private void btnConfirmTutor_Click(object sender, RoutedEventArgs e)
{
// General input handling
Dictionary <String, String> inputValues = new Dictionary <string, string>();
inputValues.Add("Social security number", tbxSsn.Text);
inputValues.Add("First name", tbxFirstName.Text);
inputValues.Add("Last Name", tbxLastName.Text);
inputValues.Add("Email", tbxEmail.Text);
inputValues.Add("Password", tbxRePassword.Password);
String message;
if (!InputHandler.IsFieldsFilledOut(out message, inputValues))
{
tvm.Status = message;
}
else if (!tbxPassword.Password.Equals(tbxRePassword.Password))
{
tvm.Status = "Passwords does not match!";
}
else
{
String hashedPassword = PasswordUtility.HashPassword(tbxPassword.Password);
tvm.AddTutor(tbxSsn.Text, tbxFirstName.Text, tbxLastName.Text, tbxEmail.Text, hashedPassword);
((Panel)this.Parent).Children.Remove(this);
}
}
public void InsertUser()
{
var userRepo = new UsersRepo();
const string user = "";
const string password = "";
const string email = "";
var hash = PasswordUtility.HashPassword(password);
var userObject = new User
{
UserName = user,
Email = email,
PasswordHash = hash,
IsTempPassword = false,
LockoutEnabled = false,
LockoutEndDate = DateTime.MaxValue,
AccessFailCount = 0,
CreatedBy = "",
ModifiedBy = "",
CreatedDate = DateTime.Now,
ModifiedDate = DateTime.Now
};
var result = userRepo.InsertUser(userObject);
Assert.IsFalse(string.IsNullOrEmpty(result.UserId));
}
public async Task <IActionResult> ChangePassword(string password, string newPassword, string confirmPassword)
{
if (string.IsNullOrEmpty(password) ||
string.IsNullOrEmpty(newPassword) ||
newPassword.Length < 8 ||
newPassword != confirmPassword)
{
ModelState.AddModelError("Message", "Invalid Password");
return(View());
}
UserBasicData basicData = new UserBasicData();
if (await basicData.FromDBAsync(UserId) == false)
{
ModelState.AddModelError("Message", "Invalid Session");
return(View());
}
if (PasswordUtility.VerifyPassword(password, basicData.Password) == false)
{
ModelState.AddModelError("Message", "Invalid Password");
return(View());
}
var query = new DBQuery_User_Update_Password();
query.IN.UserId = UserId;
query.IN.Password = PasswordUtility.HashPassword(newPassword);
await DBThread.Instance.ReqQueryAsync(query);
return(RedirectToAction("Index", "Dashboard"));
}
public async Task <string> LoginWatchAsync(Account account)
{
string token = string.Empty;
Account entity = await _dbContext.Accounts.SingleOrDefaultAsync(acc => acc.Username == account.Username);
if (entity != null)
{
byte[] passHash = PasswordUtility.HashPassword(account.Password, entity.PasswordSalt);
if (Enumerable.SequenceEqual(entity.PasswordHash, passHash))
{
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetValue <string>("JwtSecretKey")));
var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);
var claims = new List <Claim>();
claims.Add(new Claim("uid", entity.AccountID.ToString()));
var tokenOptions = new JwtSecurityToken(
issuer: _config.GetValue <string>("ServerAdress"),
claims: claims,
expires: DateTime.Now.AddYears(1),
signingCredentials: signinCredentials
);
token = new JwtSecurityTokenHandler().WriteToken(tokenOptions);
}
}
return(token);
}
public async Task <string> RegisterAsync(Account account)
{
string response = string.Empty;
if (await _dbContext.Accounts.AnyAsync(a => a.Email == account.Email))
{
response = "Email is already in use";
}
else
{
if (await _dbContext.Accounts.AnyAsync(a => a.Username == account.Username))
{
response = "Username is already in use";
}
else
{
account.Created = DateTime.UtcNow;
byte[] salt = PasswordUtility.GenerateSalt();
