public async Task <IHttpActionResult> ChangePassword([FromBody] ChangePasswordViewModel model, string email)
{
try
{
if (ModelState.IsValid)
{
var user = new User();
if (_userRepo.IsUserExists(email))
{
user = _userRepo.GetByUserEmail(email);
if (!PasswordHashProvider.ValidatePassword(model.OldPassword, user.Password))
{
return(BadRequest("Wrong Password"));
}
else
{
var result = _userRepo.ChangePassword(model, email);
return(await SendResonse(result, "Your password changed successfully"));
}
}
else
{
return(BadRequest("No such user exists"));
}
}
else
{
return(BadRequest(string.Join(" ", ModelState.Values.SelectMany(x => x.Errors).Select(e => e.ErrorMessage))));
}
}
catch (Exception e)
{
return(await ErrorResult(e));
}
}
private string SignInStudent(LoginLogicModel model)
{
using (var context = new AASDBContext())
{
var student = context.Students.SingleOrDefault(a => a.Email == model.Username);
if (student == null)
{
throw new LoginErrorException();
}
if (string.IsNullOrWhiteSpace(student.Salt))
{
student.Salt = PasswordHashProvider.GenerateSalt();
student.Password = PasswordHashProvider.ComputePasswordHash(student.Password.Trim(), student.Salt);
context.SaveChanges();
}
var hash = PasswordHashProvider.ComputePasswordHash(model.Password, student.Salt);
if (student.Password != hash)
{
throw new LoginErrorException();
}
return(ComposeToken(model.Username, UserType.StudentUserType));
}
}
public async Task <IHttpActionResult> Register([FromBody] RegisterViewModel model)
{
try
{
if (ModelState.IsValid)
{
if (_userRepo.IsUserExists(model.Email)) //user is alreasy exists
{
return(BadRequest(model.Email + " " + "is already taken"));
}
else
{
var user = new User();
user.FirstName = model.FirstName;
user.LastName = model.LastName;
user.UserName = model.UserName;
user.Email = model.Email;
user.Password = PasswordHashProvider.HashPassword(model.Password);
var userId = _userRepo.Create(user);
string location = Request.RequestUri + "/" + user.Id.ToString();
return(Created(location, new { Id = userId }));
}
}
else
{
return(BadRequest(string.Join(" ", ModelState.Values.SelectMany(x => x.Errors).Select(e => e.ErrorMessage))));
}
}
catch (Exception e)
{
return(await ErrorResult(e));
}
}
public void PasswordHash_Encode()
{
var hashes = new[]
{
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt2")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt2")),
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt2")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt2")),
};
Assert.AreNotEqual(hashes[0], hashes[1]); // same password, different salt
Assert.AreNotEqual(hashes[0], hashes[2]); // different password, same salt
Assert.AreNotEqual(hashes[0], hashes[3]); // different password, different salt
for (int i = 0; i < 4; i++)
{
Assert.AreNotEqual(hashes[i], hashes[i + 4]); // not equal even if created by same params.
}
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password1", hashes[0], new TestPasswordSaltProvider("Salt1")));
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password1", hashes[1], new TestPasswordSaltProvider("Salt2")));
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password2", hashes[2], new TestPasswordSaltProvider("Salt1")));
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password2", hashes[3], new TestPasswordSaltProvider("Salt2")));
}
private string SignInAdmin(LoginLogicModel model)
{
using (var context = new AASDBContext())
{
var admin = context.Admins.SingleOrDefault(a => a.Username == model.Username);
if (admin == null)
{
throw new LoginErrorException();
}
if (string.IsNullOrWhiteSpace(admin.Salt))
{
admin.Salt = PasswordHashProvider.GenerateSalt();
admin.Password = PasswordHashProvider.ComputePasswordHash(admin.Password.Trim(), admin.Salt);
context.SaveChanges();
}
var hash = PasswordHashProvider.ComputePasswordHash(model.Password, admin.Salt);
if (admin.Password != hash)
{
throw new LoginErrorException();
}
return(ComposeToken(model.Username, UserType.AdminUserType));
}
}
public int ChangePassword(ChangePasswordViewModel model, string email)
{
var user = _dbContext.Users.Where(x => x.Email == email).FirstOrDefault();
user.Password = PasswordHashProvider.HashPassword(model.NewPassword);
var result = _dbContext.SaveChanges();
return(result);
}
public User(Guid id,
string email,
string username,
string password)
{
this.Id = id;
this.Email = email;
this.Username = username;
this.Password = PasswordHashProvider.ComputeHash(password);
}
public IHttpActionResult TestSalt()
{
var hash = PasswordHashProvider.GenerateSalt();
return(Json(new
{
Hash = hash,
Length = hash.Length
}));
}
public void HashesWork()
{
var provider = new PasswordHashProvider();
var generated = provider.Generate("testpassword", 32);
var generatedAgain = provider.Generate("testpassword", generated.Salt);
Assert.Equal(generated.Hash, generatedAgain);
}
void link_Click(object sender, EventArgs e)
{
var link = sender as LinkButton;
if (link == null)
{
return;
}
var fullUserName = link.CommandArgument;
if (string.IsNullOrEmpty(fullUserName))
{
return;
}
var slashIndex = fullUserName.IndexOf('\\');
var domain = fullUserName.Substring(0, slashIndex);
var username = fullUserName.Substring(slashIndex + 1);
IUser user;
// Elevation: we need to have the user content in hand
// regardless of the current users permissions (she is
// a Visitor right now, before logging in).
