public void Hash_Restore(string plaintText)
{
var config = Storage.CreateConfiguration();
var hashManager = new HashManager(config);
var initialHashing = hashManager.Hash(plaintText);
var sameWithSalt = hashManager.Hash(plaintText, initialHashing.HexSalt);
Assert.Equal(initialHashing.HexHash, sameWithSalt.HexHash);
}
public void Hash_MustBeDifferent(string plainText)
{
var config = Storage.CreateConfiguration();
var hashManager = new HashManager(config);
var resultOne = hashManager.Hash(plainText);
var resultTwo = hashManager.Hash(plainText);
Assert.NotEqual(resultTwo.HexHash, resultOne.HexHash);
Assert.NotEqual(resultTwo.HexSalt, resultOne.HexSalt);
}
public void Hash_MustFail(string plainText, string salt)
{
var config = Storage.CreateConfiguration();
var hashManager = new HashManager(config);
Assert.Throws <ArgumentException>(() => hashManager.Hash(plainText, salt));
}
public void Hash_SaltInvalid(string salt)
{
var config = Storage.CreateConfiguration();
var hashManager = new HashManager(config);
Assert.Throws <ArgumentException>(() => hashManager.Hash("text", salt));
}
public void Hash_Valid(string plainText)
{
var config = Storage.CreateConfiguration();
var hashManager = new HashManager(config);
var result = hashManager.Hash(plainText);
Assert.NotNull(result);
Assert.NotNull(result.HexHash);
Assert.NotNull(result.HexSalt);
}
public int ValidateUser(string account, string password, out Hashtable ht)
{
ht = new Hashtable();
if (string.IsNullOrEmpty(account))
{
throw new ArgumentNullException("account");
}
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException("password");
}
string encrypted_pwd = HashManager.Hash(password, HashProviderType.MD5);
UserInfo user = MSSqlMapper.Instance().QueryForObject <UserInfo>("User.User.SelectUserByAccount", account);
if (user == null)
{
//用户不存在
return(-1);
}
if (user.Status == -1)
{
//用户被停用
return(-2);
}
if (user.Password == encrypted_pwd)
{
//插入登录日志
Hashtable ht_temp = new Hashtable();
ht_temp.Add("UserID", user.ID);
ht_temp.Add("SessionID", Component.SessionManager.SessionID);
ht_temp.Add("LoginIP", Component.SessionManager.CurrentIP);
MSSqlMapper.Instance().Insert("User.User.InsertLoginLog", ht_temp);
//返回数据
ht.Add("UserID", user.ID);
ht.Add("UserName", user.Name);
ht.Add("unit_id", user.unit_id);
return(1);
}
else
{
//密码不正确
return(-3);
}
}
public HttpResponseMessage AddUser(AddUserRequest request)
{
if (request == null)
{
return(new HttpResponseMessage(HttpStatusCode.UnsupportedMediaType));
}
var user = _requestMapper.Map(request);
user.Hash = _hashManager.Hash(request.Password);
_userRepository.SaveUser(user);
var role = _userRepository.GetDefaultRole();
_userRepository.SaveUserRole(new UserRole
{
User = user,
Role = role
});
return(new HttpResponseMessage(HttpStatusCode.OK));
}
/// <summary>
/// Create a new user
/// </summary>
/// <param name="user">Api model object</param>
/// <param name="userCreated">ID of current user</param>
/// <returns></returns>
public USER Create(User user, int userCreated = 0)
{
var newDbUser = new USER();
newDbUser.FirstName = user.FirstName;
newDbUser.LastName = user.LastName;
newDbUser.GROUP_ID = user.GROUP_ID;
newDbUser.Phone = user.Phone;
newDbUser.Skype = user.Skype;
newDbUser.Email = user.Email;
newDbUser.Username = user.Username;
if (userCreated != 0)
{
newDbUser.CreatedBy = userCreated;
}
newDbUser.CreatedAt = DateTime.Now;
//hash the user password
newDbUser.Hash = _hashManager.Hash(user.Password);
db.USERs.Add(newDbUser);
db.SaveChanges();
try
{
var calendars = new GoogleCalendar();
var calendarId = calendars.AddCalendar(newDbUser.Email);