account.PasswordSalt = salt;
account.PasswordHash = PasswordUtility.HashPassword(account.Password, account.PasswordSalt);
await _dbContext.Accounts.AddAsync(account);
await _dbContext.SaveChangesAsync();
}
}
return(response);
}
public async Task <IActionResult> Join([FromBody] RequestUserJoinModel model)
{
// check format
if (model.Username.IsValidUsername() == false)
{
return(Responsed(ErrorCode.InvalidUserName));
}
if (model.EMail.IsValidEmailAddress() == false)
{
return(Responsed(ErrorCode.InvalidEMail));
}
// check account
AccountBasicData basicData = new AccountBasicData();
if (await basicData.FromDBByUserNameAsync(model.Username))
{
return(Responsed(ErrorCode.ExistUserName));
}
if (await basicData.FromDBByEmailAsync(model.EMail))
{
return(Responsed(ErrorCode.ExistEMail));
}
// check verify code
ErrorCode emailVerifyResult = CheckEMailVerifyCode(model.EMail, model.VerifyCode, false);
if (emailVerifyResult != ErrorCode.Success)
{
return(Responsed(emailVerifyResult));
}
// insert database
DBQuery_Account_Insert query = new DBQuery_Account_Insert();
basicData = query.IN.BasicData;
basicData.AccountDBKey = DBKeyGenerator.NewAccountDBKey;
basicData.EMail = model.EMail;
basicData.CreateTime = DateTime.UtcNow;
basicData.Username = model.Username;
basicData.Password = PasswordUtility.HashPassword(model.Password);
if (await DBThread.Instance.ReqQueryAsync(query) == false)
{
return(Responsed(ErrorCode.DatabaseError));
}
// response
ResponseUserJoinModel responseData = new ResponseUserJoinModel();
responseData.EMail = model.EMail;
responseData.CreateTime = basicData.CreateTime;
responseData.Username = model.Username;
return(Success(responseData));
}
public void VerifyPasswordTest()
{
string password = "******";
string salt = PasswordUtility.GenerateSalt(password.Length);
string hashPassword = PasswordUtility.HashPassword(PasswordUtility.SaltPassword(password, salt));
Assert.That(PasswordUtility.VerifyPassword(hashPassword, password, salt), Is.True);
Assert.That(PasswordUtility.VerifyPassword(hashPassword, "notmypassword", salt), Is.False);
}
public void HashPassword()
{
var originalPassword = "******";
var hash = PasswordUtility.HashPassword(originalPassword);
Assert.IsTrue(PasswordUtility.VerifyHashedPassword(originalPassword, hash));
var badHash = new StringBuilder(hash);
badHash[8] = 'A';
Assert.IsFalse(PasswordUtility.VerifyHashedPassword(originalPassword, badHash.ToString()));
}
public void VerifyHashTest()
{
const string password = "******";
var hash = PasswordUtility.HashPassword(password);
var hashVerify = PasswordUtility.VerfiyHash(hash, password);
Assert.IsTrue(hashVerify);
var badPassword = PasswordUtility.VerfiyHash(hash, "Fake123");
Assert.IsFalse(badPassword);
}
public static IQueryable<Identity> FilterByEmailAndPassword(this IQueryable<Identity> query, string email, string password)
{
var passwordUtility = new PasswordUtility();
// Get the hashed version of the password
var hashedPassword = passwordUtility.HashPassword (password);
var result =
(from identity in query
where identity.Email == email
where identity.Password == hashedPassword
select identity);
return result;
}
public async Task <IActionResult> Join([FromBody] UserModels.Join.Request request)
{
// check format
if (request.EMail.IsValidEmailAddress() == false)
{
return(APIResponse(ErrorCode.InvalidEMail));
}
// check account
UserBasicData basicData = new UserBasicData();
if (await basicData.FromDBByEmailAsync(request.EMail))
{
return(APIResponse(ErrorCode.ExistEMail));
}
// check verify code
ErrorCode emailVerifyResult = CheckEMailVerifyCode(request.EMail, request.VerifyCode, false);
