public void CreateSaltKey_ReturnOthersSaltWithSpecificSize()
{
var size = 32;
var salt1 = _encryptionService.CreateSaltKey(size);
var salt2 = _encryptionService.CreateSaltKey(size);
Assert.AreNotEqual(salt1, salt2);
Assert.IsTrue(Convert.FromBase64String(salt1).Length.Equals(size));
Assert.IsTrue(Convert.FromBase64String(salt2).Length.Equals(size));
}
public ActionResult Create(AppUserViewModel model)
{
List <string> errors = new List <string>();
try
{
if (ModelState.IsValid)
{
if (model.Id == 0)
{
var dbModel = AutomapperConfig.Mapper.Map <AppUser>(model);
EncryptionService encsvc = new EncryptionService();
dbModel.Salt = encsvc.CreateSaltKey(10);
dbModel.Password = encsvc.CreatePasswordHash(model.Password, dbModel.Salt);
dbModel.IsActive = true;
dbModel.UserRoles.Add(new UserRole {
RoleId = model.RoleId
});
model.Id = db.AppUserRepo.Create(dbModel);
}
else
{
var oldmodel = db.AppUserRepo.GetById(model.Id);
if (oldmodel == null)
{
Response.StatusCode = (int)HttpStatusCode.OK;
return(Json(new { redirecturl = "/error/badrequest" }));
}
var role = db.UserRoleRepo.Table().Where(x => x.UserId == model.Id);
db.UserRoleRepo.DeleteRange(role);
var dbModel = AutomapperConfig.Mapper.Map <AppUser>(model);
EncryptionService encsvc = new EncryptionService();
oldmodel.UserName = model.UserName;
oldmodel.Password = encsvc.CreatePasswordHash(model.Password, dbModel.Salt);
oldmodel.EmployeeId = model.EmployeeId;
oldmodel.Photo = model.Photo;
oldmodel.UserRoles.Add(new UserRole {
RoleId = model.RoleId
});
oldmodel.IsActive = model.IsActive;
}
db.SaveChanges();
Response.StatusCode = (int)HttpStatusCode.OK;
TempData["Success"] = "User Successfully Saved";
return(RedirectToAction("Index"));
}
foreach (var item in ModelState.Where(x => x.Value.Errors.Any()))
{
errors.Add(item.Value.Errors.FirstOrDefault().ErrorMessage);
}
}
catch (Exception ex)
{
errors.Add(ex.GetExceptionMessages());
}
Response.StatusCode = (int)HttpStatusCode.SeeOther;
return(View(model));
}
/// <summary>
/// 修改密码
/// </summary>
/// <param name="phone">手机号码</param>
/// <param name="password">新密码</param>
/// <param name="returnCode">返回码对象</param>
/// <returns>user对象,根据codeMessage是否为空判断系统是否出错</returns>
public Return ChangePassword(string phone, string password)
{
var resultReturn = new Return();
var userInfo = GetUserByPhone(phone);
//该手机号码还没注册
if (userInfo == null)
{
resultReturn.ReturnCode.Code = 1996;
return(resultReturn);
}
var salt = EncryptionService.CreateSaltKey(6);
var saltPassword = EncryptionService.CreatePasswordHash(password, salt);
userInfo.Password = password;
userInfo.SaltPassword = saltPassword;
userInfo.Salt = salt;
db.Entry <User>(userInfo).State = EntityState.Modified;
db.SaveChanges();
resultReturn.Content = userInfo;
return(resultReturn);
}
/// <summary>
/// 修改密码
/// </summary>
/// <param name="customerId">用户ID</param>
/// <param name="password">新密码</param>
/// <returns></returns>
public Return ChangePassword(string customerId, string password)
{
var resultReturn = new Return();
var customerInfo = GetByCustomerId(customerId);
//该手机号码还没注册
if (customerInfo == null)
{
resultReturn.ReturnCode.Code = 1996;
return(resultReturn);
}
var salt = EncryptionService.CreateSaltKey(6);
var saltPassword = EncryptionService.CreatePasswordHash(password, salt);
customerInfo.Password = password;
customerInfo.SaltPassword = saltPassword;
customerInfo.Salt = salt;
_db.Entry <Customer>(customerInfo).State = EntityState.Modified;
_db.SaveChanges();
resultReturn.Content = customerInfo;
return(resultReturn);
}
public void TestSetup()
