public ActionResult Continue(string validator, string email)
{
// Time now on seconds (UNIX TIME)
var dateU = Convert.ToInt32(DateTimeOffset.Now.ToUnixTimeSeconds());
// Searching the user on newUsers table using the email and verifying if the expiration time are passed
var resultToken = db.newUsers.Where(x => x.newUser_email == email && x.newUser_expires >= dateU).FirstOrDefault();
// Checking the validator
bool tokenCheck = BCryptHelper.CheckPassword(validator, resultToken.newUser_token);
if (tokenCheck == false)
{
// If NOT valid
throw new TokenOrValidationException();
}
else if (tokenCheck == true)
{
// If is valid
// Searching the user on users table with the email and activate
var resultUser = db.users.Where(x => x.user_email == resultToken.newUser_email).FirstOrDefault();
resultUser.active = true;
db.newUsers.RemoveRange(db.newUsers.Where(x => x.newUser_email == resultUser.user_email));
db.SaveChanges();
ViewBag.message = "Done";
return(View());
}
return(View());
}
public string SignIn(ISignInDto dto)
{
_signInDtoValidator.Check(dto);
var user = _dao.GetUserByEmail(dto.Email);
if (user == null || !BCryptHelper.CheckPassword(dto.Password, user.Password))
{
throw new AuthenticationException();
}
var handler = new JwtSecurityTokenHandler();
var now = DateTime.Now;
return(handler.WriteToken(handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = "MadrageBackEndChallengeIssuer",
Audience = "MadrageBackEndChallengeAudience",
SigningCredentials = _signingCredentials,
Subject = new ClaimsIdentity(new GenericIdentity(user.Name, "SignIn"),
new[] {
new Claim(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
new Claim(JwtRegisteredClaimNames.Email, user.Email)
}
),
NotBefore = now,
Expires = now + TimeSpan.FromDays(3)
})));
}
public bool Authenticate(string username, string password)
{
try
{
if (IsFirstLogIn())
{
Employees.Add(new Model.Employee()
{
Username = username,
Password = password,
FirstName = "Admin",
LastName = "Admin",
Role = (byte)Role.Admin
});
return(true);
}
using (var dataContext = GetDataContext())
{
var user = dataContext.Persons.OfType <DB.Employee>().First(x => x.Username == username);
if (BCryptHelper.CheckPassword(password, user.Password))
{
return(true);
}
}
}
catch { }
return(false);
}
private void btnLogin_Click(object sender, EventArgs e)
{
using (MySqlCommand command = new MySqlCommand("SELECT `Username`, `Password` FROM `Login` WHERE `Username` = '" + txbUsername.Text + "';", connection))
{
using (MySqlDataReader reader = command.ExecuteReader())
{
if (reader.Read())
{
if (BCryptHelper.CheckPassword(txbPassword.Text, reader.GetString("Password")))
{
label3.Text = "Username and Password are valid!";
label3.ForeColor = Color.Green;
this.Hide();
WikiParks f = new WikiParks();
f.Show();
}
}
else
{
label3.ForeColor = Color.Red;
label3.Text = "Username Or Password are Invalid";
}
}
}
}
public static bool Login(this SqlConnection connection, User user, string password)
{
var sqlQuery = @"SELECT Password FROM [User] WHERE Nickname = @user";
var hashedPassword = connection.QueryFirstOrDefault <string>(sqlQuery, new { user = user.Nickname });
if (hashedPassword == null)
{
Console.WriteLine("Invalid username, please try again.");
return(false);
}
if (BCryptHelper.CheckPassword(password, hashedPassword.ToString()))
{
Console.WriteLine($"{user.Nickname} successfully logged in.");
return(true);
}
else
{
Console.WriteLine("Invalid password, please try again.");
return(false);
}
}
public static AccountModel AuthorizationAccount(string login, string password)
{
