public void PasswordHasher_Hash_Fails_WrongOwner() { var hasher = new PasswordHasher(11528); var owner1 = new LongPasswordOwner(1000); var owner2 = new LongPasswordOwner(1001); var salt = hasher.GenerateSalt(32); var password = hasher.GenerateSalt(32); var hash = hasher.Hash(password, salt, owner1.ToArray); // Do it a 2nd time with wrong owner and make sure they're not equal var hash2 = hasher.Hash(password, salt, owner2.ToArray); Assert.IsFalse(hash2.IsEqual(hash)); }
public UserMockRepository() { var hasher = new PasswordHasher(); hasher.GenerateSalt().HashPassword(hasher.Salt, "admin123"); var admin = new User(0, "TestAdmin", hasher.Salt, hasher.Hashed, true); hasher.GenerateSalt().HashPassword(hasher.Salt, "user123"); var user = new User(1, "TestUser", hasher.Salt, hasher.Hashed); List = new List <User> { admin, user }; }
public void PasswordHasher_Hash_Succeeds() { var hasher = new PasswordHasher(11528); var salt = hasher.GenerateSalt(32); var password = hasher.GenerateSalt(32); var hash = hasher.Hash(password, salt); Assert.IsNotNull(hash); Assert.IsFalse(hash.IsEqual(password)); // Do it a 2nd time and make sure they're equal var hash2 = hasher.Hash(password, salt); Assert.IsTrue(hash2.IsEqual(hash)); }
public long InsertUser(UserModel userModel) { userModel.Email = userModel.Email.ToLower(); var user = GetUserByEmail(userModel.Email); if (user != null) { return(-100); } var now = DateTime.Now; var salt = PasswordHasher.GenerateSalt(); var pwdHash = Convert.ToBase64String(PasswordHasher.ComputeHash(userModel.Password, salt)); userModel.CreationDate = now; userModel.ModificationDate = now; userModel.ValidationToken = Guid.NewGuid().ToString(); userModel.PasswordSalt = Convert.ToBase64String(salt); userModel.Password = pwdHash; var modelId = usersRepository.Insert(userModel); UnitOfWork.Commit(); return(modelId); }
public static bool UpdatePassword(string username, string oldPassword, string newPassword) { var repo = new UserRepository <UsersModel>(Db); var users = repo.GetAll(); var userToChange = users.FirstOrDefault(x => x.UserName == username); if (userToChange == null) { return(false); } var passwordMatch = PasswordHasher.VerifyPassword(oldPassword, userToChange.Salt, userToChange.Hash); if (!passwordMatch) { throw new SecurityException("Password does not match"); } var newSalt = PasswordHasher.GenerateSalt(); var newHash = PasswordHasher.ComputeHash(newPassword, newSalt); userToChange.Hash = newHash; userToChange.Salt = newSalt; return(repo.Update(userToChange)); }
public bool UpdatePassword(string username, string oldPassword, string newPassword) { var users = Repo.GetAll(); var userToChange = users.FirstOrDefault(x => x.UserName == username); if (userToChange == null) { return(false); } var passwordMatch = PasswordHasher.VerifyPassword(oldPassword, userToChange.Salt, userToChange.Hash); if (!passwordMatch) { throw new SecurityException("Incorrect password."); } var newSalt = PasswordHasher.GenerateSalt(); var newHash = PasswordHasher.ComputeHash(newPassword, newSalt); userToChange.Hash = newHash; userToChange.Salt = newSalt; return(Repo.Update(userToChange)); }
public async Task <bool> Add(Credential entity) { bool success; byte[] salt = PasswordHasher.GenerateSalt(); string hashedPass = PasswordHasher.HashPassword(entity.Password, salt); entity.Salt = salt; entity.Password = hashedPass; if (_credentialContext.Credentials.Any(p => p.CredentialId == entity.CredentialId) == false) { System.Diagnostics.Debug.WriteLine("record doesnt exist, adding credential..."); _credentialContext.Credentials.Add(entity); success = true; } else { System.Diagnostics.Debug.Write("record already exists, updating credential..."); Credential existingCredential = _credentialContext.Credentials.FirstOrDefault(p => p.CredentialId == entity.CredentialId); await this.Update(entity); success = false; } await _credentialContext.SaveChangesAsync(); _credentialContext.Entry(entity).State = EntityState.Detached; return(success); }