{
_securSettings = new SecuritySettings {
EncryptionKey = "A9C7A8FA-BD16-445B-82BC-37730E683B10"
};
_encryptionService = new EncryptionService(_securSettings);
_salt = _encryptionService.CreateSaltKey(16);
_dBcontext = new OpenFrameworkCoreContext();
}
public async Task <IActionResult> Register(User user)
{
EncryptionService service = new EncryptionService();
var saltkey = service.CreateSaltKey(EncryptionService.PasswordSaltKeySize);
user.PasswordSalt = saltkey;
user.Password = service.CreatePasswordHash(user.Password, saltkey, EncryptionService.DefaultHashedPasswordFormat);
await RegisterUser(user);
return(View());
}
private void HashDefaultCustomerPassword(string defaultUserEmail, string defaultUserPassword)
{
var encryptionService = new EncryptionService(new SecuritySettings());
var saltKey = encryptionService.CreateSaltKey(5);
var adminUser = _ctx.Set <Customer>().FirstOrDefault(x => x.Email == _config.DefaultUserName);
adminUser.PasswordSalt = saltKey;
adminUser.PasswordFormat = PasswordFormat.Hashed;
adminUser.Password = encryptionService.CreatePasswordHash(defaultUserPassword, saltKey, new CustomerSettings().HashedPasswordFormat);
_ctx.SaveChanges();
}
private void HashDefaultUserPassword(string defaultUserEmail, string defaultUserPassword)
{
var adminUser = _ctx.Set <User>().Where(x => x.Email == _config.DefaultUserName).Single();
var encryptionService = new EncryptionService(new SecuritySettings());
string saltKey = encryptionService.CreateSaltKey(5);
adminUser.PasswordSalt = saltKey;
adminUser.PasswordFormat = PasswordFormat.Hashed;
adminUser.Password = encryptionService.CreatePasswordHash(defaultUserPassword, saltKey, new UserSettings().HashedPasswordFormat);
SetModified(adminUser);
_ctx.SaveChanges();
}
/// <summary>
/// 用户注册(根据UserId补充信息)
/// </summary>
/// <param name="userId">用户ID</param>
/// <param name="phone">手机号码</param>
/// <param name="password">登录密码</param>
/// <param name="returnCode">返回码对象</param>
/// <returns>user对象,根据codeMessage是否为空判断系统是否出错</returns>
public Return Register(string userId, string phone, string password)
{
var resultReturn = new Return();
var userInfo = GetUserByUserId(userId);
var salt = EncryptionService.CreateSaltKey(6);
var saltPassword = EncryptionService.CreatePasswordHash(password, salt);
userInfo.Phone = phone;
userInfo.Password = password;
userInfo.Salt = salt;
userInfo.SaltPassword = saltPassword;
userInfo.RegisterTime = DateTime.Now;
db.Entry <User>(userInfo).State = EntityState.Modified;
db.SaveChanges();
resultReturn.Content = userInfo;
return(resultReturn);
}
/// <summary>
/// 用户注册(根据CustomerId补充信息)
/// </summary>
/// <param name="customerId">用户ID</param>
/// <param name="phone">手机号码</param>
/// <param name="password">登录密码</param>
/// <returns></returns>
public Return Register(string customerId, string phone, string password)
{
var resultReturn = new Return();
var customerInfo = GetByCustomerId(customerId);
var salt = EncryptionService.CreateSaltKey(6);
var saltPassword = EncryptionService.CreatePasswordHash(password, salt);
customerInfo.Phone = phone;
customerInfo.Password = password;
customerInfo.Salt = salt;
customerInfo.SaltPassword = saltPassword;
customerInfo.RegisterTime = DateTime.Now;
_db.Entry <Customer>(customerInfo).State = EntityState.Modified;
_db.SaveChanges();
resultReturn.Content = customerInfo;
return(resultReturn);
}
public Guid CreateCustomer(User customer)
{
var securSettings = new SecuritySettings();
var encryptionService = new EncryptionService(securSettings);
