public PasswordVerifier Build() { _passwordVerifier = new PasswordVerifier(_password); _passwordVerifier.Ensure_lowercase = false; _passwordVerifier.Ensure_Number = false; return(_passwordVerifier); }
public void ResetPasswordTest() { UserAccountRecoveryController usersController = CreateFakeUserAccountRecoveryController(); //Set up recovery token on user TokenCreatorValidator tokenCreatorValidator = new TokenCreatorValidator(_testApiSecret); TokenCreationParams tokenCreationParams = tokenCreatorValidator.CreateToken(_users[0].Id, 30); _users[0].RecoverySalt = tokenCreationParams.SaltBytes; _usersService.Update(_users[0]); //Call endpoint with wrong token var response = usersController.ResetPassword(new PasswordResetModel( _users[0].Email, "wrong-token", "new-password-u1") ); Assert.IsType <BadRequestObjectResult>(response); Assert.True(PasswordVerifier.VerifyPasswordHash("password-u1", _users[0].PasswordHash, _users[0].PasswordSalt)); //Call endpoint and check Ok and user modifications response = usersController.ResetPassword(new PasswordResetModel( _users[0].Email, tokenCreationParams.TokenStr, "new-password-u1") ); Assert.IsType <OkResult>(response); Assert.True(PasswordVerifier.VerifyPasswordHash("new-password-u1", _users[0].PasswordHash, _users[0].PasswordSalt)); Assert.Null(_users[0].RecoverySalt); }
public User Create(User user, string password) { // validation if (string.IsNullOrWhiteSpace(password)) { throw new RequestException(UserExceptionCodes.BadPassword); } if (_context.Users.Any(x => x.Email == user.Email)) { throw new RequestException(UserExceptionCodes.EmailAlreadyExists); } byte[] passwordHash, passwordSalt; PasswordVerifier.CreatePasswordHash(password, out passwordHash, out passwordSalt); user.PasswordHash = passwordHash; user.PasswordSalt = passwordSalt; user.Location = null; _context.Users.Add(user); _context.SaveChanges(); return(user); }
public void Verify_PasswordHasNoNumber_ShouldThrow() { var sut = new PasswordVerifier(); var exception = Assert.Throws <ArgumentException>(() => sut.Verify("ABcDEFGHIJ")); Assert.That(exception.Message, Does.StartWith("Should contain at least one number")); }
public void Verify_PasswordHasNoLowerCase_ShouldThrow() { var sut = new PasswordVerifier(); var exception = Assert.Throws <ArgumentException>(() => sut.Verify("ABCDEFGHIJ")); Assert.That(exception.Message, Does.StartWith("Should contain lowercase")); }
public void ThrowExceptionIfPasswordConditionsAreNotSatisfied(string password) { var verifier = new PasswordVerifier(); Action result = () => verifier.Verify(Password.From(password)); result.Should().Throw <ArgumentException>(); }
public void ThrowExceptionIfPasswordDoesntHaveLowerCase(string password) { var verifier = new PasswordVerifier(); Action result = () => verifier.Verify(Password.From(password)); result.Should().Throw <ArgumentException>().WithMessage("Password must have at least one lower case letter."); }
public void ThrowExceptionIfPasswordIsNullOrEmptyString(string password) { var verifier = new PasswordVerifier(); Action result = () => verifier.Verify(Password.From(password)); result.Should().Throw <ArgumentException>().WithMessage("Password must be provided."); }
public void Verify_ThreeOk_ShouldReturnTrue() { var sut = new PasswordVerifier(); var result = sut.Verify("Abcdefgh1"); Assert.IsTrue(result); }
public void Verify_PasswordIsNull_ShouldThrow() { var sut = new PasswordVerifier(); var exception = Assert.Throws <ArgumentException>(() => sut.Verify(null)); Assert.That(exception.Message, Does.StartWith("Value cannot be null.")); }
public void GivenMinMaxConstraintsStringMatches(int min, int max, char c, string testString, bool expected) { var passwordVerifier = new PasswordVerifier(); var answer = passwordVerifier.IsMinMaxValidPassword(min, max, c, testString); Assert.Equal(expected, answer); }
public void Verify_PasswordNotEightLong_ShouldThrow() { var sut = new PasswordVerifier(); var exception = Assert.Throws <ArgumentException>(() => sut.Verify("abc")); Assert.That(exception.Message, Does.StartWith("Not long enough")); }
public void TestBadMultiple(string password) { PasswordVerifier p = new PasswordVerifier(); string actual = p.Verify(password); string expected = "INVALID password"; Assert.Equal(expected, actual); }