public async Task <ActionResult <User> > CreateUser(string username, string password, string name) { bool userExists = await UserExistsBasedOnEmail(username); if (!userExists) { string salt = PasswordHasher.GenerateSalt(32); string hashedPassword = PasswordHasher.HashPassword(password, salt); User user = new() { Name = name, Username = username, Password = hashedPassword, Salt = salt, }; _userRepo.AddUser(user); await _userRepo.SaveChangesAsync(); return(CreatedAtRoute("GetUser", new { id = user.UserId }, user)); } else { return(BadRequest()); } }
/// <summary> /// Добавить пользователя. /// </summary> /// <param name="userModel">Данные о пользователе</param> /// <returns>Идентификатор пользователя или -100, если пользователь уже существует</returns> public long InsertUser(UserModel userModel) { // Преобразуем адрес электронной почты к строчным буквам userModel.Email = userModel.Email.ToLower(); // Получаем данные о пользователе по адресу электронной почты var user = GetUserByEmail(userModel.Email); if (user != null) // Если пользователь найден { return(-100); // Возвращаем код -100 } var now = DateTime.Now; // Берём текущуие дату и время var salt = PasswordHasher.GenerateSalt(); // Генерируем модификатор пароля // Вычисляем хэш-код пароля var pwdHash = Convert.ToBase64String(PasswordHasher.ComputeHash(userModel.Password, salt)); userModel.CreationDate = now; // Задаём дату и время создания userModel.ModificationDate = now; // Задаём дату и время изменения // генерируем жетон проверки пользователя userModel.ValidationToken = Guid.NewGuid().ToString(); // Преобразуем модификатор пароля в текстовый вид userModel.PasswordSalt = Convert.ToBase64String(salt); // Устанавливаем хэш пароля userModel.Password = pwdHash; // Добавляем пользователя в хранилище пользователей var modelId = usersRepository.Insert(userModel); // Подтверждаем Единицу работы UnitOfWork.Commit(); // Возвращаем идентификатор созданного пользователя return(modelId); }
/// <summary> /// Given a plain password and a hash strategy, calculate the salt and hash /// </summary> public SecuredPassword(string plainPassword, HashStrategyKind hashStrategy) { if (string.IsNullOrWhiteSpace(plainPassword)) { throw new ArgumentNullException(plainPassword); } SetHashStrategy(hashStrategy); switch (hashStrategy) { case HashStrategyKind.Pbkdf25009Iterations: case HashStrategyKind.Pbkdf28000Iterations: using (var deriveBytes = new Rfc2898DeriveBytes(plainPassword, _saltSize, (int)HashingParameter)) { Salt = deriveBytes.Salt; Hash = deriveBytes.GetBytes(_saltSize); } break; case HashStrategyKind.Argon248KWorkCost: var argon2Hasher = new PasswordHasher(memoryCost: HashingParameter); Salt = PasswordHasher.GenerateSalt(256); Hash = Encoding.ASCII.GetBytes(argon2Hasher.Hash(Encoding.ASCII.GetBytes(plainPassword), Salt)); break; } IsValid = true; }
public static AccountModel ToAccountModel(this RegisterFormViewModel ViewModel) { AccountModel Model = new AccountModel(); Model = Mapper.Map <RegisterFormViewModel, AccountModel>(ViewModel); Model.Salt = PasswordHasher.GenerateSalt(); Model.Password = PasswordHasher.ComputeHash(ViewModel.Password, Model.Salt); return(Model); }
public Doctor(string name, string specialty, string username, string password) { this.Name = name; this.Specialty = specialty; this.Username = username; this.Salt = PasswordHasher.GenerateSalt(); this.Password = PasswordHasher.GenerateHash(password + this.Salt); this.Visitations = new List <Visitation>(); }
