public void TestSearchableHashedString()
{
// set the Salt. It will be used in this test.
Environment.SetEnvironmentVariable("MORPHIC_HASH_SALT_PRIMARY", "SALT1:361e665ef378ab06031806469b7879bd");
var saltAsB64 = "Nh5mXvN4qwYDGAZGm3h5vQ==";
Environment.SetEnvironmentVariable("MORPHIC_ENC_KEY_PRIMARY", "ENCKEY:CE2BED7EF7A3871AD87EE80116D360A9FA368B6A7790E9D0D4D314ED83B9AB5E");
var testString = "thequickbrownfoxjumpedoverthelazydog";
var searchHash = new SearchableHashedString(testString);
var hashDbString = searchHash.ToCombinedString();
Assert.NotNull(hashDbString);
Assert.Contains(saltAsB64, hashDbString);
var testString2 = testString + testString;
var searchHash2 = new SearchableHashedString(testString2);
var hashDbString2 = searchHash2.ToCombinedString();
Assert.NotNull(hashDbString2);
Assert.False(searchHash.Equals(testString2));
Assert.True(searchHash2.Equals(testString2));
Assert.Equal(searchHash2.ToCombinedString(),
SearchableHashedString.FromCombinedString(searchHash2.ToCombinedString()).ToCombinedString());
}
public UsernameCredential(string userId, string username, string password)
{
Id = Guid.NewGuid().ToString();
UserId = userId;
Username = new SearchableHashedString(username);
PasswordHash = new HashedData(password);
}
private const int DefaultExpiresSeconds = 30 * 24 * 60 * 60; // 2592000 seconds in 30 days
public OneTimeToken(string userId, int expiresInSeconds = DefaultExpiresSeconds)
{
Id = Guid.NewGuid().ToString();
token = NewToken();
Token = new SearchableHashedString(token);
UserId = userId;
ExpiresAt = DateTime.UtcNow + new TimeSpan(0, 0, expiresInSeconds);
}
public async Task Post()
{
var request = await Request.ReadJson <PasswordResetRequestRequest>();
if (request.GRecaptchaResponse == "")
{
throw new HttpError(HttpStatusCode.BadRequest, BadPasswordRequestResponse.MissingRequired(new List <string> {
"g_captcha_response"
}));
}
if (!await recaptcha.ReCaptchaPassed("requestpasswordreset", request.GRecaptchaResponse))
{
throw new HttpError(HttpStatusCode.BadRequest, BadPasswordRequestResponse.BadReCaptcha);
}
if (request.Email == "")
{
throw new HttpError(HttpStatusCode.BadRequest, BadPasswordRequestResponse.MissingRequired(new List <string> {
"email"
}));
}
if (!User.IsValidEmail(request.Email))
{
throw new HttpError(HttpStatusCode.BadRequest, BadPasswordRequestResponse.BadEmailAddress);
}
var db = Context.GetDatabase();
var user = await db.UserForEmail(request.Email, ActiveSession);
if (user != null)
{
var hash = user.Email.Hash !.ToCombinedString();
logger.LogInformation("Password reset requested for userId {userId} {EmailHash}",
user.Id, hash);
jobClient.Enqueue <PasswordResetEmail>(x => x.SendEmail(user.Id, Request.ClientIp()));
}
else
{
var hash = new SearchableHashedString(request.Email).ToCombinedString();
logger.LogInformation("Password reset requested but no email matching {EmailHash}", hash);
jobClient.Enqueue <UnknownEmailPasswordResetEmail>(x => x.SendEmail(
request.Email,
Request.ClientIp()));
}
}
public static async Task <OneTimeToken?> TokenForToken(this Database db, string email, Database.Session?session = null)
{
var hash = new SearchableHashedString(email).ToCombinedString();
return(await db.Get <OneTimeToken>(t => t.Token == hash, session));
}
public static async Task <User?> UserForEmail(this Database db, string email, Database.Session?session = null)
{
string hash = new SearchableHashedString(email).ToCombinedString();
return(await db.Get <User>(a => a.Email.Hash ! == hash, session));
}
