtils.Prompt("Description");
var url = ConsoleUtils.Prompt("Product/Application URL");
var accessToken = new AccessToken
{
Id = Guid.NewGuid().ToShortGuid(),
Code = code,
IssuedAt = DateTime.Now,
KeyName = name,
};
var accessTokenConfig = new AccessTokenConfig
{
Comment = comment,
IssuedAt = accessToken.IssuedAt,
Valid = true,
SignDescription = desc,
SignUrl = url,
};
// If this is the first time an access token is being added, we need to create the config file
if (!File.Exists(_pathConfig.AccessTokenConfig))
{
File.WriteAllText(_pathConfig.AccessTokenConfig, JsonConvert.SerializeObject(new
{
AccessTokens = new Dictionary <string, AccessToken>()
}));
}
// Save access token config to config file
dynamic configFile = JObject.Parse(File.ReadAllText(_pathConfig.AccessTokenConfig));
configFile.AccessTokens[accessToken.Id] = JToken.FromObject(accessTokenConfig);
File.WriteAllText(_pathConfig.AccessTokenConfig, JsonConvert.SerializeObject(configFile, Formatting.Indented));
var encodedAccessToken = _accessTokenSerializer.Serialize(accessToken);
Console.WriteLine();
Console.WriteLine("Created new access token:");
Console.WriteLine(encodedAccessToken);
return(0);
});
});
try
{
return(app.Execute(args));
}
catch (Exception ex)
{
Console.Error.WriteLine("ERROR: " + ex.Message);
#if DEBUG
throw;
#else
return(1);
#endif
}
}