private async void RegisterMethod() { string errors = null; if (IsValid(ValidatesProperties, out errors)) { Errors = errors; var salt = PasswordHasher.GenerateSalt(); var hashedPassword = PasswordHasher.ComputeHash(Password, salt); if (Password != ConfirmPassword) { Errors += "Password and Confirm password fields must match.\r\n"; return; } if (!_database.Users.Any(u => u.Login == Login)) { var user = _database.Users.Add(new User { Login = Login, Password = Convert.ToBase64String(hashedPassword), Salt = Convert.ToBase64String(salt), Name = FirstName, Surname = LastName, Birthday = DateTime.Parse(Birthday), PositionId = Position.Id, IsActive = true }); await _database.SaveChangesAsync(); user.UserRoles.Add(new UserRole { RoleId = Constants.UserRole, UserId = user.Id }); await _database.SaveChangesAsync(); GoToLoginPageMethod(); } else { Errors += "User with same login is already exists.\r\n"; } } else { Errors = errors; } Errors = Errors?.Trim(); }
/// <summary> /// Saves the entity. /// </summary> /// <param name="entity">The entity.</param> public override void SaveEntity(User entity) { if (entity.IsNew || string.IsNullOrEmpty(entity.Password) || !entity.Password.IsBase64()) { AssertSpecification(entity, new UserHasValidPasswordSpec()); entity.Salt = PasswordHasher.GenerateSalt(); entity.Password = PasswordHasher.ComputeHash(entity.Password, entity.Salt); } base.SaveEntity(entity); }
public void TestHash() { var password = "******"; var salt = PasswordHasher.GenerateSalt(); var hash = PasswordHasher.ComputeHash(password, salt); Assert.That(hash, Is.Not.EqualTo(password)); var match = PasswordHasher.VerifyPassword(password, salt, hash); Assert.That(match, Is.True); }
private async void RegisterMethod() { string errors = null; if (IsValid(ValidatesProperties, out errors)) { Errors = errors; var salt = PasswordHasher.GenerateSalt(); var password = RandomStringGenerator.GenerateRandomString(20, false); var hashedPassword = PasswordHasher.ComputeHash(password, salt); if (!_database.Users.Any(u => u.Login == Login)) { var user = _database.Users.Add(new User { Login = Login, Password = Convert.ToBase64String(hashedPassword), Salt = Convert.ToBase64String(salt), Name = FirstName, Surname = LastName, Birthday = DateTime.Parse(Birthday), PositionId = Position.Id, IsInitial = true, DefaultPassword = password, IsActive = true }); await _database.SaveChangesAsync(); user.UserRoles.Add(new UserRole { RoleId = Role.Id, UserId = user.Id }); await _database.SaveChangesAsync(); } else { Errors = "User with same login is already exists.\r\n"; } await GetUsersMethod(); _eventAggregator.GetEvent <UpdateUserEvent>().Publish(); } else { Errors = errors; } Errors = Errors?.Trim(); }
public async Task <User> RegisterAsync(User user, string password) { byte[] salt = PasswordHasher.GenerateSalt(); var passwordSalt = Convert.ToBase64String(salt); var hashPassword = Convert.ToBase64String(PasswordHasher.HashPasswordWithSalt(Encoding.UTF8.GetBytes(password), salt)); user.PasswordSalt = passwordSalt; user.PasswordHash = hashPassword; repositoryWrapper.User.CreateUser(user); await repositoryWrapper.Complete(); return(user); }
public void Different_salt_produces_different_hash() { var salt1 = PasswordHasher.GenerateSalt(); var salt2 = PasswordHasher.GenerateSalt(); using (var sha256 = new SHA256CryptoServiceProvider()) { var passwordHasher = new PasswordHasher(sha256); string hash1 = passwordHasher.ComputeHash("foobar", salt1); string hash2 = passwordHasher.ComputeHash("foobar", salt2); Assert.AreNotEqual(hash1, hash2); } }
public void TestHashPassword() { var password = "******"; var orgHasher = new PasswordHasher(); var salt = orgHasher.GenerateSalt().Salt; var orgResult = orgHasher.HashPassword(salt, password).Hashed; var newHasher = new PasswordHasher(); var newResult = newHasher.HashPassword(salt, password).Hashed; Assert.Equal(orgResult, newResult); }
