public void Correct_Password_Wrong_Encoding_Should_Not_Match(HashingAlgo hashingAlgo) { var originalHashConfig = new HashingConfig { GenratePerPasswordSalt = true, GlobalSalt = null, SaltedPasswordFormat = SaltedPasswordFormat, HashingAlgo = hashingAlgo, PasswordHashEncodingType = EncodingType.Hex }; var mismatchedHashConfig = new HashingConfig { GenratePerPasswordSalt = true, GlobalSalt = null, SaltedPasswordFormat = SaltedPasswordFormat, HashingAlgo = hashingAlgo, PasswordHashEncodingType = EncodingType.Base64 }; var passwordHashing = new PasswordHashing(); var hash = passwordHashing.GetHash(CorrectPassword, originalHashConfig); var match = passwordHashing.CheckPassword(hash, mismatchedHashConfig, CorrectPassword); Assert.False(match); }
private void btnChangePass_Click(object sender, EventArgs e) { try { var passDb = DBC.ExecuteQuery("SELECT \"password\" FROM \"APPUSER\" WHERE " + $"username = '******';").Rows[0][0].ToString(); if (PasswordHashing.CheckPassword(txtActual.Text, passDb)) { if (!txtNewPass.Text.Equals(txtNewPass2.Text)) { MessageBox.Show(@"Las contraseñas nuevas no coinciden", @"Error", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1, MessageBoxOptions.DefaultDesktopOnly); } else { var hashedNew = PasswordHashing.CreateHash(txtNewPass.Text); var command = $"UPDATE \"APPUSER\" SET \"password\" = '{hashedNew}'" + $" WHERE username = '******';"; DBC.ExecuteNonQuery(command); MessageBox.Show(@"Contraseña actualizada", @"Completado", MessageBoxButtons.OK, MessageBoxIcon.Information, MessageBoxDefaultButton.Button1, MessageBoxOptions.DefaultDesktopOnly); } } else { MessageBox.Show(@"Su contraseña actual no es correcta", @"Error", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1, MessageBoxOptions.DefaultDesktopOnly); } } catch (Exception exception) { MessageBox.Show(exception.Message, @"Error", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1, MessageBoxOptions.DefaultDesktopOnly); } finally { txtActual.Text = ""; txtActual_Leave(null, EventArgs.Empty); txtNewPass.Text = ""; txtNewPass_Leave(null, EventArgs.Empty); txtNewPass2.Text = ""; txtNewPass2_Leave(null, EventArgs.Empty); } }
public void Wrong_Password_Should_Not_Match(HashingAlgo hashingAlgo) { var hashConfig = new HashingConfig { GenratePerPasswordSalt = false, GlobalSalt = GlobalSalt, SaltedPasswordFormat = SaltedPasswordFormat, HashingAlgo = hashingAlgo, PasswordHashEncodingType = EncodingType.Default }; var passwordHashing = new PasswordHashing(); var hash = passwordHashing.GetHash(CorrectPassword, hashConfig); var match = passwordHashing.CheckPassword(hash, hashConfig, "wrongPassword"); Assert.False(match); }
public void Correct_Password_Should_Match(HashingAlgo hashingAlgo) { var hashConfig = new HashingConfig { GenratePerPasswordSalt = true, GlobalSalt = null, SaltedPasswordFormat = SaltedPasswordFormat, HashingAlgo = hashingAlgo, PasswordHashEncodingType = EncodingType.Default }; var passwordHashing = new PasswordHashing(); var hash = passwordHashing.GetHash(CorrectPassword, hashConfig); var match = passwordHashing.CheckPassword(hash, hashConfig, CorrectPassword); Assert.True(match); }
public void Correct_Hash_Values_Should_Match_CheckPassword(HashingAlgo hashingAlgo, string expectedHashBase64) { var hashConfig = new HashingConfig { GeneratePerPasswordSalt = false, GlobalSalt = GlobalSalt, SaltedPasswordFormat = SaltedPasswordFormat, HashingAlgo = hashingAlgo, PasswordHashEncodingType = EncodingType.Default }; var passwordHashing = new PasswordHashing(); var expectedHash = System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(expectedHashBase64)); var match = passwordHashing.CheckPassword(expectedHash, hashConfig, CorrectPassword); Assert.True(match); }
public static User CheckLogIn(string username, string password) { var testUser = new User(); var query = $"SELECT username, password, \"userType\", fullname FROM \"APPUSER\" WHERE username ='******'"; var dt = DBConnection.ExecuteQuery(query); if (dt.Rows[0][0].ToString().Equals("") || !PasswordHashing.CheckPassword(password, dt.Rows[0][1].ToString())) { throw new InvalidCredentialsException("Usuario o contraseña inválidos."); } testUser.Username = username; testUser.UserType = dt.Rows[0][2].ToString(); testUser.FullName = dt.Rows[0][3].ToString(); return(testUser); }