AccountModel accountModel = new AccountModel();
using (NpgsqlConnection conn = new NpgsqlConnection(connectionString))
{
try
{
conn.Open();
NpgsqlCommand command = new NpgsqlCommand("SELECT id, password, buy_pers FROM server.accounts WHERE login = @login LIMIT 1;", conn);
command.Parameters.AddWithValue("@login", login);
command.ExecuteNonQuery();
NpgsqlDataReader reader = command.ExecuteReader();
reader.Read();
if (BCryptHelper.CheckPassword(password, reader.GetString(1)))
{
NAPI.Util.ConsoleOutput("Заебись");
accountModel.Id = reader.GetInt32(0);
accountModel.Bay_Pers = reader.GetBoolean(2);
return(accountModel);
}
}
catch (Exception ex)
{
Globals.log.Trace(ex);
NAPI.Util.ConsoleOutput("[EXCEPTION CreateCharacter] " + ex.Message);
NAPI.Util.ConsoleOutput("[EXCEPTION CreateCharacter] " + ex.StackTrace);
}
return(accountModel);
}
}
public ActionResult Login(string login, string password)
{
if (ModelState.IsValid)
{
var user = UnitOfWork.Users.GetByLogin(login);
if (user == null)
{
ModelState.AddModelError(String.Empty, "There is wrong login or password. Try again.");
return(View());
}
if (BCryptHelper.CheckPassword(password, user.Password))
{
UserData.SetUserInfo(user);
return(View("Index"));
}
ModelState.AddModelError(String.Empty, "There is wrong login or password. Try again.");
return(View());
}
ModelState.AddModelError(String.Empty, "There is wrong login or password. Try again.");
return(View());
}
public LoginSummary SignIn(string username, string password)
{
using (var cxt = DataStore.GetDataStore())
{
// Load the login details if exists
//var login = cxt.Login.FirstOrDefault(x => x.Username.ToLower() == username);
var login = (
from l in cxt.Login
join p in cxt.Person on l.PersonID equals p.PersonID
where l.Username == username
select new LoginSummary()
{
FirstName = p.FirstName,
LastName = p.LastName,
LoginID = l.LoginID,
Password = l.Password,
Username = l.Username
}
).FirstOrDefault();
var passwordVerified = BCryptHelper.CheckPassword(password, login?.Password);
if (!passwordVerified)
{
throw new Exception("We either could not find your username or the password you entered is incorrect.");
}
return(login);
}
}
public static Librarian LibrarianLogin(string name, string pwd)
{
using (var context = new LibraryContext())
{
var stringError = "Invalid name or password.";
if (string.IsNullOrEmpty(name) || string.IsNullOrEmpty(pwd))
{
throw new InvalidOperationException(stringError);
}
var librarian = context.Librarians.SingleOrDefault(l => l.Name.Equals(name));
if (librarian == null)
{
throw new InvalidOperationException(stringError);
}
var loginSuccess = BCryptHelper.CheckPassword(pwd, librarian.Password);
if (!loginSuccess)
{
throw new InvalidOperationException(stringError);
}
return(librarian);
}
}
public IActionResult ChangePassword(ChangePasswordViewModel model)
{
if (model.NewPassword != model.ConfirmNewPassword)
{
ModelState.AddModelError("", "New Password does not match Confirm New Password");
return(View());
}
var user = this._context.Users.FirstOrDefault(u =>
u.Id == model.UserId);
if (user != null)
{
if (BCryptHelper.CheckPassword(model.OldPassword, user.Password) == false)
{
ModelState.AddModelError("", "Incorrect old Password.");
return(View());
}
user.Password = BCryptHelper.HashPassword(model.NewPassword, BCryptHelper.GenerateSalt(8));
user.LoginStatus = Infrastructures.Domain.Enums.LoginStatus.Active;
this._context.Users.Update(user);
this._context.SaveChanges();
return(RedirectPermanent("Notify"));
}
return(View());
}
public bool AnswerQuestion(int QuestionID, int AnswerID, string uniqueID)
