public void EachTestSetUp() { _passwordHashingService = Substitute.For<IPasswordHashingService>(); _passwordHashingService.ComputeHash("somestring", new byte[4]).ReturnsForAnyArgs("hashedPassword"); _userRepository = Substitute.For<ILinqRepository<User>>(); _authService = new AuthenticationService(_userRepository, _passwordHashingService); }
public void TestUpdateValidSecurityUser() { IPasswordHashingService hashingService = ApplicationServiceContext.Current.GetService <IPasswordHashingService>(); SecurityUser userUnderTest = new SecurityUser() { Email = "*****@*****.**", EmailConfirmed = false, Password = hashingService.ComputeHash("password"), SecurityHash = "cert", UserName = "******", UserClass = UserClassKeys.HumanUser }; // Store user IIdentityProviderService identityService = ApplicationServiceContext.Current.GetService <IIdentityProviderService>(); var authContext = AuthenticationContext.SystemPrincipal; Assert.IsNotNull(authContext); var userAfterUpdate = base.DoTestUpdate(userUnderTest, "PhoneNumber", authContext); // Update Assert.IsNotNull(userAfterUpdate.UpdatedTime); Assert.IsNotNull(userAfterUpdate.PhoneNumber); Assert.AreEqual(authContext.Identity.Name, userAfterUpdate.LoadProperty <SecurityProvenance>("UpdatedBy").LoadProperty <SecurityUser>("User").UserName); }
public void TestDelayLoadUserProperties() { IPasswordHashingService hashingService = ApplicationServiceContext.Current.GetService <IPasswordHashingService>(); String securityHash = Guid.NewGuid().ToString(); SecurityUser userUnderTest = new SecurityUser() { Email = "*****@*****.**", EmailConfirmed = false, Password = hashingService.ComputeHash("password"), SecurityHash = securityHash, UserName = "******", UserClass = UserClassKeys.HumanUser }; var userAfterInsert = base.DoTestInsert(userUnderTest, null); var roleProvider = ApplicationServiceContext.Current.GetService <IRoleProviderService>(); var identityProvider = ApplicationServiceContext.Current.GetService <IIdentityProviderService>(); // Allow login roleProvider.AddUsersToRoles(new string[] { "delayLoadTest" }, new string[] { "USERS" }, AuthenticationContext.Current.Principal); var auth = identityProvider.Authenticate("delayLoadTest", "password"); roleProvider.CreateRole("TestDelayLoadUserPropertiesGroup", auth); roleProvider.AddUsersToRoles(new String[] { "delayLoadTest" }, new String[] { "TestDelayLoadUserPropertiesGroup" }, AuthenticationContext.Current.Principal); // Now trigger a delay load var userForTest = base.DoTestQuery(u => u.UserName == "delayLoadTest", userAfterInsert.Key, auth).First(); Assert.AreEqual(2, userForTest.Roles.Count); Assert.IsTrue(userForTest.Roles.Exists(o => o.Name == "TestDelayLoadUserPropertiesGroup")); }
/// <summary> /// Create the identity /// </summary> public IIdentity CreateIdentity(Guid sid, string name, string deviceSecret, IPrincipal principal) { try { ApplicationServiceContext.Current.GetService <IPolicyEnforcementService>().Demand(PermissionPolicyIdentifiers.AccessClientAdministrativeFunction, principal); ApplicationServiceContext.Current.GetService <IPolicyEnforcementService>().Demand(PermissionPolicyIdentifiers.CreateLocalIdentity, principal); var conn = this.CreateConnection(); IPasswordHashingService hash = ApplicationContext.Current.GetService <IPasswordHashingService>(); using (conn.Lock()) { DbSecurityDevice dbu = new DbSecurityDevice() { DeviceSecret = hash.ComputeHash(deviceSecret), PublicId = name, Key = sid, CreationTime = DateTime.Now, CreatedByUuid = conn.Table <DbSecurityUser>().FirstOrDefault(o => o.UserName == AuthenticationContext.Current?.Principal?.Identity?.Name)?.Uuid ?? Guid.Parse("fadca076-3690-4a6e-af9e-f1cd68e8c7e8").ToByteArray() }; conn.Insert(dbu); } return(new SQLiteDeviceIdentity(name, false)); } catch { throw; } }
public UsersService(NoteTakerContext context, ILogger <UsersService> logger, IPasswordHashingService passwordHashingService, ITokenService tokenService) { this.context = context; this.logger = logger; this.passwordHashingService = passwordHashingService; this.tokenService = tokenService; }