public void Verify_PasswordHasNoCapital_ShouldThrow() { var sut = new PasswordVerifier(); var exception = Assert.Throws <ArgumentException>(() => sut.Verify("abcdefghij")); Assert.That(exception.Message, Does.StartWith("Should contain uppercase")); }
public static void SuccessfullyVerifyPasswordGeneratedForTheSpecifiedIterationNumber(string password, ulong iterationNumber) { var authenticator = new Authenticator(); var verifier = new PasswordVerifier(authenticator); var(isVerified, synchronizationValue) = verifier.VerifyCounterBasedPassword(password, Secret, iterationNumber); Assert.True(isVerified && synchronizationValue == iterationNumber); }
public void TestWeakOK() { PasswordVerifier p = new PasswordVerifier(); string actual = p.Verify("coregame"); string expected = "VALID password"; Assert.Equal(expected, actual); }
public void TestWeakBAD2() { PasswordVerifier p = new PasswordVerifier(); string actual = p.Verify("c"); string expected = "INVALID password"; Assert.Equal(expected, actual); }
private void createUserButton_Click(object sender, EventArgs e) { string createdUsername = username.Text; string createdPassword = password.Text; // Check if the username already exists try { var matchingUserTable = dataManager .Execute($"SELECT * FROM LoginInfo WHERE username = '******'"); if (matchingUserTable.Rows.Count != 0) { MessageBox.Show("That username already exists."); return; } } catch (InvalidOperationException exception) { Console.WriteLine(exception.Message); MessageBox.Show("Something went wrong."); return; } // Validate username and password if (createdUsername == "" || createdPassword == "") { // Not enough data; exit MessageBox.Show("One of the fields is empty."); return; } else if (!PasswordVerifier.IsValidPassword(createdPassword)) { // Invalid password; exit MessageBox.Show("Password must be at least 8 characters and contain at least one number."); return; } // Hash the password for storage String hashedPassword = BCrypt.HashPassword(createdPassword, BCrypt.GenerateSalt()); // Add user to database try { String query = "INSERT INTO LoginInfo (username, password) " + "VALUES ('" + createdUsername + "', '" + hashedPassword + "')"; dataManager.Execute(query); MessageBox.Show("Login credentials added:\n" + createdUsername + "\n" + hashedPassword); username.Text = ""; password.Text = ""; } catch (InvalidOperationException exception) { Console.WriteLine(exception.Message); MessageBox.Show("Fatal Error: Something went wrong. Try again"); } }
public void GivenPositionalConstraintsStringMatches(int posA, int posB, char c, string testString, bool expected) { var passwordVerifier = new PasswordVerifier(); var answer = passwordVerifier.IsPositionalValidPassword(posA, posB, c, testString); Assert.Equal(expected, answer); }
public void Verify_PassNonNullArg_ReturnResultOfVerification() { PasswordVerifier verifier = new PasswordVerifier(); string arg = Convert.ToString(TestContext.DataRow["arg"]); bool expectedResult = Convert.ToBoolean(TestContext.DataRow["result"]); bool actualResult = verifier.Verify(arg); Assert.AreEqual(expectedResult, actualResult, "expected and actual results are not equal.\n arg = " + arg + "\nexpected = " + expectedResult + "\nactual = " + actualResult); }
protected void CreateUserButton_Clicked(object sender, EventArgs e) { string userName = UserNameTextBox.Text; string password = PasswordTextBox.Text; string emailAddress = EmailAddressTextBox.Text; if (userName == "" || password == "" || emailAddress == "") { return; } //Check if user exists if (CuplexLib.User.UserNameExists(userName)) { ShowModalMessage(Utils.GetResourceText("RegisterUserUsernameTaken")); return; } else if (!Utils.ValidateEmail(emailAddress)) { ShowModalMessage(Utils.GetResourceText("RegisterUserIncorrectEmailAddress")); return; } else if (password != PasswordConfirmTextBox.Text) { ShowModalMessage(Utils.GetResourceText("RegisterUserPasswordMissmatch")); return; } //Verify password strength PasswordVerifier passwordVerifier = new PasswordVerifier(); PasswordVerifier.PasswordVerifierResult passwordVerificationResult = passwordVerifier.VerifyPassword(password); if (passwordVerificationResult != PasswordVerifier.PasswordVerifierResult.PasswordIsOk) { string errorMessage = "<b>" + Utils.GetResourceText(Enum.GetName(typeof(PasswordVerifier.PasswordVerifierResult), passwordVerificationResult)) + "</b>"; errorMessage += "<BR/>" + string.Format(Utils.GetResourceText("PasswordRules"), passwordVerifier.MinimumPasswordLength, passwordVerifier.MinimumPasswordCapitalLetters, passwordVerifier.MinimumPasswordDigits); ShowModalMessage(errorMessage); return; } //Verify UserName if (!UserNameVerifier.VerifyUserName(userName)) { ShowModalMessage(Utils.GetResourceText("IncorrectUserName")); return; } CuplexLib.User createdUser = CuplexLib.User.CreateUser(userName, password, emailAddress); if (createdUser != null) { AccessControl.CreateUserSession(createdUser.UserName); Response.Redirect(cms.Current.GetRootPath); } }