{
if (BCryptHelper.CheckPassword("amazinglyunique", uniqueID))
{
if (!db.AnsweredBy.Any(x => x.AnswerID == AnswerID && x.BrowserKey == uniqueID && x.QuestionID == QuestionID) && db.Answers.Any(x => x.AnswerID == AnswerID) && db.Questions.Any(x => x.QuestionID == QuestionID))
{
AnsweredBy ab = new AnsweredBy();
ab.AnswerID = AnswerID;
ab.BrowserKey = uniqueID;
ab.QuestionID = QuestionID;
db.AnsweredBy.Add(ab);
db.SaveChanges();
Answer a = new Answer();
a = db.Answers.First(x => x.AnswerID == AnswerID);
a.Count = a.Count + 1;
db.SaveChanges();
return(true);
}
return(false);
}
return(false);
}
private void CheckPassword(string password, string hashedPassword)
{
if (!BCryptHelper.CheckPassword(password, hashedPassword))
{
throw new InvalidLoginAttemptException("Invalid credentials given");
}
}
public static List <string> decryptFromFile(string path, string pass, byte[] key)
{
var payload = new List <string>();
using (var aes = Aes.Create())
{
// Setup aes decryptor
aes.Key = key;
aes.Padding = PaddingMode.Zeros;
using (FileStream file = File.OpenRead(path))
{
// Read salt
string salt = string.Empty;
for (int i = 0; i < 29; i++)
{
salt += Convert.ToChar(file.ReadByte());
}
// Read iv
byte[] iv = new byte[16];
for (int i = 0; i < 16; i++)
{
iv[i] = Convert.ToByte(file.ReadByte());
}
aes.IV = iv;
ICryptoTransform alg = aes.CreateDecryptor(aes.Key, aes.IV);
using (var crypto = new CryptoStream(file, alg, CryptoStreamMode.Read))
{
// Read encoded verification hash
var hash = new byte[31];
for (int i = 0; i < 31; i++)
{
hash[i] = Convert.ToByte(crypto.ReadByte());
}
string hashed = salt + Encoding.UTF8.GetString(hash);
if (BCryptHelper.CheckPassword(pass, hashed))
{
using (var reader = new StreamReader(crypto))
{
// Read encoded payload
payload.Add(reader.ReadLine());
while (!reader.EndOfStream)
{
payload.Add(reader.ReadLine());
}
}
}
else
{
return(VERIFICATION_ERROR);
}
}
}
}
return(payload);
}
public Mind(string Password)
{
if (!BCryptHelper.CheckPassword(Password, Protected))
{
Shutdown();
return;
}
}
public string LoginFromPlugin(string Username, string Password)
{
if (BCryptHelper.CheckPassword(Password + "*)&h9", db.Users.First(u => u.Username == Username).Password))
{
return("true");
}
return("false");
}
// fungsi untuk melakukan penyamaan password dari user dgn yg ada di db
public bool IsPasswordMatch(string NIK, string password)
{
using (dbccanEntities db = new dbccanEntities())
{
var hashedPassword = GetUserPassword(NIK);
return(BCryptHelper.CheckPassword(password, hashedPassword));
}
}
// TODO ~needs rework/cleanup
public IActionResult Login([FromBody] UserLoginModel input)
{
GetLogger().Info("Logging in.");
try
{
var daoManager = HttpContext.RequestServices.GetService <DaoManager>();
var databaseUser = daoManager.UserDao.FindUserByMailAddress(input.MailAddress);
if (databaseUser == null || !BCryptHelper.CheckPassword(input.Password, databaseUser.PasswordHash))
{
return(BadRequest("Username or password is incorrect"));
}
if (databaseUser.Active == 0)
{
return(BadRequest("The account you are trying to login into seems to be deactivated. Please contact the webshop administrator to resolve this problem."));
}
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
byte[] key = Encoding.ASCII.GetBytes(_appSettings.Secret);
// Obtain the users' role name
string roleName = daoManager.RoleDao.Find(databaseUser.RoleId).Name;
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
// Store user id as claim
new Claim(ClaimTypes.Sid, databaseUser.Id.ToString()),
// Store user role as claim