using (new SystemAccount())
{
user = User.Load(domain, username);
}
if (user == null)
{
return;
}
var password = _demoPasswords[user.Name.ToLower()];
if (!PasswordHashProvider.CheckPassword(password, user.PasswordHash, (IPasswordSaltProvider)user))
{
return;
}
FormsAuthentication.SetAuthCookie(user.Username, false);
var originalUrl = PortalContext.GetLoginOriginalUrl();
if (String.IsNullOrEmpty(originalUrl))
{
originalUrl = Request.RawUrl;
}
Response.Redirect(originalUrl);
}
public bool UpdatePassword(string email, string password)
{
var dbAccount = Context.Set <AuthInternal>().FirstOrDefault(u => u.email == email);
if (PasswordHashProvider.ValidatePassword(password, dbAccount.password))
{
dbAccount.password = string.Empty;
Context.SaveChanges();
return(true);
}
return(false);
}
public override void Save(NodeSaveSettings settings)
{
// Check uniqueness first
if (Id == 0 || PropertyNamesForCheckUniqueness.Any(p => IsPropertyChanged(p)))
{
CheckUniqueUser();
}
if (_password != null)
{
this.PasswordHash = PasswordHashProvider.EncodePassword(_password, this);
}
Domain = GenerateDomain();
var originalId = this.Id;
// save current password to the list of old passwords
this.SaveCurrentPassword();
base.Save(settings);
// AD Sync
SynchUser(originalId);
if (originalId == 0)
{
// set creator for performant self permission setting
// creator of the user will always be the user itself. this way setting permissions to the creators group on /Root/IMS will be adequate for user permissions
// if you need the original creator, use the auditlog
Retrier.Retry(3, 200, typeof(Exception), () =>
{
// need to clear this flag to avoid getting an 'Id <> 0' error during copying
this.CopyInProgress = false;
this.CreatedBy = this;
this.Owner = this;
this.VersionCreatedBy = this;
this.DisableObserver(TypeResolver.GetType(NodeObserverNames.NOTIFICATION, false));
this.DisableObserver(TypeResolver.GetType(NodeObserverNames.WORKFLOWNOTIFICATION, false));
base.Save(SavingMode.KeepVersion);
});
// create profile
if (IdentityManagement.UserProfilesEnabled)
{
CreateProfile();
}
}
}
public bool UpdatePassword(string email, string password)
{
var dbAccount = Context.Set <AuthInternal>().FirstOrDefault(u => u.email == email);
if (dbAccount != null)
{
var hashNewPsw = PasswordHashProvider.CreateHash(password);
dbAccount.password = hashNewPsw;
Context.SaveChanges();
return(true);
}
return(false);
}
public override void Save(NodeSaveSettings settings)
{
// Check uniqueness first
CheckUniqueUser();
if (base.IsPropertyChanged("CreationDate"))
{
if (_password != null)
{
this.PasswordHash = PasswordHashProvider.EncodePassword(_password, this);
}
}
Domain = GenerateDomain();
var originalId = this.Id;
// save current password to the list of old passwords
this.SaveCurrentPassword();
base.Save(settings);
// AD Sync
SynchUser(originalId);
// set creator for performant self permission setting
// creator of the user will always be the user itself. this way setting permissions to the creators group on /Root/IMS will be adequate for user permissions
// if you need the original creator, use the auditlog
if (originalId == 0)
{
//need to clear this flag to avoid getting an 'Id <> 0' error during copying
this.CopyInProgress = false;
this.CreatedBy = this;
this.VersionCreatedBy = this;
this.DisableObserver(TypeHandler.GetType(NodeObserverNames.NOTIFICATION));
this.DisableObserver(TypeHandler.GetType(NodeObserverNames.WORKFLOWNOTIFICATION));
base.Save(SavingMode.KeepVersion);
}
// create profiles
if (originalId == 0 && Repository.UserProfilesEnabled)
{
CreateProfile();
}
}
protected override async Task Handle(SignInCommand request, CancellationToken cancellationToken)
{
var user = await _repository.FindSingleAsync((u) => u.Username == request.Username);
if (user == null)
{
throw new ValidationException("Unknown user");
}
var hashedPassword = PasswordHashProvider.ComputeHash(request.Password);
if (hashedPassword != user.Password)
{
throw new ValidationException("Invalid password");
}
await _accountService.SignIn(user.Id, user.Username, user.Email);
}
public bool CheckPasswordMatch(string passwordInClearText)
{
var match = false;
try
{
// Check with the configured provider.
match = PasswordHashProvider.CheckPassword(passwordInClearText, this.PasswordHash, this);
}
catch (SaltParseException)
{
// Keep 'match = false' and do not do other thing.