var salt = encryptionService.CreateSaltKey();
customer.Salt = salt;
customer.Password = encryptionService.CreatePasswordHash(customer.Password, salt);
customer.PasswordFormat = 1; //"SHA1"
customer.CreatedOn = DateTime.UtcNow;
customer.CreatedBy = customer.CreatedBy == Guid.Empty
? new Guid(Constants.SystemAccountGuid)
: customer.CreatedBy;
using (var scope = new TransactionScope()) {
using (var coreUow = new MemberUnitOfWork()) {
coreUow.CreateMember(customer);
coreUow.Save();
scope.Complete();
return(customer.UserGuid);
}
}
}
public new void SetUp()
{
_customerSettings = new CustomerSettings
{
UnduplicatedPasswordsNumber = 1,
HashedPasswordFormat = "SHA512"
};
_securitySettings = new SecuritySettings
{
EncryptionKey = "273ece6f97dd844d"
};
_rewardPointsSettings = new RewardPointsSettings
{
Enabled = false
};
_encryptionService = new EncryptionService(_securitySettings);
_customerRepo = new Mock <IRepository <Customer> >();
var customer1 = new Customer
{
Id = 1,
Username = "******",
Email = "*****@*****.**",
Active = true
};
AddCustomerToRegisteredRole(customer1);
var customer2 = new Customer
{
Id = 2,
Username = "******",
Email = "*****@*****.**",
Active = true
};
AddCustomerToRegisteredRole(customer2);
var customer3 = new Customer
{
Id = 3,
Username = "******",
Email = "*****@*****.**",
Active = true
};
AddCustomerToRegisteredRole(customer3);
var customer4 = new Customer
{
Id = 4,
Username = "******",
Email = "*****@*****.**",
Active = true
};
AddCustomerToRegisteredRole(customer4);
var customer5 = new Customer
{
Id = 5,
Username = "******",
Email = "*****@*****.**",
Active = true
};
_customerRepo.Setup(x => x.Table).Returns(new List <Customer> {
customer1, customer2, customer3, customer4, customer5
}.AsQueryable());
_customerPasswordRepo = new Mock <IRepository <CustomerPassword> >();
var saltKey = _encryptionService.CreateSaltKey(5);
var password = _encryptionService.CreatePasswordHash("password", saltKey, "SHA512");
var password1 = new CustomerPassword
{
CustomerId = customer1.Id,
PasswordFormat = PasswordFormat.Hashed,
PasswordSalt = saltKey,
Password = password,
CreatedOnUtc = DateTime.UtcNow
};
var password2 = new CustomerPassword
{
CustomerId = customer2.Id,
PasswordFormat = PasswordFormat.Clear,
Password = "******",
CreatedOnUtc = DateTime.UtcNow
};
var password3 = new CustomerPassword
{
CustomerId = customer3.Id,
PasswordFormat = PasswordFormat.Encrypted,
Password = _encryptionService.EncryptText("password"),
CreatedOnUtc = DateTime.UtcNow
};
var password4 = new CustomerPassword
{
CustomerId = customer4.Id,
PasswordFormat = PasswordFormat.Clear,
Password = "******",
CreatedOnUtc = DateTime.UtcNow
};
var password5 = new CustomerPassword
{
CustomerId = customer5.Id,
PasswordFormat = PasswordFormat.Clear,
Password = "******",
CreatedOnUtc = DateTime.UtcNow
};
_customerPasswordRepo.Setup(x => x.Table).Returns(new[] { password1, password2, password3, password4, password5 }.AsQueryable());
_eventPublisher = new Mock <IEventPublisher>();
_eventPublisher.Setup(x => x.Publish(It.IsAny <object>()));
_storeService = new Mock <IStoreService>();
_customerRoleRepo = new Mock <IRepository <CustomerRole> >();
_genericAttributeRepo = new Mock <IRepository <GenericAttribute> >();
_shoppingCartRepo = new Mock <IRepository <ShoppingCartItem> >();
_genericAttributeService = new Mock <IGenericAttributeService>();
_newsLetterSubscriptionService = new Mock <INewsLetterSubscriptionService>();
_rewardPointService = new Mock <IRewardPointService>();
_localizationService = new Mock <ILocalizationService>();