public async Task Update(Credential entity) { byte[] salt = PasswordHasher.GenerateSalt(); string hashedPass = PasswordHasher.HashPassword(entity.Password, salt); entity.Salt = salt; entity.Password = hashedPass; Credential dbEntity = await _credentialContext.FindAsync <Credential>(entity.CredentialId); _credentialContext.Entry(dbEntity).CurrentValues.SetValues(entity); await _credentialContext.SaveChangesAsync(); System.Diagnostics.Debug.Write("Updated credentials..."); }
public static Encrypted For(string PlainText) { var encrypted = new Encrypted(); try { encrypted.Salt = PasswordHasher.GenerateSalt(); encrypted.Hash = PasswordHasher.ComputeHash(PlainText, encrypted.Salt); } catch (Exception ex) { throw new EncryptedInvalidException(PlainText, ex); } return(encrypted); }
public ActionResult Create(AppUser user) { if (this.Authorizer.IsLogedIn(this.Session, this.Request) && this.ModelState.IsValid) { string salt = PasswordHasher.GenerateSalt(20); string hash = PasswordHasher.Hash(user.NewPassword, salt); DBEditor editor = new DBEditor() { FirstName = user.FirstName, MiddleName = user.MiddleName, LastName = user.LastName, Username = user.NewUsername, UTCRegisteredOn = DateTime.UtcNow, PasswordHash = hash, PasswordSalt = salt }; new DBEditorRepository(this.DatabaseContext).Add(editor, true); return(RedirectToAction("Index")); } return(RedirectToAction("Index", "Login")); }
public static bool CreateUser(string Username, string Password, string RoleName) { byte[] generatedSalt = PasswordHasher.GenerateSalt(); byte[] hashedPassword = PasswordHasher.ComputeHash(Password, generatedSalt); using (var db = new LiteDatabase(@"Mineski.db")) { var accounts = db.GetCollection <Account>("accounts"); var accountData = new Account { Username = Username, Password = hashedPassword, Salt = generatedSalt, RoleName = RoleName }; accounts.Insert(accountData); } return(true); }
public Guid?CreateUser(string username, string password, UserProperties properties = null) { var salt = PasswordHasher.GenerateSalt(); var userModel = new UsersModel { UserName = username, UserGuid = Guid.NewGuid().ToString(), Salt = salt, Hash = PasswordHasher.ComputeHash(password, salt), Claims = new byte[] { 0 }, UserProperties = ByteConverterHelper.ReturnBytes(properties ?? new UserProperties()), }; Repo.Insert(userModel); var userRecord = Repo.Get(userModel.UserGuid); return(new Guid(userRecord.UserGuid)); }
public async Task <IActionResult> AddUser([FromBody] UserToCreateDto userToCreteDto) { if (!ModelState.IsValid) { return(BadRequest()); } using (var session = _store.OpenAsyncSession()) { var user = await session.Query <User>() .Where(u => u.Email.Equals(userToCreteDto.Email, StringComparison.OrdinalIgnoreCase)) .FirstOrDefaultAsync(); if (user != null) { return(BadRequest(new { error = "The email is already in use." })); } var dbUser = _mapper.Map <User>(userToCreteDto); dbUser.Color = await GetColor(); var temporaryPassword = RandomPasswordGenerator.GeneratePassword(15); var salt = Convert.ToBase64String(PasswordHasher.GenerateSalt()); var hashedPassword = PasswordHasher.HashPassword(temporaryPassword, Convert.FromBase64String(salt)); dbUser.Salt = salt; dbUser.TemporaryPassword = hashedPassword; await session.StoreAsync(dbUser); await session.SaveChangesAsync(); string username = FormatUsername(dbUser.Email); string message = $"<b>Dear {dbUser.FirstName}</b></br><p>You're receiving this message because your Scheduler Account has been created.</p><p>Your <b>username</b>: {username}</p><p>Your <b>first-time login password</b>: {temporaryPassword}</p><p>Follow the link below to change your password and log in to Scheduler application:</p><p><a href={_dataServiceConfiguration.ClientUrl}>Login</a></p><p>Best</p><p>Scheduler Team</p>"; _schedulerMailer.SendMail("Scheduler-Notifications", dbUser.Email, "Scheduler Account", message, _dataServiceConfiguration.MailBoxPassword); var userToReturn = _mapper.Map <PostCreationUserToReturnDto>(dbUser); return(CreatedAtRoute("GetUser", new { userId = dbUser.Id }, userToReturn)); } }