if (emailVerifyResult != ErrorCode.Success)
{
return(APIResponse(emailVerifyResult));
}
// insert database
DBQuery_User_Insert query = new DBQuery_User_Insert();
basicData = query.IN.BasicData;
basicData.UserId = IDGenerator.NewUserId;
basicData.EMail = request.EMail;
basicData.CreateTime = DateTime.UtcNow;
basicData.Password = PasswordUtility.HashPassword(request.Password);
if (await DBThread.Instance.ReqQueryAsync(query) == false)
{
return(APIResponse(ErrorCode.DatabaseError));
}
// response
var response = new UserModels.Join.Response();
response.EMail = request.EMail;
response.CreateTime = basicData.CreateTime;
return(Success(response));
}
public async Task <IActionResult> ResetPassword([FromBody] UserModels.ResetPassword.Request request)
{
// check account
UserBasicData basicData = new UserBasicData();
if (await basicData.FromDBByEmailAsync(request.EMail) == false)
{
return(APIResponse(ErrorCode.InvalidEMail));
}
string newPassword = IDGenerator.NewVerifyCode;
basicData.Password = PasswordUtility.HashPassword(newPassword);
var query = new DBQuery_User_Update_Password();
query.IN.UserId = basicData.UserId;
query.IN.Password = basicData.Password;
if (await DBThread.Instance.ReqQueryAsync(query) == false)
{
return(APIResponse(ErrorCode.DatabaseError));
}
// 이메일 발송
StringBuilder msg = new StringBuilder(1024);
msg.AppendLine(string.Format($"Hello. {basicData.EMail.Split('@')[0]}"));
msg.AppendLine(string.Format($"Reseted your password."));
msg.AppendLine();
msg.AppendLine(string.Format($"Your temp password : {newPassword}"));
await WebServiceUtility.SendEMailAsync("[Hena Platform] Reseted your password.", msg.ToString(), false, request.EMail);
var response = new UserModels.ResetPassword.Response();
return(Success(response));
}
public async Task <IActionResult> ResetPassword([FromBody] RequestUserResetPasswordModel model)
{
// check account
AccountBasicData basicData = new AccountBasicData();
if (await basicData.FromDBByEmailAsync(model.EMail) == false)
{
return(Responsed(ErrorCode.InvalidEMail));
}
string newPassword = DBKeyGenerator.NewVerifyCode;
basicData.Password = PasswordUtility.HashPassword(newPassword);
var query = new DBQuery_Account_Update_Password();
query.IN.AccountDBKey = basicData.AccountDBKey;
query.IN.Password = basicData.Password;
if (await DBThread.Instance.ReqQueryAsync(query) == false)
{
return(Responsed(ErrorCode.DatabaseError));
}
// 이메일 발송
StringBuilder msg = new StringBuilder(1024);
msg.AppendLine(string.Format($"Hello. {basicData.Username}"));
msg.AppendLine(string.Format($"Reseted your password."));
msg.AppendLine();
msg.AppendLine(string.Format($"Your temp password : {newPassword}"));
await WebServiceUtility.SendEMailAsync("[Hena Platform] Reseted your password.", msg.ToString(), false, model.EMail);
return(Success());
}
public async Task ChangePassword(int accountID, string oldPass, string newPass)
{
Account entity = await _dbContext.Accounts.FindAsync(accountID);
if (entity is null)
{
throw new NoAccountFoundException();
}
byte[] passHash = PasswordUtility.HashPassword(oldPass, entity.PasswordSalt);
if (Enumerable.SequenceEqual(entity.PasswordHash, passHash))
{
entity.PasswordSalt = PasswordUtility.GenerateSalt();
entity.PasswordHash = PasswordUtility.HashPassword(newPass, entity.PasswordSalt);
await _dbContext.SaveChangesAsync();
}
else
{
throw new InvalidPasswordException();
}
}
public void SetUsernameAndPassword(string username, string password)
{
this.Properties._Username = username;
this.Properties._PasswordHash = PasswordUtility.HashPassword(password);
}