calendars.AddPeopleToAcl(email: newDbUser.Email, id: calendarId, false);
newDbUser.CalendarId = calendarId;
db.SaveChanges();
}
catch
{
throw;
}
return(newDbUser);
}
protected void btnOK_Click(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(this.tbOldPwd.Text.Trim()))
{
this.InfoBox.ShowPopError("旧密码不能为空");
this.tbOldPwd.Focus();
return;
}
if (string.IsNullOrEmpty(this.tbNewPwd.Text.Trim()))
{
this.InfoBox.ShowPopError("新密码不能为空");
this.tbNewPwd.Focus();
return;
}
if (this.tbNewPwd.Text.Trim() != this.tbNewPwd2.Text.Trim())
{
this.InfoBox.ShowPopError("新密码两次输入不一致");
this.tbNewPwd2.Focus();
return;
}
if (!this.GetUserService().ValidateUserPassword(this.tbOldPwd.Text.Trim(), this.tbNewPwd.Text.Trim()))
{
this.InfoBox.ShowPopError("新密码无效");
this.tbNewPwd.Focus();
return;
}
string user_id = cPos.Admin.Component.SessionManager.CurrentLoggingSession.UserID;
string old_pwd = HashManager.Hash(this.tbOldPwd.Text.Trim(), HashProviderType.MD5);
string new_pwd = HashManager.Hash(this.tbNewPwd.Text.Trim(), HashProviderType.MD5);
int ret = this.GetUserService().ModifyUserPassword(user_id, old_pwd, new_pwd);
switch (ret)
{
case 1:
this.InfoBox.ShowPopError("用户不存在");
this.tbOldPwd.Focus();
break;
case 2:
this.InfoBox.ShowPopError("用户被停用");
this.tbOldPwd.Focus();
break;
case 3:
this.InfoBox.ShowPopError("旧密码不正确");
this.tbOldPwd.Focus();
break;
case 4:
this.Redirect("修改成功", InfoType.Info, "../common/empty.aspx");
break;
case 5:
this.InfoBox.ShowPopError("修改失败");
this.tbNewPwd.Focus();
break;
default:
break;
}
}
public HttpResponseMessage ValidateCode([FromBody] ResetPasswordApiModel apiModel)
{
var response = new HttpResponseMessage();
ResponseFormat responseData = new ResponseFormat();
if (apiModel == null)
{
response.StatusCode = HttpStatusCode.BadRequest;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.INVALID_KEY;
}
else
{
//validate the key sent
if (string.IsNullOrEmpty(apiModel.key) || string.IsNullOrEmpty(apiModel.newPassword))
{
response.StatusCode = HttpStatusCode.BadRequest;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.INVALID_KEY;
}
else
{
var payload = JwtTokenManager.ValidateJwtToken(apiModel.key);
if (payload.ContainsKey("error"))
{
if ((string)payload["error"] == ErrorMessages.TOKEN_EXPIRED)
{
response.StatusCode = HttpStatusCode.Unauthorized;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.TOKEN_EXPIRED;
}
if ((string)payload["error"] == ErrorMessages.TOKEN_INVALID)
{
response.StatusCode = HttpStatusCode.Unauthorized;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.TOKEN_INVALID;
}
}
else
{
//decode key for field "validationCode" and "email"
var userEmail = Convert.ToString(payload["email"]);
var userCode = Convert.ToString(payload["validationCode"]);
//find user with email, if validation code is the same, hash password and save it to db
var dbUser = db.USERs.Where(c => c.Email == userEmail).FirstOrDefault();
if (dbUser != null)
{
if (dbUser.RememberMeToken == userCode)
{
//hash user password
dbUser.Hash = _hashManager.Hash(apiModel.newPassword);
db.SaveChanges();
response.StatusCode = HttpStatusCode.OK;
responseData = ResponseFormat.Success;
responseData.message = SuccessMessages.PASSWORD_RESET;
}
else
{
response.StatusCode = HttpStatusCode.Unauthorized;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.INVALID_KEY;
}
}
else
{
response.StatusCode = HttpStatusCode.NotFound;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.USER_NOT_FOUND;
}
}
}
}
var json = JsonConvert.SerializeObject(responseData);
response.Content = new StringContent(json, Encoding.UTF8, "application/json");
return(response);
}