public async Task <User> Register(User user) { if (_context.Users.FirstOrDefault(x => (x.Email == user.Email)) != null) { throw new ArgumentException("User already exists"); } byte[] hashedPasswordSalt = PasswordHasher.HashPassword(user.Password, PasswordHasher.GenerateSalt()); user.Password = Convert.ToBase64String(hashedPasswordSalt); UserProfile userProfile = new UserProfile { User = user, UserId = user.Id }; _context.Users.Add(user); _context.UserProfiles.Add(userProfile); await _context.SaveChangesAsync(); return(user); }
private Guid?CreateUser(string username, string password, string[] claims = default(string[])) { var salt = PasswordHasher.GenerateSalt(); var userModel = new UsersModel { UserName = username, UserGuid = Guid.NewGuid().ToString(), Salt = salt, Hash = PasswordHasher.ComputeHash(password, salt), Claims = ByteConverterHelper.ReturnBytes(claims), UserProperties = ByteConverterHelper.ReturnBytes(new UserProperties()) }; Repo.Insert(userModel); var userRecord = Repo.Get(userModel.UserGuid); return(new Guid(userRecord.UserGuid)); }
// RegisterUser <username> <password> <repeat-password> <email> public override string Execute(string[] data, PhotoShareContext context) { string username = data[0]; string password = data[1]; string repeatPassword = data[2]; string email = data[3]; if (context.Users.Any(u => u.Username == username)) { throw new InvalidOperationException($"Username {username} is already taken!"); } if (!password.Any(char.IsLower) || !password.Any(char.IsDigit)) { throw new ArgumentException($"Value {password} not valid. Password must include a lower letter and a digit.{Environment.NewLine}Invalid Password"); } if (password != repeatPassword) { throw new ArgumentException("Passwords do not match!"); } string salt = PasswordHasher.GenerateSalt(); User currentUser = new User { Username = username, Salt = salt, Password = PasswordHasher.GenerateHash(password + salt), Email = email, IsDeleted = false, RegisteredOn = DateTime.Now }; context.Users.Add(currentUser); context.SaveChanges(); return($"User {currentUser.Username} was registered successfully!"); }
public async Task SeedDataAsync() { if (await repositoryWrapper.User.VerifyAsync() == "00") { var userData = System.IO.File.ReadAllText(configuration["Seed:PATH"]); var userDataCollection = JsonConvert.DeserializeObject <List <User> >(userData); foreach (var user in userDataCollection) { byte[] salt = PasswordHasher.GenerateSalt(); var passwordSalt = Convert.ToBase64String(salt); var hashPassword = Convert.ToBase64String(PasswordHasher.HashPasswordWithSalt(Encoding.UTF8.GetBytes("password"), salt)); user.Username = user.Username.ToLowerInvariant(); user.PasswordSalt = passwordSalt; user.PasswordHash = hashPassword; repositoryWrapper.User.CreateUser(user); await repositoryWrapper.Complete(); } } }
public static bool UpdateUser(Int32 Id, string Username, string Password, string RoleName) { using (var db = new LiteDatabase(@"Mineski.db")) { // Get customer collection var collection = db.GetCollection <Account>("accounts"); var accountUpdate = collection.FindById(Id); if (Password != null) { byte[] generatedSalt = PasswordHasher.GenerateSalt(); byte[] hashedPassword = PasswordHasher.ComputeHash(Password, generatedSalt); accountUpdate.Password = hashedPassword; accountUpdate.Salt = generatedSalt; } accountUpdate.Username = Username; accountUpdate.RoleName = RoleName; collection.Update(accountUpdate); } return(true); }