new Claim(ClaimTypes.Role, roleName)
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),
SecurityAlgorithms.HmacSha256Signature)
};
SecurityToken token = tokenHandler.CreateToken(tokenDescriptor);
string tokenString = tokenHandler.WriteToken(token);
// return basic user info (without password, id, etc...) and token to store client side
object user = new
{
firstName = databaseUser.Firstname,
lastName = databaseUser.Lastname,
mailAddress = databaseUser.MailAddress,
token = tokenString,
role = roleName
};
return(Ok(user));
}
catch (MySqlException ex)
{
return(LogError(ex));
}
}
public bool IsHashMatchesPlainText([NotNull] string hash, [NotNull] string plainText)
{
try {
return(BCryptHelper.CheckPassword(plainText, hash));
}
catch (BCrypt.SaltParseException) {
return(BCryptHelper.CheckPassword(hash, plainText));
}
}
public bool CheckPassword(string input)
{
if (password == null)
{
return(false);
}
return(BCryptHelper.CheckPassword(input, this.password));
}
private bool VerifyPasswordAnswer(BsonDocument user, string passwordAnswer)
{
if (PasswordFormat == MembershipPasswordFormat.Hashed)
{
return(BCryptHelper.CheckPassword(passwordAnswer, user["PasswordAnswer"].AsString));
}
return(user["PasswordAnswer"].AsString == EncodePassword(passwordAnswer, PasswordFormat, user["Salt"].AsString));
}
public async Task <KeyValuePair <bool, AuthenticatedUser> > AuthenticateHidrogenian(AuthenticationVM auth)
{
_logger.LogInformation("AuthenticationService.AuthenticateHidrogenian - Service starts.");
Hidrogenian hidrogenian;
string role;
try {
hidrogenian = await _dbContext.Hidrogenian.FirstOrDefaultAsync(
h => (auth.Email != null ? h.Email == auth.Email
: h.UserName.ToLower() == auth.UserName
) &&
h.EmailConfirmed &&
h.RecoveryToken == null &&
h.TokenSetOn == null
);
role = await(from rc in _dbContext.RoleClaimer
join r in _dbContext.HidroRole
on rc.RoleId equals r.Id
where rc.HidrogenianId == hidrogenian.Id
select r.RoleName).FirstOrDefaultAsync();
} catch (Exception e) {
_logger.LogError("AuthenticationService.AuthenticateHidrogenian - Error: " + e);
return(new KeyValuePair <bool, AuthenticatedUser>(false, null));
}
if (!BCryptHelper.CheckPassword(auth.Password, hidrogenian.PasswordHash))
{
return(new KeyValuePair <bool, AuthenticatedUser>(true, null));
}
var unixTimeStamp = ((DateTimeOffset)DateTime.UtcNow).ToUnixTimeSeconds();
var authToken = GenerateHashedPasswordAndSalt(hidrogenian.Id + hidrogenian.Email + unixTimeStamp);
var profile = await _dbContext.HidroProfile.FirstOrDefaultAsync(p => p.HidrogenianId == hidrogenian.Id);
var expirationTime = ((DateTimeOffset)DateTime.UtcNow.AddSeconds(
auth.TrustedAuth ? HidroConstants.TRUSTED_AUTH_EXPIRATION_TIME : HidroConstants.INTRUSTED_AUTH_EXPIRATION_TIME
)).ToUnixTimeSeconds();
var avatar = profile.ProcessAvatarInfo();
var authUser = new AuthenticatedUser {
UserId = hidrogenian.Id,
Role = role,
AuthToken = authToken.Key,
Email = hidrogenian.Email,
UserName = hidrogenian.UserName,
FullName = profile.GivenName + ' ' + profile.FamilyName,
Avatar = avatar?.Name,
ExpirationTime = expirationTime
};
return(new KeyValuePair <bool, AuthenticatedUser>(true, authUser));
}
private async Task <bool> VerifyUserLogin(string username, string password)
{
using (var session = _store.OpenAsyncSession())
{
var user = await session.Query <AppUser>()
.FirstOrDefaultAsync(u => u.Username == username);
return(BCryptHelper.CheckPassword(password, user.PasswordHash));
}
}
/// <summary>
/// Returns true if the passed clear text password matches
/// the passed keyword hash.
