public void PasswordHash_Encode()
{
var hashes = new[]
{
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt2")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt2")),
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt2")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt2")),
};
Assert.AreNotEqual(hashes[0], hashes[1]); // same password, different salt
Assert.AreNotEqual(hashes[0], hashes[2]); // different password, same salt
Assert.AreNotEqual(hashes[0], hashes[3]); // different password, different salt
for (int i = 0; i < 4; i++)
{
Assert.AreNotEqual(hashes[i], hashes[i + 4]); // not equal even if created by same params.
}
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password1", hashes[0], new TestPasswordSaltProvider("Salt1")));
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password1", hashes[1], new TestPasswordSaltProvider("Salt2")));
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password2", hashes[2], new TestPasswordSaltProvider("Salt1")));
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password2", hashes[3], new TestPasswordSaltProvider("Salt2")));
}
public override void Save(NodeSaveSettings settings)
{
// Check uniqueness first
if (Id == 0 || PropertyNamesForCheckUniqueness.Any(p => IsPropertyChanged(p)))
{
CheckUniqueUser();
}
if (_password != null)
{
this.PasswordHash = PasswordHashProvider.EncodePassword(_password, this);
}
Domain = GenerateDomain();
var originalId = this.Id;
// save current password to the list of old passwords
this.SaveCurrentPassword();
base.Save(settings);
// AD Sync
SynchUser(originalId);
if (originalId == 0)
{
// set creator for performant self permission setting
// creator of the user will always be the user itself. this way setting permissions to the creators group on /Root/IMS will be adequate for user permissions
// if you need the original creator, use the auditlog
Retrier.Retry(3, 200, typeof(Exception), () =>
{
// need to clear this flag to avoid getting an 'Id <> 0' error during copying
this.CopyInProgress = false;
this.CreatedBy = this;
this.Owner = this;
this.VersionCreatedBy = this;
this.DisableObserver(TypeResolver.GetType(NodeObserverNames.NOTIFICATION, false));
this.DisableObserver(TypeResolver.GetType(NodeObserverNames.WORKFLOWNOTIFICATION, false));
base.Save(SavingMode.KeepVersion);
});
// create profile
if (IdentityManagement.UserProfilesEnabled)
{
CreateProfile();
}
}
}
public override void Save(NodeSaveSettings settings)
{
// Check uniqueness first
CheckUniqueUser();
if (base.IsPropertyChanged("CreationDate"))
{
if (_password != null)
{
this.PasswordHash = PasswordHashProvider.EncodePassword(_password, this);
}
}
Domain = GenerateDomain();
var originalId = this.Id;
// save current password to the list of old passwords
this.SaveCurrentPassword();
base.Save(settings);
// AD Sync
SynchUser(originalId);
// set creator for performant self permission setting
// creator of the user will always be the user itself. this way setting permissions to the creators group on /Root/IMS will be adequate for user permissions
// if you need the original creator, use the auditlog
if (originalId == 0)
{
//need to clear this flag to avoid getting an 'Id <> 0' error during copying
this.CopyInProgress = false;
this.CreatedBy = this;
this.VersionCreatedBy = this;
this.DisableObserver(TypeHandler.GetType(NodeObserverNames.NOTIFICATION));
this.DisableObserver(TypeHandler.GetType(NodeObserverNames.WORKFLOWNOTIFICATION));
base.Save(SavingMode.KeepVersion);
}
// create profiles
if (originalId == 0 && Repository.UserProfilesEnabled)
{
CreateProfile();
}
}
public bool CheckPasswordMatch(string passwordInClearText)
{
var match = false;
try
{
// Check with the configured provider.
match = PasswordHashProvider.CheckPassword(passwordInClearText, this.PasswordHash, this);
}
catch (SaltParseException)
{
// Keep 'match = false' and do not do other thing.
}
// If the migration is not enabled, shorting: return with the result.
if (!Configuration.Security.EnablePasswordHashMigration)
{
return(match);
}
// If password was matched the migration is not needed.
if (match)
{
return(true);
}
// Not match and migration is enabled.
// Check with the outdated provider
if (!PasswordHashProvider.CheckPasswordForMigration(passwordInClearText, this.PasswordHash, this))
{
// If does not match, game over.
return(false);
}
// Migration: generating a new hash with the configured provider and salt.
this.PasswordHash = PasswordHashProvider.EncodePassword(passwordInClearText, this);
using (new SystemAccount())
Save(SavingMode.KeepVersion);
return(true);
}
public static string EncodePassword(string passwordInClearText, IPasswordSaltProvider saltProvider)
{
return(PasswordHashProvider.EncodePassword(passwordInClearText, saltProvider));
}