_workContext = new Mock <IWorkContext>();
_workflowMessageService = new Mock <IWorkflowMessageService>();
_customerCustomerRoleMappingRepo = new Mock <IRepository <CustomerCustomerRoleMapping> >();
_customerService = new CustomerService(new CustomerSettings(),
new TestCacheManager(),
null,
null,
_eventPublisher.Object,
_genericAttributeService.Object,
_customerRepo.Object,
_customerCustomerRoleMappingRepo.Object,
_customerPasswordRepo.Object,
_customerRoleRepo.Object,
_genericAttributeRepo.Object,
_shoppingCartRepo.Object,
new TestCacheManager(),
null);
_customerRegistrationService = new CustomerRegistrationService(_customerSettings,
_customerService,
_encryptionService,
_eventPublisher.Object,
_genericAttributeService.Object,
_localizationService.Object,
_newsLetterSubscriptionService.Object,
_rewardPointService.Object,
_storeService.Object,
_workContext.Object,
_workflowMessageService.Object,
_rewardPointsSettings);
}
public UserViewModel SaveUser(UserViewModel model)
{
exceptionService.Execute((m) =>
{
if (!InternetConnectionIsAvailable)
{
model.AddModelError(x => x.Email, "Message.NoInternetConnection", "Internet connection is not available, please try again later.");
}
if (model.HasError)
{
return;
}
var duplicateUserName = userRepository.Table.Any(x => x.UserId != model.UserId && x.Username == model.Username);
if (duplicateUserName)
{
model.AddModelError(x => x.Username, "Message.Duplicate", string.Format("{0} already exists, please use another.", model.GetDisplayName(x => x.Username)));
}
if (model.HasError)
{
return;
}
if (!model.Validate())
{
return;
}
var entity = new User();
if (model.UserId > 0)
{
entity = userRepository.GetById(model.UserId);
userRepository.Update(entity);
var employee = employeeRepository.GetById(model.EmployeeId);
if (employee != null)
{
employee.UserId = model.UserId;
employeeRepository.Update(employee);
}
var savedUser = employeeRepository.GetById(model.EmployeeId).User;
if (savedUser != null)
{
var savedRoles = savedUser.UserRoles;
if (savedRoles != null)
{
userRoleRepository.DeleteRange(savedRoles);
}
}
if (employee != null && model.Roles != null && model.Roles.Any() && savedUser != null)
{
var roles = model.Roles.Select(x => x.Value);
foreach (var r in roles)
{
userRoleRepository.Insert(new UserRole {
UserId = employee.UserId.Value, RoleId = r, RoleGrantedFrom = DateTime.Now
});
}
}
}
else
{
var encServ = new EncryptionService();
var generatedPassword = encServ.RandomString(5);
model.IsActive = true;
model.Salt = encServ.CreateSaltKey(10);
model.Password = encServ.CreatePasswordHash(generatedPassword, model.Salt);
entity = AutomapperConfig.Mapper.Map <User>(model);
userRepository.Insert(entity);
model.UserId = entity.UserId;
var employee = employeeRepository.GetById(model.EmployeeId);
if (employee != null)
{
employee.UserId = model.UserId;
employeeRepository.Update(employee);
}
if (employee != null && model.Roles != null && model.Roles.Any())
{
var roles = model.Roles.Select(x => x.Value);
foreach (var r in roles)
{
userRoleRepository.Insert(new UserRole {
UserId = employee.UserId.Value, RoleId = r, RoleGrantedFrom = DateTime.Now
});
}
}
if (employee != null && employee.Email != null)
{
var template = notificationService.EmailTemplate(NTAEnum.eEmailTemplateType.UserCreated);
var subject = template.Subject;
var body = template.TemplateBody.Replace("{EmployeeName}", employee.Name)
.Replace("{UserName}", model.Username)
.Replace("{Password}", generatedPassword);
var messageBody = body;
