/// <summary> /// Resetira lozinku tako da izgenerira slucajan znakovni niz uz ispravan /// odgovor. /// </summary> /// <param name="passwordAnswer">odgovor na pitanje</param> /// <param name="minPasswordLenght">minimalna duljina lozinke</param> /// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param> /// <returns></returns> public virtual string ResetPassword(string passwordAnswer, int minPasswordLenght, IPasswordCoder passwordCoder) { if (passwordFormat != passwordCoder.PasswordFormat) { throw new ArgumentException("PasswordCoder isn't suited for this password."); } if(IsLockedOut) { return null; } if(ComparePasswordAnswerTo(passwordAnswer, passwordCoder)) { return ResetPassword(minPasswordLenght, passwordCoder); } else { IncrementFailedPasswordAnswerAttemptCount(); return null; } }
/// <summary> /// Resetira lozinku tako da izgenerira slucajan znakovni niz /// </summary> /// <param name="minPasswordLenght">minimalna duljina lozinke</param> /// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param> /// <returns>nova izgenerirana lozinka, null ako resetiranje nije uspjelo</returns> public virtual string ResetPassword(int minPasswordLenght, IPasswordCoder passwordCoder) { if (passwordFormat != passwordCoder.PasswordFormat) { throw new ArgumentException("PasswordCoder isn't suited for this password."); } if(IsLockedOut) { return null; } var passwordLenght = minPasswordLenght <= SYSTEM_GENERATED_PASSWORD_LENGHT ? SYSTEM_GENERATED_PASSWORD_LENGHT : minPasswordLenght; var newPassword = generateRandomString(passwordLenght, NBR_OF_NON_ALPHANUMBERIC_CHARACTERS); password = Encode(newPassword, passwordCoder); return newPassword; }
/// <summary> /// Dohvaca lozinku u plain-textu ukoliko je to moguce (ako nije hashirana). /// Metoda baca ArgumentException iznimku ukoliko koder ne odgovara formatu lozinke, te /// baca NotSupportedException ukoliko je lozinka hashirana. /// </summary> /// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka moze dekodirati</param> /// <returns>loznka u plain-textu ukoliko korisnik nije zakljucan, inace null</returns> public virtual string GetPassword(IPasswordCoder passwordCoder) { if(passwordFormat != passwordCoder.PasswordFormat) { throw new ArgumentException("PasswordCoder isn'd suited for this password."); } if(passwordFormat == MembershipPasswordFormat.Hashed) { throw new NotSupportedException("For hashed password retreival isn't supported."); } return !IsLockedOut ? Encoding.Default.GetString(passwordCoder.Decode(Convert.FromBase64String(password))) : null; }
/// <summary> /// Dohvaca lozinku u plain-textu ukoliko je to moguce i ukoliko je predan /// ispravan odgovor. /// Metoda baca ArgumentException iznimku ukoliko koder ne odgovara formatu lozinke, te /// baca NotSupportedExcepton ukoliko je lozinka hashirana. /// </summary> /// <param name="otherPasswordAnswer">odgovor za dohvacanje lozinke</param> /// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka moze dekodirati</param> /// <returns>loznka u plain-textu ukoliko je dohvacanje uspjesno, inace null</returns> public virtual string GetPassword(string otherPasswordAnswer, IPasswordCoder passwordCoder) { if (passwordFormat != passwordCoder.PasswordFormat) { throw new ArgumentException("PasswordCoder isn't suited for this password."); } if (passwordFormat == MembershipPasswordFormat.Hashed) { throw new NotSupportedException("For hashed password retreival isn't supported."); } if(!IsLockedOut) { if (ComparePasswordAnswerTo(otherPasswordAnswer, passwordCoder)) { return GetPassword(passwordCoder); } else { IncrementFailedPasswordAnswerAttemptCount(); } } return null; }
/// <summary> /// Usporeduje zadanu lozinku sa trenutnom lozinkom instance /// </summary> /// <param name="otherPassword">lozinka koja se usporeduje s trenutnom lozinkom instance</param> /// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka moze dekodirati</param> /// <returns>true ukoliko su lozinke jednake, inace false</returns> public virtual bool ComparePasswordTo(string otherPassword, IPasswordCoder passwordCoder) { if (passwordFormat != passwordCoder.PasswordFormat) { throw new ArgumentException("PasswordCoder isn't suited for this password."); } var encodedPassword = Encode(otherPassword, passwordCoder); return encodedPassword == password; }
/// <summary> /// Kodira lozinku ili odgovor odgovarajucim koderom /// </summary> /// <param name="stringForEncoding">string koja se kodira</param> /// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param> /// <returns>kodiran string</returns> public virtual string Encode(string stringForEncoding, IPasswordCoder passwordCoder) { if (passwordCoder.PasswordFormat == MembershipPasswordFormat.Hashed) { if(string.IsNullOrEmpty(passwordSalt)) { throw new ApplicationException("Password salt can't be null or empty."); } var passwordData = calculatePasswordWithSalt(stringForEncoding, passwordSalt); return Convert.ToBase64String(passwordCoder.Encode(passwordData)); } else { return Convert.ToBase64String(passwordCoder.Encode(Encoding.Default.GetBytes(stringForEncoding))); } }