public static void SuccessfullyVerifyPasswordGeneratedWithinTheConfiguredSynchronizationWindow(string password, ulong iterationNumber) { var counterValue = 0uL; // 0 is not one of the input values for iterationNumber var authenticator = new Authenticator(); var verifier = new PasswordVerifier(authenticator, options => options.SynchronizationWindowSize = 13); var(isVerified, synchronizationValue) = verifier.VerifyCounterBasedPassword(password, Secret, counterValue); Assert.True(isVerified && synchronizationValue == iterationNumber); }
// User wants to verify password against stored hash. private void PasswordVerify_Click(object sender, EventArgs e) { if (PasswordVerifier.PasswordVerify(this.txtPassword.Text, this.txtFullHash.Text)) { this.lblVerify.Text = "Verified successfully"; } else { this.lblVerify.Text = "Verification failed!"; } }
[InlineData("520489")] // 9 public static void FailToVerifyPasswordGeneratedOutsideTheConfiguredSynchronizationWindow(string password) { var counterValue = 0uL; var authenticator = new Authenticator(); var verifier = new PasswordVerifier(authenticator, options => options.SynchronizationWindowSize = 7); var(isVerified, synchronizationValue) = verifier.VerifyCounterBasedPassword(password, Secret, counterValue); Assert.False(isVerified); }
public static void FailToVerifyPasswordGeneratedForAnIterationBeforeTheCounterValue() { var password = "******"; // iterationNumber = 7 var counterValue = 9uL; var authenticator = new Authenticator(); var verifier = new PasswordVerifier(authenticator); var(isVerified, synchronizationValue) = verifier.VerifyCounterBasedPassword(password, Secret, counterValue); Assert.False(isVerified); }
public static void SuccessfullyVerifyPasswordGeneratedWithinTheServerTimeStepOrTheDefaultBackwardAndForwardTimeSteps(string password, int drift) { var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); var now = unixEpoch.AddSeconds(1234567890); var authenticator = new Authenticator(); var verifier = new PasswordVerifier(authenticator); var(isVerified, timeStepDrift) = verifier.VerifyTimeBasedPassword(password, Secret, () => now); Assert.True(isVerified && timeStepDrift == drift); }
[InlineData("992085")] // +3 public static void FailToVerifyPasswordGeneratedOutsideTheServerTimeStepAndTheDefaultBackwardAndForwardTimeSteps(string password) { var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); var now = unixEpoch.AddSeconds(1234567890); var authenticator = new Authenticator(); var verifier = new PasswordVerifier(authenticator); var(isVerified, timeStepDrift) = verifier.VerifyTimeBasedPassword(password, Secret, () => now); Assert.False(isVerified); }
public async Task <UserViewModel> GetVerifiedUserAsync(LoginViewModel model, CancellationToken ct) { var user = await _userRepository.GetByEmailAsync(model.Email, ct : ct); if (user is null) { return(null); } return(PasswordVerifier.VerifyPassword(model.Password, new PasswordSecret(user)) ? user.Adapt <UserViewModel>() : null); }
public void CreateAndVerifyPasswordHashTest() { string password; byte[] passwordHash, passwordSalt; for (int i = 0; i < 100; i++) { password = RandomString(Random.Next(1, 33)); PasswordVerifier.CreatePasswordHash(password, out passwordHash, out passwordSalt); Assert.True(PasswordVerifier.VerifyPasswordHash(password, passwordHash, passwordSalt)); } }
public static void PropertiesAreSetToTheirDefaultValueIfOptionsParameterIsNotSet() { const uint defaultSynchronizationWindowSize = 10; const uint defaultNumberOfBackwardTimeSteps = 2; const uint defaultNumberOfForwardTimeSteps = 2; var authenticator = new Authenticator(); var verifier = new PasswordVerifier(authenticator); Assert.Equal(defaultSynchronizationWindowSize, verifier.SynchronizationWindowSize); Assert.Equal(defaultNumberOfBackwardTimeSteps, verifier.NumberOfPastTimeSteps); Assert.Equal(defaultNumberOfForwardTimeSteps, verifier.NumberOfFutureTimeSteps); }