/// <summary> /// Authenticate the application identity to an application principal /// </summary> public IPrincipal Authenticate(string applicationId, string applicationSecret) { // Data context using (DataContext dataContext = this.m_configuration.Provider.GetWriteConnection()) { try { dataContext.Open(); IPasswordHashingService hashService = ApplicationServiceContext.Current.GetService <IPasswordHashingService>(); var client = dataContext.FirstOrDefault <DbSecurityApplication>("auth_app", applicationId, hashService.ComputeHash(applicationSecret), 5); if (client == null) { throw new SecurityException("Invalid application credentials"); } else if (client.Key == Guid.Empty) { throw new AuthenticationException(client.PublicId); } IPrincipal applicationPrincipal = new ApplicationPrincipal(new SanteDB.Core.Security.ApplicationIdentity(client.Key, client.PublicId, true)); new PolicyPermission(System.Security.Permissions.PermissionState.Unrestricted, PermissionPolicyIdentifiers.LoginAsService, applicationPrincipal).Demand(); return(applicationPrincipal); } catch (Exception e) { this.m_traceSource.TraceEvent(EventLevel.Error, "Error authenticating {0} : {1}", applicationId, e); throw new AuthenticationException("Error authenticating application", e); } } }
public void ResetPassword( string resetToken, string newPassword, IDateTimeService dateTimeService, IPasswordHashingService passwordHashingService, ISecureRng secureRng) { var result = PasswordResetTokens.FirstOrDefault(i => i.Token == resetToken); if (result == null) { throw new DomainModelException("Reset token doesn't exist"); } if (dateTimeService.GetCurrentDateTime() > result.CreatedAt.AddHours(6)) { throw new DomainModelException("Reset token expired"); } string salt = secureRng.GenerateSecureRandomString(16); PasswordCredential = new PasswordCredential() { HashedPassword = passwordHashingService.HashPassword(newPassword, salt), Salt = salt }; }
public static void ClassSetup(TestContext context) { AppDomain.CurrentDomain.SetData( "DataDirectory", Path.Combine(context.TestDeploymentDir, string.Empty)); IPasswordHashingService hashingService = ApplicationContext.Current.GetService <IPasswordHashingService>(); var dataService = ApplicationContext.Current.GetService <IDataPersistenceService <SecurityUser> >(); dataService.Insert(new SecurityUser() { UserName = "******", Email = "*****@*****.**", PasswordHash = hashingService.EncodePassword("password"), UserClass = UserClassKeys.HumanUser }, AuthenticationContext.SystemPrincipal, TransactionMode.Commit); dataService.Insert(new SecurityUser() { UserName = "******", Email = "*****@*****.**", PasswordHash = hashingService.EncodePassword("password"), UserClass = UserClassKeys.HumanUser }, AuthenticationContext.SystemPrincipal, TransactionMode.Commit); IRoleProviderService roleService = ApplicationContext.Current.GetService <IRoleProviderService>(); roleService.AddUsersToRoles(new string[] { "*****@*****.**", "*****@*****.**" }, new string[] { "USERS" }, AuthenticationContext.SystemPrincipal); roleService.AddUsersToRoles(new string[] { "*****@*****.**" }, new string[] { "ADMINISTRATORS" }, AuthenticationContext.SystemPrincipal); }
/// <summary> /// Creates the identity. /// </summary> /// <param name="securityUser">The security user.</param> /// <param name="password">The password.</param> /// <param name="principal">The principal.</param> /// <returns>Returns the created user identity.</returns> /// <exception cref="PolicyViolationException"></exception> public IIdentity CreateIdentity(SecurityUser securityUser, string password, IPrincipal principal) { var pdp = ApplicationContext.Current.GetService <IPolicyDecisionService>(); ApplicationServiceContext.Current.GetService <IPolicyEnforcementService>().Demand(PermissionPolicyIdentifiers.AccessClientAdministrativeFunction, principal); try { var conn = this.CreateConnection(); IPasswordHashingService hash = ApplicationContext.Current.GetService <IPasswordHashingService>(); using (conn.Lock()) { DbSecurityUser dbu = new DbSecurityUser() { Password = hash.ComputeHash(password), SecurityHash = Guid.NewGuid().ToString(), PhoneNumber = securityUser.PhoneNumber, Email = securityUser.Email, CreationTime = DateTime.Now, CreatedByUuid = conn.Table <DbSecurityUser>().FirstOrDefault(o => o.UserName == AuthenticationContext.Current?.Principal?.Identity?.Name)?.Uuid ?? Guid.Parse("fadca076-3690-4a6e-af9e-f1cd68e8c7e8").ToByteArray(), UserName = securityUser.UserName, Key = securityUser.Key.Value }; conn.Insert(dbu); } return(new SQLiteIdentity(securityUser.UserName, false)); } catch (Exception e) { throw new DataPersistenceException($"Error creating {securityUser}", e); } }
