public IActionResult DoLogin([FromBody] CredentialCreateDto credentialCreateDto)
{
/* Checks if the received object is well formed */
if (!ModelState.IsValid)
{
return(BadRequest());
}
/* Calculate the SHA256(<password>+SALT) - OBSOLETE and INSECURE! */
//string STRING_CalculatedSHA256Password = CryptoHelper.ComputeSha256Hash(credentialCreateDto.Password.PadLeft(32, '*') + _configuration.GetSection("NCLVaultConfiguration").GetValue(typeof(string), "PASSWORD_SALT"));
var credential = _vaultDbContext.Credentials.Where(cred => cred.Username == credentialCreateDto.Username).FirstOrDefault();
/* Checks the credential */
if (credential != null &&
!PBKDF2Provider.IsValid(credentialCreateDto.Password.PadLeft(32, '*'), credential.Password))
//cred.Password == STRING_CalculatedSHA256Password))
{
return(Unauthorized());
}
// The login process is terminated correctly, generates the JWT token
// Generates the ClaimIndentity object
var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
// Adds to the JWT token the Username Claim that contains the username that has logged in */
identity.AddClaim(new Claim("username", credentialCreateDto.Username));
/* Saves the generated ClaimsPrincipal inside the HTTP Context */
HttpContext.User = new ClaimsPrincipal(identity);
return(Ok());
}
public ActionResult <InitResponse> DoSignup([FromBody] CredentialCreateDto credentialCreateDto)
{
/* Checks if the request body respects the Template Decorators of the CredentialCreateDto Objects */
if (!ModelState.IsValid)
{
return(BadRequest());
}
/* Checks if there's present a user with the same username */
if (_vaultDbContext.Credentials.Any(credential => credential.Username.Equals(credentialCreateDto.Username)))
{
return(Unauthorized()); //401
}
// Creates a Credential object
Credential credential = new Credential
{
// Sets the passed Username
Username = credentialCreateDto.Username,
// Sets the passed Password - Sha256(<passed_password>+salt) - OBSOLETE AND INSECURE!
//Password = CryptoHelper.ComputeSha256Hash(credentialCreateDto.Password.PadLeft(32, '*') + _configuration.GetSection("NCLVaultConfiguration").GetValue(typeof(string), "PASSWORD_SALT"))
Password = PBKDF2Provider.Generate(credentialCreateDto.Password.PadLeft(32, '*'))
};
// Adds the element to Credential table and save
_vaultDbContext.Credentials.Add(credential);
_vaultDbContext.SaveChanges();
// Returns the stored Credential
return(Ok(new InitResponse {
Username = credential.Username
}));
}
public void T2_001_HashAndVerify()
{
string STRING_HashedString = PBKDF2Provider.Generate("!//Lab2020");
Assert.IsTrue(PBKDF2Provider.IsValid("!//Lab2020", STRING_HashedString));
}