/// </summary>
/// <param name="pw">Clear text password</param>
/// <param name="hash">Keyword hash</param>
/// <returns>Match success state</returns>
public static bool CompareStringToHash(string pw, string hash)
{
try
{
return(BCryptHelper.CheckPassword(pw, hash));
} catch (Exception)
{
return(false);
}
}
public void HashPassword_should_hash_unhashed_password()
{
var user = new User()
{
Password = "******"
};
user.HashPassword();
Assert.IsTrue(BCryptHelper.CheckPassword("password", user.Password));
}
public async Task <ActionResult> Login(LoginViewModel model)
{
var getEmail = _userRepository.GetByEmail(model.Email);
if (getEmail == null)
{
return(BadRequest("Email Wrong!"));
}
else
{
var check = BCryptHelper.CheckPassword(model.Password, getEmail.Password);
if (check == false)
{
return(BadRequest("Wrong Password!"));;
}
else
{
// get role from user login
using (var connection = new SqlConnection(_configuration.GetConnectionString("MyConnection")))
{
var procName = "SP_GetRole";
parameters.Add("@email", model.Email);
IEnumerable <LoginViewModel> data = connection.Query <LoginViewModel>(procName, parameters, commandType: CommandType.StoredProcedure);
foreach (LoginViewModel users in data)
{
model.RoleName = users.RoleName;
}
}
// create jwt
var claims = new[] {
new Claim("Email", model.Email),
new Claim("RoleName", model.RoleName),
new Claim("User_Id", getEmail.Id.ToString())
};
var signinKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_configuration["Jwt:SigningKey"]));
int expiryInMinutes = Convert.ToInt32(_configuration["Jwt:ExpiryInMinutes"]);
var token = new JwtSecurityToken(
issuer: _configuration["Jwt:Site"],
audience: _configuration["Jwt:Site"],
claims,
expires: DateTime.UtcNow.AddDays(3),
signingCredentials: new SigningCredentials(signinKey, SecurityAlgorithms.HmacSha256)
);
return(Ok(new JwtSecurityTokenHandler().WriteToken(token)));
}
}
}
public User Login(string username, string password)
{
foreach (User u in users)
{
if (u.Username == username && BCryptHelper.CheckPassword(password, u.Password))
{
return(new User(u));
}
}
return(null);
}
public bool VerifyUserLoginDetails(string userName, string password)
{
if (DoesUserExist(userName))
{
var user = _civMoneyContext.Users.Where(users => users.UserName == userName).SingleOrDefault();
return(BCryptHelper.CheckPassword(password, user.PasswordHash));
}
return(false);
}
public Task <bool> CheckHashAsync(string clearText, string hash)
{
try
{
return(Task.Run(() => BCryptHelper.CheckPassword(clearText, hash)));
}
catch (ArgumentException)
{
return(Task.FromResult(false));
}
}
public void TestVerifyPasswordSuccess()
{
Trace.Write("BCrypt.Verify w/ good passwords: ");
for (var i = 0; i < _testVectors.Length / 3; i++)
{
var plain = _testVectors[i, 0];
var expected = _testVectors[i, 2];
Assert.True(BCryptHelper.CheckPassword(plain, expected));
Trace.Write(".");
}
Trace.WriteLine("");
}
public void TestVerifyPasswordWithDifferentRevisionsSuccess()
{
Trace.Write("BCrypt.Verify with good passwords from revisions a, x and y: ");
for (var i = 0; i < _differentRevisionTestVectors.Length / 3; i++)
{
var plain = _differentRevisionTestVectors[i, 0];
var expected = _differentRevisionTestVectors[i, 2];
Assert.True(BCryptHelper.CheckPassword(plain, expected));
Trace.Write(".");
}
Trace.WriteLine("");
}