ServiceModel sm = notificationService.SendEmail(employee.Email, null, null, subject, messageBody, null, true, true);
}
}
if (model.UserId == 0)
{
model.Message = localizationService.GetLocalizedText("Message.RecordSavedSuccessfully", IMSAppConfig.Instance.CurrentLanguage, "Record saved succeeded.");
}
else
{
model.Message = localizationService.GetLocalizedText("Message.RecordUpdatedSuccessfully", IMSAppConfig.Instance.CurrentLanguage, "Record update succeeded.");
}
}, model);
return(model);
}
public new void SetUp()
{
_userSettings = new UserSettings
{
UnduplicatedPasswordsNumber = 1,
HashedPasswordFormat = "SHA512",
};
_securitySettings = new SecuritySettings
{
EncryptionKey = "273ece6f97dd844d"
};
_encryptionService = new EncryptionService(_securitySettings);
#region User Setup
_userRepository = new Mock <IRepository <User> >();
var user1 = new User
{
Id = 1,
Username = "******",
Email = "*****@*****.**",
Active = true
};
AddUserToRegisteredRole(user1);
var user2 = new User
{
Id = 2,
Username = "******",
Email = "*****@*****.**",
Active = true
};
AddUserToRegisteredRole(user2);
var user3 = new User
{
Id = 3,
Username = "******",
Email = "*****@*****.**",
Active = true
};
AddUserToRegisteredRole(user3);
var user4 = new User
{
Id = 4,
Username = "******",
Email = "*****@*****.**",
Active = true
};
AddUserToRegisteredRole(user4);
var user5 = new User
{
Id = 5,
Username = "******",
Email = "*****@*****.**",
Active = true
};
var mockUsers = new List <User> {
user1, user2, user3, user4, user5
}.AsQueryable().BuildMockDbSet();
_userRepository.Setup(x => x.Table).Returns(mockUsers.Object);
#endregion
#region UserPassword Setup
_userPasswordRepository = new Mock <IRepository <UserPassword> >();
var saltKey = _encryptionService.CreateSaltKey(5);
var password = _encryptionService.CreatePasswordHash("password", saltKey, "SHA512");
var password1 = new UserPassword
{
UserId = user1.Id,
PasswordFormat = PasswordFormat.Hashed,
PasswordSalt = saltKey,
Password = password,
CreatedOnUtc = DateTime.UtcNow
};
var password2 = new UserPassword
{
UserId = user2.Id,
PasswordFormat = PasswordFormat.Clear,
Password = "******",
CreatedOnUtc = DateTime.UtcNow
};
var password3 = new UserPassword
{
UserId = user3.Id,
PasswordFormat = PasswordFormat.Encrypted,
Password = _encryptionService.EncryptText("password"),
CreatedOnUtc = DateTime.UtcNow
};
var password4 = new UserPassword
{
UserId = user4.Id,
PasswordFormat = PasswordFormat.Clear,
Password = "******",
CreatedOnUtc = DateTime.UtcNow
};
var password5 = new UserPassword
{
UserId = user5.Id,
PasswordFormat = PasswordFormat.Clear,
Password = "******",
CreatedOnUtc = DateTime.UtcNow
};
var mockUserPasswords = new[] { password1, password2, password3, password4, password5 }
.AsQueryable().BuildMockDbSet();
_userPasswordRepository.Setup(x => x.Table).Returns(mockUserPasswords.Object);
#endregion
_roleRepository = new Mock <IRepository <Role> >();
_userRoleRepository = new Mock <IRepository <UserRole> >();
_genericAttributeRepository = new Mock <IRepository <GenericAttribute> >();
_genericAttributeService = new Mock <IGenericAttributeService>();
_workContext = new Mock <IWorkContext>();
_eventPublisherService = new Mock <IEventPublisher>();
_userService = new UserService(
new UserSettings(),
new NullCache(),
null,
null,
_eventPublisherService.Object,
_genericAttributeService.Object,
_userRepository.Object,
_roleRepository.Object,
_userRoleRepository.Object,
_userPasswordRepository.Object,
_genericAttributeRepository.Object,
null);
_userRegistrationService = new UserRegistrationService(_userSettings, _userService, _encryptionService);