/// <summary> /// Data policy filter service with DI /// </summary> public DataPolicyFilterService(IConfigurationManager configurationManager, IPasswordHashingService passwordService, IPolicyDecisionService pdpService, IThreadPoolService threadPoolService, IDataCachingService dataCachingService, ISubscriptionExecutor subscriptionExecutor = null, IAdhocCacheService adhocCache = null) { this.m_hasher = passwordService; this.m_adhocCache = adhocCache; this.m_pdpService = pdpService; this.m_subscriptionExecutor = subscriptionExecutor; this.m_dataCachingService = dataCachingService; this.m_threadPool = threadPoolService; // Configuration load this.m_configuration = configurationManager.GetSection <DataPolicyFilterConfigurationSection>(); if (this.m_configuration == null) { this.m_tracer.TraceWarning("No data policy configuration exists. Setting all to HIDE"); this.m_configuration = new DataPolicyFilterConfigurationSection() { DefaultAction = ResourceDataPolicyActionType.Hide, Resources = new List <ResourceDataPolicyFilter>() }; } if (this.m_configuration.Resources != null) { foreach (var t in this.m_configuration.Resources) { if (typeof(Act).IsAssignableFrom(t.ResourceType.Type) || typeof(Entity).IsAssignableFrom(t.ResourceType.Type) || typeof(AssigningAuthority).IsAssignableFrom(t.ResourceType.Type)) { this.m_tracer.TraceInfo("Binding privacy action {0} to {1}", t.Action, t.ResourceType.Type); this.m_actions.TryAdd(t.ResourceType.Type, t); } } } }
/// <summary> /// Authenticate the application identity to an application principal /// </summary> public IPrincipal Authenticate(string applicationId, string applicationSecret) { // Data context using (DataContext dataContext = this.m_configuration.Provider.GetWriteConnection()) { try { dataContext.Open(); IPasswordHashingService hashService = ApplicationContext.Current.GetService <IPasswordHashingService>(); var client = dataContext.FirstOrDefault <DbSecurityApplication>("auth_app", applicationId, hashService.EncodePassword(applicationSecret)); if (client == null) { throw new SecurityException("Invalid application credentials"); } IPrincipal applicationPrincipal = new ApplicationPrincipal(new OpenIZ.Core.Security.ApplicationIdentity(client.Key, client.PublicId, true)); new PolicyPermission(System.Security.Permissions.PermissionState.None, PermissionPolicyIdentifiers.Login, applicationPrincipal).Demand(); return(applicationPrincipal); } catch (Exception e) { this.m_traceSource.TraceEvent(TraceEventType.Error, e.HResult, "Error authenticating {0} : {1}", applicationId, e); throw new AuthenticationException("Error authenticating application", e); } } }
public AuthToken GetAuthToken( string password, IPasswordHashingService passwordHasher, IAlphanumericTokenGenerator alphanumericTokenGenerator, IDateTimeService dateTimeService) { var accountSalt = PasswordCredential.PasswordSalt; if (PasswordCredential.HashedPassword == passwordHasher.HashPassword(password, accountSalt)) { var newAuthToken = new AuthToken() { TokenString = alphanumericTokenGenerator.GenerateAlphanumericToken(64), LastUsed = dateTimeService.GetCurrentDateTime(), Account = this }; AuthTokens.Add(newAuthToken); return(newAuthToken); } else { throw new Exception("Incorrect Username or Password."); } }
public Authenticator(AuthTokenService authTokenService, IQueryExecutor queryExecutor, IPasswordHashingService passwordHashingService) { _authTokenService = authTokenService; _queryExecutor = queryExecutor; _passwordHashingService = passwordHashingService; }
public void SetPassword( string password, IPasswordHashingService passwordHasher, ISecureRandomStringGeneratorService saltGenerator) { PasswordSalt = saltGenerator.GenerateSecureRandomString(); HashedPassword = passwordHasher.HashPassword(password, PasswordSalt); }
public UserService(IUsersRepository usersRepository, IPasswordHashingService passwordHashingService, ISubscriptionRepository subscriptionRepository) { UsersRepository = usersRepository; PasswordHashingService = passwordHashingService; SubscriptionRepository = subscriptionRepository; }
public ResetPasswordHandler( IUnitOfWork unitOfWork, IPasswordHashingService passwordHashingService, ISecureRandomStringGeneratorService securePasswordSaltGenerator) { _unitOfWork = unitOfWork; _passwordHashingService = passwordHashingService; _securePasswordSaltGenerator = securePasswordSaltGenerator; }