/// <summary> /// Mijenja pitanje i odgovor za dohvacanje ili resetiranje lozinke. /// </summary> /// <param name="password">trenutna lozinka</param> /// <param name="newPasswordQuestion">novo pitanje za dohvacanje ili resetiranje lozinke</param> /// <param name="newPasswordAnswer">novi odgovor na pitanje za dohvacanje ili resetiranje lozinke </param> /// <returns>true ukoliko je promjena uspjela, false inace</returns> public virtual bool ChangePasswordQuestionAndAnswer(string password, string newPasswordQuestion, string newPasswordAnswer, IPasswordCoder passwordCoder) { if (passwordFormat != passwordCoder.PasswordFormat) { throw new ArgumentException("PasswordCoder isn't suited for this password."); } if (IsLockedOut) { return false; } if (ComparePasswordTo(password, passwordCoder)) { passwordQuestion = newPasswordQuestion; var encodedNewPasswordAnswer = Encode(newPasswordAnswer, passwordCoder); passwordAnswer = encodedNewPasswordAnswer; return true; } else { IncrementFailedPasswordAttemptCount(); return false; } }
/// <summary> /// Usporeduje zadani odgovor sa trenutnim odgovorom instance /// </summary> /// <param name="otherPasswordAnswer">odgovor koji se usporeduje s trenutnim odgovorom instance</param> /// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka moze dekodirati</param> /// <returns>true ukoliko su lozinke jednake, inace false</returns> public virtual bool ComparePasswordAnswerTo(string otherPasswordAnswer, IPasswordCoder passwordCoder) { if(string.IsNullOrEmpty(passwordQuestion)) { throw new InvalidOperationException("Password question and answer aren't set/defined."); } if (passwordFormat != passwordCoder.PasswordFormat) { throw new ArgumentException("PasswordCoder isn't suited for this password."); } var encodedPasswordAnswer = Encode(otherPasswordAnswer, passwordCoder); return encodedPasswordAnswer == passwordAnswer; }
/// <summary> /// Postavlja novu lozinku. /// </summary> /// <param name="oldPassword">stara lozinka</param> /// <param name="newPassword">nova lozinka</param> /// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param> /// <returns>true ukoliko je promjena uspjela, false inace</returns> public virtual bool ChangePassword(string oldPassword, string newPassword, IPasswordCoder passwordCoder) { if (passwordFormat != passwordCoder.PasswordFormat) { throw new ArgumentException("PasswordCoder isn't suited for this password."); } if (IsLockedOut) { return false; } if (ComparePasswordTo(oldPassword, passwordCoder)) { password = Encode(newPassword, passwordCoder); LastPasswordChangedDate = DateTime.Now; return true; } else { IncrementFailedPasswordAttemptCount(); return false; } }
/// <summary> /// Konstruktor /// </summary> /// <param name="username">korisnicko ime</param> /// <param name="password">lozinka</param> /// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param> public User(string username, string password, IPasswordCoder passwordCoder) { this.userName = username; roles = new HashedSet<Role>(); passwordFormat = passwordCoder.PasswordFormat; if(passwordFormat == MembershipPasswordFormat.Hashed) { passwordSalt = generatePasswordSalt(); } this.password = Encode(password, passwordCoder); CreationDate = DateTime.Now.ToUniversalTime(); }
public void SetUp() { Mock<IPasswordCoder> passwordCoderMock = new Mock<IPasswordCoder>(); passwordCoderMock.Setup(pc => pc.PasswordFormat).Returns(MembershipPasswordFormat.Clear); var passwordData = Encoding.Default.GetBytes(password); passwordCoderMock.Setup(pc => pc.Encode(passwordData)) .Returns(passwordData); passwordCoderMock.Setup(pc => pc.Decode(passwordData)) .Returns(passwordData); var fakePasswordData = Encoding.Default.GetBytes(password); passwordCoderMock.Setup(pc => pc.Encode(fakePasswordData)) .Returns(fakePasswordData); passwordCoder = passwordCoderMock.Object; }
/// <summary> /// Incijalizira i postavlja koder lozinke /// </summary> private void setPasswordCoder() { switch(passwordFormat) { case MembershipPasswordFormat.Clear: passwordCoder = new ClearPassCoder(); break; case MembershipPasswordFormat.Encrypted: passwordCoder = new EncryptionPassCoder(EncryptPassword, DecryptPassword); break; case MembershipPasswordFormat.Hashed: // inace bolje je koristiti Membership.HashAlgorithmType, ali zbog toga sto se ova metoda // poziva u Initialize metodi, informacije iz Membership statickih metoda nisu dosupne (aplikacija puca) //Configuration cfg = WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath); //MembershipSection membershipSection = (MembershipSection) cfg.GetSection("system.web/membership"); //passwordCoder = new HashPassCoder(HashAlgorithmFactory.Create(membershipSection.HashAlgorithmType)); passwordCoder = new HashPassCoder(HashAlgorithmFactory.Create(Membership.HashAlgorithmType)); break; default: throw new ProviderException("Unsupported password format."); } }
/// <summary> /// Konstruktor /// </summary> /// <param name="username">korisnicko ime</param> /// <param name="password">lozinka</param> /// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param> public HousingMgmtUser(string username, string password, IPasswordCoder passwordCoder) : base(username, password, passwordCoder) { }