}
public CustomerRegistrationServiceTests()
{
#region customers
var customer1 = new Customer
{
Id = 1,
Username = "******",
Email = "*****@*****.**",
Active = true
};
var customer2 = new Customer
{
Id = 2,
Username = "******",
Email = "*****@*****.**",
Active = true
};
var customer3 = new Customer
{
Id = 3,
Username = "******",
Email = "*****@*****.**",
Active = true
};
var customer4 = new Customer
{
Id = 4,
Username = "******",
Email = "*****@*****.**",
Active = true
};
#endregion
#region passwords
_securitySettings = new SecuritySettings
{
EncryptionKey = "273ece6f97dd844d"
};
_encryptionService = new EncryptionService(_securitySettings);
var saltKey = _encryptionService.CreateSaltKey(5);
var password = _encryptionService.CreatePasswordHash("password", saltKey, "SHA512");
var password1 = new CustomerPassword
{
CustomerId = customer1.Id,
PasswordFormat = PasswordFormat.Hashed,
PasswordSalt = saltKey,
Password = password,
CreatedOnUtc = DateTime.UtcNow
};
var password2 = new CustomerPassword
{
CustomerId = customer2.Id,
PasswordFormat = PasswordFormat.Clear,
Password = "******",
CreatedOnUtc = DateTime.UtcNow
};
var password3 = new CustomerPassword
{
CustomerId = customer3.Id,
PasswordFormat = PasswordFormat.Encrypted,
Password = _encryptionService.EncryptText("password"),
CreatedOnUtc = DateTime.UtcNow
};
var password4 = new CustomerPassword
{
CustomerId = customer4.Id,
PasswordFormat = PasswordFormat.Clear,
Password = "******",
CreatedOnUtc = DateTime.UtcNow
};
#endregion
_customerRoleRepo = _fakeDataStore.RegRepository(new[]
{
new CustomerRole
{
Id = 1,
Active = true,
IsSystemRole = true,
SystemName = NopCustomerDefaults.RegisteredRoleName
}
});
_customerRepo = _fakeDataStore.RegRepository(new[] { customer1, customer2, customer3, customer4 });
_customerPasswordRepo = _fakeDataStore.RegRepository(new[] { password1, password2, password3, password4 });
_customerCustomerRoleMappingRepository = _fakeDataStore.RegRepository <CustomerCustomerRoleMapping>();
_customerService = new FakeCustomerService(
customerCustomerRoleMappingRepository: _customerCustomerRoleMappingRepository,
customerRepository: _customerRepo,
customerPasswordRepository: _customerPasswordRepo,
customerRoleRepository: _customerRoleRepo);
//AddCustomerToRegisteredRole(customer1);
//AddCustomerToRegisteredRole(customer2);
//AddCustomerToRegisteredRole(customer3);
//AddCustomerToRegisteredRole(customer4);
_rewardPointsSettings = new RewardPointsSettings
{
Enabled = false
};
_customerSettings = new CustomerSettings
{
UnduplicatedPasswordsNumber = 1,
HashedPasswordFormat = "SHA512"
};
_storeService = new Mock <IStoreService>();
_genericAttributeService = new Mock <IGenericAttributeService>();
_newsLetterSubscriptionService = new Mock <INewsLetterSubscriptionService>();
_rewardPointService = new Mock <IRewardPointService>();
_localizationService = new Mock <ILocalizationService>();
_workContext = new Mock <IWorkContext>();
_workflowMessageService = new Mock <IWorkflowMessageService>();
_eventPublisher = new Mock <IEventPublisher>();
_eventPublisher.Setup(x => x.Publish(It.IsAny <object>()));
_customerRegistrationService = new CustomerRegistrationService(_customerSettings,
_customerService,
_encryptionService,
_eventPublisher.Object,
_genericAttributeService.Object,
_localizationService.Object,
_newsLetterSubscriptionService.Object,
_rewardPointService.Object,
_storeService.Object,
_workContext.Object,
_workflowMessageService.Object,
_rewardPointsSettings);
}