}
// If the migration is not enabled, shorting: return with the result.
if (!Configuration.Security.EnablePasswordHashMigration)
{
return(match);
}
// If password was matched the migration is not needed.
if (match)
{
return(true);
}
// Not match and migration is enabled.
// Check with the outdated provider
if (!PasswordHashProvider.CheckPasswordForMigration(passwordInClearText, this.PasswordHash, this))
{
// If does not match, game over.
return(false);
}
// Migration: generating a new hash with the configured provider and salt.
this.PasswordHash = PasswordHashProvider.EncodePassword(passwordInClearText, this);
using (new SystemAccount())
Save(SavingMode.KeepVersion);
return(true);
}
public async ValueTask <string> Login(string name, string password, DateTime expireTime)
{
var context = Context;
var userService = new UserService(context);
var user = await userService.GetSingleAsync(it => it.Name == name);
if (user == null)
{
return(null);
}
password = PasswordHashProvider.CreateHash(user.Salt, password, 16);
if (!EncryptUtils.ComparePassword(user.Password, password))
{
return(null);
}
var token = EncryptUtils.GenerateRandomString(32);
return(await AddSession(token, user, expireTime, context) ? token : null);
}
public void Register(LoginRequest account)
{
var dbUser = _authInternalRepository.FindByEmail(account.Email);
if (dbUser == null)
{
using (var transaction = Context.Database.BeginTransaction())
{
try
{
_accountRepository.Create(new Account
{
first_name = account.FirstName,
last_name = account.LastName,
username = account.UserName,
registration_ip = account.RegistrationIP
});
_authInternalRepository.Create(new AuthInternal
{
account_id = _accountRepository.GetByUserName(account.UserName).id,
email = account.Email,
password = PasswordHashProvider.CreateHash(account.Password)
});
transaction.Commit();
}
catch (Exception ex)
{
transaction.Rollback();
throw new Exception(ex.Message);
}
}
}
else
{
_logger.LogError($"Account with {account.Email} already exist!");
throw new WebException(HttpStatusCode.BadRequest.ToString());
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (string.IsNullOrEmpty(context.UserName) || string.IsNullOrEmpty(context.Password))
{
context.SetError("invalid_grant", "The username or password is incorrect.");
return;
}
var user = _userRepo.GetByUserEmail(context.UserName);
if (user == null)
{
context.SetError("invalid_username", "The username is not correct.");
return;
}
if (!PasswordHashProvider.ValidatePassword(context.Password, user.Password))
{
context.SetError("invalid_password", "The password is not correct.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", context.ClientId ?? string.Empty
},
{
"userName", context.UserName
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public Account GetOrCreate(LoginRequest account)
{
try
{
var dbUser = _authInternalRepository.FindByEmail(account.Email);
if (dbUser == null)
{
_logger.LogError($"Account with login {account.Email} doesn't exist!");
return(null);
}
if (PasswordHashProvider.ValidatePassword(account.Password, dbUser.password))
{
return(_accountRepository.GetById(dbUser.account_id));
}
return(null);
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}
public async ValueTask <RegisterResult> Register(string name, string password, string invitationCode)
{
var context = Context;
try
{
context.BeginTran();
var invitationService = new InvitationService(context);
var invitation = await invitationService.
GetSingleAsync(it => it.InvitationCode == invitationCode);
if (invitation == null)
{
context.RollbackTran();
return(RegisterResult.InvitationCodeNotFound);
}
if (invitation.ReceiverId > 0)
{
context.RollbackTran();
return(RegisterResult.InvitationCodeHasBeenUsed);
}
var salt = EncryptUtils.GenerateRandomBytes(64);
password = PasswordHashProvider.CreateHash(salt, password, 16);
var user = new User
{
Id = IdGenerator.CreateId(),
Name = name,
Password = password,
Salt = salt,
Authority = invitation.Authority
};
var userService = new UserService(context);
var result = userService.Insert(user);
if (result.ErrorList.Count != 0)
{
context.RollbackTran();
return(RegisterResult.UsernameRepeated);
}
var success = await invitationService.UpdateAsync(
it => new Invitation()
{
UsedTime = DateTime.UtcNow, ReceiverId = user.Id
},
it => it.ObjectId == invitation.ObjectId);
if (!success)
{
context.RollbackTran();
return(RegisterResult.InvitationCodeHasBeenUsed);
}
context.CommitTran();
return(RegisterResult.Success);
}
catch
{
context.RollbackTran();
throw;
}
}
public static string EncodePassword(string passwordInClearText, IPasswordSaltProvider saltProvider)
{
return(PasswordHashProvider.EncodePassword(passwordInClearText, saltProvider));
}
