public string SignIn(string userid, string password) { userid = userid.SqlSanitize(); password = password.SqlSanitize(); if (CurrentUser != null) { return(""); } User u = new User(); if (!u.Load(userid)) { return(""); } if (u.KeyCode.Length > 0) { return(""); } if (u.LogIn(password)) { return(SecureToken.CreateToken(u.UserID)); } return(""); }
public Login SetPassword(string value, string sessionId) { if (!string.IsNullOrEmpty(value)) { if (!value.StartsWith("pw:")) { _password = value; } else { try { var data = Convert.FromBase64String(value.Substring(3)); using (var enc = new Encryption(sessionId)) using (var output = new MemoryStream(data)) using (var cryptStream = new CryptoStream(output, enc.CreateDecryptor(), CryptoStreamMode.Read)) { _password = new SecureToken(cryptStream); } } catch (FormatException) { _password = value; } } } return(this); }
public void EncodesAndDecodeSecureToken() { SecureToken fpt = SecureToken.Create(); string urlEncodedToken = fpt.UrlEncodedValue; byte[] decodedToken = SecureToken.Decode(urlEncodedToken); for (int i = 0; i < fpt.Value.Length; i++) { Assert.IsTrue(fpt.Value[i] == decodedToken[i]); } }
public override NetOutgoingMessage ToNetBuffer(ref NetOutgoingMessage netOutgoingMessage) { base.ToNetBuffer(ref netOutgoingMessage); // Get byte data var guid = SecureToken.ToString(); netOutgoingMessage.Write(guid); netOutgoingMessage.Write(RemoteEndpoint); netOutgoingMessage.Write(SessionID); return(netOutgoingMessage); }
public async Task <ActionResult <SecureToken> > PostUser(User user) { _logger.LogInformation("Reached Post User"); if (user.Username.Length > 50) { return(BadRequest()); } // prevents duplicate usernames. if (UsernameExists(user.Username)) { return(StatusCode(303)); } var pw = user.PasswordHash; // generate a 128-bit salt using a secure PRNG byte[] salt = new byte[128 / 8]; using (var rng = RandomNumberGenerator.Create()) { rng.GetBytes(salt); } user.Salt = salt; // derive a 256-bit subkey (use HMACSHA1 with 10,000 iterations) string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2( password: pw, salt: salt, prf: KeyDerivationPrf.HMACSHA1, iterationCount: 10000, numBytesRequested: 256 / 8)); user.PasswordHash = hashed; user.CreatedAt = DateTime.Now; SecureToken token = new SecureToken(user.Id); user.IdToken = token.IdToken; user.TokenExpiresIn = token.ExpiresIn; user.LastAuthed = token.LastAuthed; try { _context.Users.Add(user); await _context.SaveChangesAsync(); } catch (DbUpdateException) { ModelState.AddModelError("", "Unable to save changes. Try again and see if the problem persists"); return(StatusCode(StatusCodes.Status500InternalServerError)); } token.UserId = user.Id; return(CreatedAtAction("GetUser", "Users", new { id = user.Id }, token)); }
public async Task <ActionResult <SecureToken> > LoginUser(User user) { _logger.LogInformation("Reached Login Point"); var pw = user.PasswordHash; if (!UsernameExists(user.Username)) { return(StatusCode(303)); } var logging_in_user = await _context.Users.Where(e => e.Username == user.Username).FirstAsync(); var salt = logging_in_user.Salt; string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2( password: pw, salt: salt, prf: KeyDerivationPrf.HMACSHA1, iterationCount: 10000, numBytesRequested: 256 / 8)); if (hashed != logging_in_user.PasswordHash) { return(Unauthorized()); } // need to create a new id token and put it in the DB. Then return it. SecureToken token_new = new SecureToken(logging_in_user.Id); try { logging_in_user.LastAuthed = token_new.LastAuthed; logging_in_user.IdToken = token_new.IdToken; logging_in_user.TokenExpiresIn = token_new.ExpiresIn; await _context.SaveChangesAsync(); } catch (DbUpdateException) { ModelState.AddModelError("", "Could not update user when logging in"); return(StatusCode(StatusCodes.Status500InternalServerError)); } return(CreatedAtAction("GetUser", "Users", new { id = logging_in_user.Id }, token_new)); }
public async Task <ActionResult <SecureToken> > AutoLoginUser(SecureToken storedToken) { var token = await _context.Users.FindAsync(storedToken.UserId); if (token == null) { return(BadRequest()); } // incorrect GUID. if (token.IdToken != storedToken.IdToken) { return(Unauthorized()); } TimeSpan exp = new TimeSpan(0, token.TokenExpiresIn, 0); // expired. if (token.LastAuthed.Add(exp) < DateTime.Now) { return(BadRequest()); } return(NoContent()); }
public User FindByEmailVerificationToken(string urlEncodedToken) { byte[] token = SecureToken.Decode(urlEncodedToken); return(InternalFindByEmailVerificationToken(token)); }
public User FindByForgottenPasswordAssistanceToken(string urlEncodedToken) { byte[] token = SecureToken.Decode(urlEncodedToken); return(InternalFindByForgottenPasswordAssistanceToken(token)); }
public Login SetPassword(string value, string sessionId) { if (!string.IsNullOrEmpty(value)) { if (!value.StartsWith("pw:")) { _password = value; } else { try { var data = Convert.FromBase64String(value.Substring(3)); using (var enc = new Encryption(sessionId)) using (var output = new MemoryStream(data)) using (var cryptStream = new CryptoStream(output, enc.CreateDecryptor(), CryptoStreamMode.Read)) { _password = new SecureToken(cryptStream); } } catch (FormatException) { _password = value; } } } return this; }
public ExplicitCredentials(string database, string username, SecureToken password) { _database = database; _username = username; _password = password; }
public override void OnPacket(Packet packet) { if (packet.Intent != Intent.JoinGame) { return; } JoinGamePayload joinGame = packet.GetPayload <JoinGamePayload>(); // Check game exists if (!Connection.Server.Games.ContainsKey(joinGame.GameId)) { throw new CityAndSeekException("Game doesn't exist!"); } ServerGame game = Connection.Server.Games[joinGame.GameId]; // Check password (not case sensitive) if (!joinGame.GamePassword.Equals(game.Password, StringComparison.OrdinalIgnoreCase)) { throw new CityAndSeekException("Incorrect password!"); } // Check game state if (game.GameState != GameState.Setup) { string message = "Game cannot accept new players right now."; switch (game.GameState) { case GameState.Starting: case GameState.Running: case GameState.Paused: message = "Game is already running."; break; case GameState.Ended: message = "Game has already ended."; break; } throw new CityAndSeekException(message); } int newId = game.Players.Count; var player = new ServerPlayer { Id = newId, Name = joinGame.Username, Token = SecureToken.Generate(), Game = game, Connection = Connection }; // Associate player with this connection Connection.Player = player; // Add player to the game game.AddPlayer(player); // Send welcome var welcome = new WelcomePayload(game, player, player.Token); Connection.SendPacket(new Packet(Intent.Welcome, welcome, packet.Id)); }
public void LoginToken(string database, string username, SecureToken token) { _httpPassword = token.UseString<string>((ref string p) => new string(p.ToCharArray())); Login(new ExplicitCredentials(database, username, null), false); }