Esempio n. 1
0
        public bool Validate(ref string username, string password)
        {
            if (username.IsTrimmedEmpty())
            {
                return(false);
            }

            username = username.TrimToEmpty();

            var user = Dependency.Resolve <IUserRetrieveService>().ByUsername(username) as UserDefinition;

            if (user != null)
            {
                username = user.Username;

                if (user.Source == "site")
                {
                    return(SiteMembershipProvider.ComputeSHA512(password + user.PasswordSalt).Equals(user.PasswordHash, StringComparison.OrdinalIgnoreCase));
                }

                throw new ArgumentOutOfRangeException("userSource");
            }

            return(false);
        }
        public Result <ServiceResponse> ResetPassword(ResetPasswordRequest request)
        {
            return(this.InTransaction("Default", uow =>
            {
                request.CheckNotNull();

                if (string.IsNullOrEmpty(request.Token))
                {
                    throw new ArgumentNullException("token");
                }

                int userId;
                using (var ms = new MemoryStream(MachineKey.Unprotect(
                                                     Convert.FromBase64String(request.Token), "ResetPassword")))
                    using (var br = new BinaryReader(ms))
                    {
                        var dt = DateTime.FromBinary(br.ReadInt64());
                        if (dt < DateTime.UtcNow)
                        {
                            throw new ValidationError(Texts.Validation.InvalidResetToken);
                        }

                        userId = br.ReadInt32();
                    }

                UserRow user;
                using (var connection = SqlConnections.NewFor <UserRow>())
                {
                    user = connection.TryById <UserRow>(userId);
                    if (user == null)
                    {
                        throw new ValidationError(Texts.Validation.InvalidResetToken);
                    }
                }

                if (request.ConfirmPassword != request.NewPassword)
                {
                    throw new ValidationError("PasswordConfirmMismatch", LocalText.Get("Validation.PasswordConfirm"));
                }

                request.NewPassword = UserRepository.ValidatePassword(user.Username, request.NewPassword, false);

                var salt = Membership.GeneratePassword(5, 1);
                var hash = SiteMembershipProvider.ComputeSHA512(request.NewPassword + salt);
                UserRepository.CheckPublicDemo(user.UserId);

                uow.Connection.UpdateById(new UserRow
                {
                    UserId = user.UserId.Value,
                    PasswordSalt = salt,
                    PasswordHash = hash
                });

                BatchGenerationUpdater.OnCommit(uow, UserRow.Fields.GenerationKey);

                return new ServiceResponse();
            }));
        }
        public Result <ServiceResponse> ChangePassword(ChangePasswordRequest request)
        {
            if (Authorization.Username.Equals("demo", StringComparison.OrdinalIgnoreCase))
            {
                throw new Exception("This feature is disabled for demo user");
            }

            return(this.InTransaction("SimpleFeedlyConn", uow =>
            {
                request.CheckNotNull();

                if (string.IsNullOrEmpty(request.OldPassword))
                {
                    throw new ArgumentNullException("oldPassword");
                }

                var username = Authorization.Username;

                if (!Dependency.Resolve <IAuthenticationService>().Validate(ref username, request.OldPassword))
                {
                    throw new ValidationError("CurrentPasswordMismatch", Texts.Validation.CurrentPasswordMismatch);
                }

                if (request.ConfirmPassword != request.NewPassword)
                {
                    throw new ValidationError("PasswordConfirmMismatch", LocalText.Get("Validation.PasswordConfirm"));
                }

                request.NewPassword = UserRepository.ValidatePassword(username, request.NewPassword, false);

                var salt = Membership.GeneratePassword(5, 1);
                var hash = SiteMembershipProvider.ComputeSHA512(request.NewPassword + salt);
                var userId = int.Parse(Authorization.UserId);

                UserRepository.CheckPublicDemo(userId);

                uow.Connection.UpdateById(new UserRow
                {
                    UserId = userId,
                    PasswordSalt = salt,
                    PasswordHash = hash
                });

                BatchGenerationUpdater.OnCommit(uow, UserRow.Fields.GenerationKey);

                return new ServiceResponse();
            }));
        }
Esempio n. 4
0
            protected override void SetInternalFields()
            {
                base.SetInternalFields();

                if (IsCreate)
                {
                    Row.Source   = "site";
                    Row.IsActive = Row.IsActive ?? 1;
                }

                if (IsCreate || !Row.Password.IsEmptyOrNull())
                {
                    Row.PasswordSalt = Membership.GeneratePassword(5, 1);
                    Row.PasswordHash = SiteMembershipProvider.ComputeSHA512(password + Row.PasswordSalt);
                }
            }
Esempio n. 5
0
 public static string CalculateHash(string password, string salt)
 {
     return(SiteMembershipProvider.ComputeSHA512(password + salt));
 }