public LinksController( IDatabaseAccess _database, ICacheAccess _cache, IPasswordHashingService _hasher) { database = _database; cache = _cache; hasher = _hasher; }
public CreateUser(IRepository<User> userRepository, IQueryExecutor queryExecutor, IPasswordHashingService passwordHashingService, IClock clock) { _userRepository = userRepository; _queryExecutor = queryExecutor; _passwordHashingService = passwordHashingService; _clock = clock; }
public CreateUser(IRepository <User> userRepository, IQueryExecutor queryExecutor, IPasswordHashingService passwordHashingService, IClock clock) { _userRepository = userRepository; _queryExecutor = queryExecutor; _passwordHashingService = passwordHashingService; _clock = clock; }
public AuthService( IBenutzerService benutzerService, IPasswordHashingService passwordHashingService, ILogger <AuthService> logger, IMapper mapper) { _benutzerService = benutzerService; _passwordHashingService = passwordHashingService; _logger = logger; _mapper = mapper; }
public InitializationService( IDatabaseAccess _database, IConfiguration _config, IPasswordHashingService _pwHasher, ILogger <InitializationService> _logger) { database = _database; config = _config; pwHasher = _pwHasher; logger = _logger; }
public AuthController( IAuthorizationService _authorization, IDatabaseAccess _database, IPasswordHashingService _hasher, IConfiguration config) { authorization = _authorization; database = _database; hasher = _hasher; bypassSecureCookies = config.GetValue(Constants.ConfigKeySessionsBypassSecureCookies, false); }
public void ResetPassword( string newPassword, IPasswordHashingService passwordHasher, PasswordResetToken resetToken, ISecureRandomStringGeneratorService saltGenerator) { if (PasswordResetTokens.Contains(resetToken) && resetToken.IsActive) { PasswordSalt = saltGenerator.GenerateSecureRandomString(); HashedPassword = passwordHasher.HashPassword(newPassword, PasswordSalt); } }
public UserService( IUnitOfWorkFactory unitOfWorkFactory, IPasswordHashingService passwordHashingService, IMailService mailService, IAuthorizationUtil authorizationUtil ) { _unitOfWorkFactory = unitOfWorkFactory; _passwordHashingService = passwordHashingService; _mailService = mailService; _authorizationUtil = authorizationUtil; }
public CreateAccountHandler( IUnitOfWork unitOfWork, IPasswordHashingService passwordHashingService, IEmailVerifierService emailVerifierService, IAlphanumericTokenGenerator alphanumericTokenGenerator, ISecureRandomStringGeneratorService securePasswordSaltGenerator) { _unitOfWork = unitOfWork; _passwordHashingService = passwordHashingService; _emailVerifierService = emailVerifierService; _alphanumericTokenGenerator = alphanumericTokenGenerator; _securePasswordSaltGenerator = securePasswordSaltGenerator; }
public AuthController( IUserService userService, IJwtTokenService jwtTokenService, ISimpleTokenService simpleTokenService, IPasswordHashingService hashingService, ILegacyEmailService emailService) { this.userService = userService; this.jwtTokenService = jwtTokenService; this.simpleTokenService = simpleTokenService; this.hashingService = hashingService; this.emailService = emailService; }
public PasswordLoginHandler( IUnitOfWork unitOfWork, IPasswordHashingService passwordHashingService, IAlphanumericTokenGenerator alphanumericTokenGenerator, IDateTimeService dateTimeService, IMapper mapper) { _unitOfWork = unitOfWork; _passwordHashingService = passwordHashingService; _alphanumericTokenGenerator = alphanumericTokenGenerator; _dateTimeService = dateTimeService; _mapper = mapper; }
public void SetUp() { _unitOfWorkFactory = new FakeUnitOfWorkFactory(); _mailService = Substitute.For <IMailService>(); _passwordHashingService = Substitute.For <IPasswordHashingService>(); _authorizationUtil = Substitute.For <IAuthorizationUtil>(); _service = new UserService( _unitOfWorkFactory, _passwordHashingService, _mailService, _authorizationUtil ); }
public AuthorizeController(IUsersRepository usersRepository, IPasswordHashingService passwordHashingService, ILogger <AuthorizeController> logger, IJwtService jwtService, IContextProvider contextProvider, IUserService userService, IUnitOfWork unitOfWork) { UsersRepository = usersRepository; PasswordHashingService = passwordHashingService; Logger = logger; JwtService = jwtService; ContextProvider = contextProvider; UserService = userService; UnitOfWork = unitOfWork; }
