public void Correct_Password_Wrong_Encoding_Should_Not_Match(HashingAlgo hashingAlgo)
{
var originalHashConfig = new HashingConfig
{
GenratePerPasswordSalt = true,
GlobalSalt = null,
SaltedPasswordFormat = SaltedPasswordFormat,
HashingAlgo = hashingAlgo,
PasswordHashEncodingType = EncodingType.Hex
};
var mismatchedHashConfig = new HashingConfig
{
GenratePerPasswordSalt = true,
GlobalSalt = null,
SaltedPasswordFormat = SaltedPasswordFormat,
HashingAlgo = hashingAlgo,
PasswordHashEncodingType = EncodingType.Base64
};
var passwordHashing = new PasswordHashing();
var hash = passwordHashing.GetHash(CorrectPassword, originalHashConfig);
var match = passwordHashing.CheckPassword(hash, mismatchedHashConfig, CorrectPassword);
Assert.False(match);
}
private void btnChangePass_Click(object sender, EventArgs e)
{
try
{
var passDb = DBC.ExecuteQuery("SELECT \"password\" FROM \"APPUSER\" WHERE " +
$"username = '******';").Rows[0][0].ToString();
if (PasswordHashing.CheckPassword(txtActual.Text, passDb))
{
if (!txtNewPass.Text.Equals(txtNewPass2.Text))
{
MessageBox.Show(@"Las contraseñas nuevas no coinciden",
@"Error", MessageBoxButtons.OK,
MessageBoxIcon.Error, MessageBoxDefaultButton.Button1,
MessageBoxOptions.DefaultDesktopOnly);
}
else
{
var hashedNew = PasswordHashing.CreateHash(txtNewPass.Text);
var command = $"UPDATE \"APPUSER\" SET \"password\" = '{hashedNew}'" +
$" WHERE username = '******';";
DBC.ExecuteNonQuery(command);
MessageBox.Show(@"Contraseña actualizada", @"Completado",
MessageBoxButtons.OK,
MessageBoxIcon.Information, MessageBoxDefaultButton.Button1,
MessageBoxOptions.DefaultDesktopOnly);
}
}
else
{
MessageBox.Show(@"Su contraseña actual no es correcta", @"Error",
MessageBoxButtons.OK,
MessageBoxIcon.Error, MessageBoxDefaultButton.Button1,
MessageBoxOptions.DefaultDesktopOnly);
}
}
catch (Exception exception)
{
MessageBox.Show(exception.Message, @"Error",
MessageBoxButtons.OK,
MessageBoxIcon.Error, MessageBoxDefaultButton.Button1,
MessageBoxOptions.DefaultDesktopOnly);
}
finally
{
txtActual.Text = "";
txtActual_Leave(null, EventArgs.Empty);
txtNewPass.Text = "";
txtNewPass_Leave(null, EventArgs.Empty);
txtNewPass2.Text = "";
txtNewPass2_Leave(null, EventArgs.Empty);
}
}
public void Wrong_Password_Should_Not_Match(HashingAlgo hashingAlgo)
{
var hashConfig = new HashingConfig
{
GenratePerPasswordSalt = false,
GlobalSalt = GlobalSalt,
SaltedPasswordFormat = SaltedPasswordFormat,
HashingAlgo = hashingAlgo,
PasswordHashEncodingType = EncodingType.Default
};
var passwordHashing = new PasswordHashing();
var hash = passwordHashing.GetHash(CorrectPassword, hashConfig);
var match = passwordHashing.CheckPassword(hash, hashConfig, "wrongPassword");
Assert.False(match);
}
public void Correct_Password_Should_Match(HashingAlgo hashingAlgo)
{
var hashConfig = new HashingConfig
{
GenratePerPasswordSalt = true,
GlobalSalt = null,
SaltedPasswordFormat = SaltedPasswordFormat,
HashingAlgo = hashingAlgo,
PasswordHashEncodingType = EncodingType.Default
};
var passwordHashing = new PasswordHashing();
var hash = passwordHashing.GetHash(CorrectPassword, hashConfig);
var match = passwordHashing.CheckPassword(hash, hashConfig, CorrectPassword);
Assert.True(match);
}
public void Correct_Hash_Values_Should_Match_CheckPassword(HashingAlgo hashingAlgo, string expectedHashBase64)
{
var hashConfig = new HashingConfig
{
GeneratePerPasswordSalt = false,
GlobalSalt = GlobalSalt,
SaltedPasswordFormat = SaltedPasswordFormat,
HashingAlgo = hashingAlgo,
PasswordHashEncodingType = EncodingType.Default
};
var passwordHashing = new PasswordHashing();
var expectedHash = System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(expectedHashBase64));
var match = passwordHashing.CheckPassword(expectedHash, hashConfig, CorrectPassword);
Assert.True(match);
}
public static User CheckLogIn(string username, string password)
{
var testUser = new User();
var query =
$"SELECT username, password, \"userType\", fullname FROM \"APPUSER\" WHERE username ='******'";
var dt = DBConnection.ExecuteQuery(query);
if (dt.Rows[0][0].ToString().Equals("") ||
!PasswordHashing.CheckPassword(password, dt.Rows[0][1].ToString()))
{
throw new InvalidCredentialsException("Usuario o contraseña inválidos.");
}
testUser.Username = username;
testUser.UserType = dt.Rows[0][2].ToString();
testUser.FullName = dt.Rows[0][3].ToString();
return(testUser);
}