public HashedStringFieldEditPermission(ContentPart part, HashedStringField field)
{
Name = "HashedStringFieldEditPermission_" + part.PartDefinition.Name + "." + field.Name;
Part = part;
Field = field;
ImpliedBy = new Permission[] {
HashedStringFieldPermissions.ManageAllHashedStringFields
};
}
public void HashValue(HashedStringField field, string value)
{
if (value != null)
{
var saltBytes = new byte[0x10];
using (var random = new RNGCryptoServiceProvider()) {
random.GetBytes(saltBytes);
}
field.Salt = Convert.ToBase64String(saltBytes);
field.HashAlgorithm = DefaultHashAlgorithm;
field.Value = HashString(value, field.Salt, field.HashAlgorithm);
}
else
{
field.Value = null;
}
}
public bool IsValueEqual(HashedStringField field, string value)
{
// Preliminary checks.
if (string.IsNullOrWhiteSpace(field.Salt))
{
return(false);
}
if (string.IsNullOrWhiteSpace(field.HashAlgorithm))
{
return(false);
}
bool isValid;
var saltBytes = Convert.FromBase64String(field.Salt);
if (field.HashAlgorithm == PBKDF2)
{
// We can't reuse ComputeHashBase64 as the internally generated salt repeated calls to Crypto.HashPassword() return different results.
isValid = Crypto.VerifyHashedPassword(field.Value, Encoding.Unicode.GetString(CombineSaltAndPassword(saltBytes, value)));
}
else
{
isValid = SecureStringEquality(field.Value, ComputeHashBase64(field.HashAlgorithm, saltBytes, value));
}
// Migrating older hashes to Default algorithm if necessary and enabled.
if (isValid && field.HashAlgorithm != DefaultHashAlgorithm)
{
var keepOldConfiguration = _appConfigurationAccessor.GetConfiguration("Orchard.Users.KeepOldPasswordHash");
if (String.IsNullOrEmpty(keepOldConfiguration) || keepOldConfiguration.Equals("false", StringComparison.OrdinalIgnoreCase))
{
field.HashAlgorithm = DefaultHashAlgorithm;
field.Value = ComputeHashBase64(field.HashAlgorithm, saltBytes, value);
}
}
return(isValid);
}
public Permission GetAllPermission(ContentPart part, HashedStringField field)
{
return(GetAllHashedPermission(part.PartDefinition.Name, field.Name));
}