/// <summary> /// Authenticate the application identity to an application principal /// </summary> public IPrincipal Authenticate(string applicationId, string applicationSecret) { // Data context using (ModelDataContext dataContext = new ModelDataContext(this.m_configuration.ReadonlyConnectionString)) { IPasswordHashingService hashService = ApplicationContext.Current.GetService <IPasswordHashingService>(); var client = dataContext.SecurityApplications.SingleOrDefault(o => o.ApplicationPublicId == applicationId && o.ApplicationSecret == hashService.EncodePassword(applicationSecret)); if (client == null) { throw new SecurityException("Invalid application credentials"); } IPrincipal applicationPrincipal = new ApplicationPrincipal(new OpenIZ.Core.Security.ApplicationIdentity(client.ApplicationId, client.ApplicationPublicId, true)); new PolicyPermission(System.Security.Permissions.PermissionState.None, PermissionPolicyIdentifiers.Login, applicationPrincipal).Demand(); return(applicationPrincipal); } }
/// <summary> /// Change the user's password /// </summary> /// <param name="userName">User name.</param> /// <param name="newPassword">New password.</param> /// <param name="principal">Principal.</param> public void ChangePassword(string userName, string password, System.Security.Principal.IPrincipal principal) { // We must demand the change password permission try { IPolicyDecisionService pdp = ApplicationContext.Current.GetService <IPolicyDecisionService>(); if (userName != principal.Identity.Name && pdp.GetPolicyOutcome(principal, PolicyIdentifiers.ChangePassword) == OpenIZ.Core.Model.Security.PolicyGrantType.Deny) { throw new SecurityException("User cannot change specified users password"); } var conn = this.CreateConnection(); using (conn.Lock()) { var dbu = conn.Table <DbSecurityUser>().Where(o => o.UserName == userName).FirstOrDefault(); if (dbu == null) { throw new KeyNotFoundException(); } else { IPasswordHashingService hash = ApplicationContext.Current.GetService <IPasswordHashingService>(); dbu.PasswordHash = hash.ComputeHash(password); dbu.SecurityHash = Guid.NewGuid().ToString(); dbu.UpdatedByUuid = conn.Table <DbSecurityUser>().First(u => u.UserName == principal.Identity.Name).Uuid; dbu.UpdatedTime = DateTime.Now; conn.Update(dbu); this.SecurityAttributesChanged?.Invoke(this, new SecurityAuditDataEventArgs(dbu, "password")); } } } catch (Exception e) { this.SecurityAttributesChanged?.Invoke(this, new SecurityAuditDataEventArgs(new SecurityUser() { Key = Guid.Empty, UserName = userName }, "password") { Success = false }); this.m_tracer.TraceError("Error changing password for user {0} : {1}", userName, e); throw; } }
/// <summary> /// Change the device secret /// </summary> public void ChangeSecret(string deviceName, string deviceSecret, IPrincipal principal) { // We must demand the change password permission try { var pep = ApplicationContext.Current.GetService <IPolicyEnforcementService>(); if (pep == null) { throw new InvalidOperationException("Cannot find the PolicyEnforcementService"); } if (deviceName != principal.Identity.Name) { pep.Demand(PermissionPolicyIdentifiers.AccessClientAdministrativeFunction, principal); } var conn = this.CreateConnection(); using (conn.Lock()) { var dbu = conn.Table <DbSecurityDevice>().Where(o => o.PublicId == deviceName).FirstOrDefault(); if (dbu == null) { throw new KeyNotFoundException(); } else { IPasswordHashingService hash = ApplicationContext.Current.GetService <IPasswordHashingService>(); if (hash == null) { throw new InvalidOperationException("Cannot find Password Hashing Service"); } dbu.DeviceSecret = hash.ComputeHash(deviceSecret); dbu.UpdatedByUuid = conn.Table <DbSecurityUser>().First(u => u.UserName == principal.Identity.Name).Uuid; dbu.UpdatedTime = DateTime.Now; conn.Update(dbu); } } } catch (Exception e) { this.m_tracer.TraceError("Error changing secret for device {0} : {1}", deviceName, e); throw; } }
public AuthenticationService(ILinqRepository<User> userRepository, IPasswordHashingService passwordHashingService) { _passwordHashingService = passwordHashingService; _userRepository = userRepository; }