Exemplo n.º 1
0
        public void GenerateNewCredentials(ApiCredentialsPart part)
        {
            // we use base64 to prevent possible encoding issues on transmission
            var key = Convert.ToBase64String(
                Encoding.UTF8.GetBytes(BearerTokenHelpers.RandomString(24)),
                Base64FormattingOptions.None);

            // test that we haven't used this already. It's random but better safe than sorry.
            while (GetPartByKey(key) != null)
            {
                key = Convert.ToBase64String(
                    Encoding.UTF8.GetBytes(BearerTokenHelpers.RandomString(24)),
                    Base64FormattingOptions.None);
            }
            part.ApiKey = key;
            // encryption and hashing of the secret
            var secret = Convert.ToBase64String(
                Encoding.UTF8.GetBytes(BearerTokenHelpers.RandomString()),
                Base64FormattingOptions.None);

            // save an encrypted secret so we can display it to authorized users
            part.ApiSecret = Convert.ToBase64String(
                _encryptionService.Encode(
                    Encoding.UTF8.GetBytes(secret)));
            // save an hashed secret for validation when signing in
            part.HashAlgorithm = BearerTokenHelpers.PBKDF2;
            BearerTokenHelpers.SetSecretHashed(part, secret);

            part.CreatedUtc = _clock.UtcNow;
        }
Exemplo n.º 2
0
        public bool ValidateSignIn(ApiCredentialsPart part)
        {
            if (part == null)
            {
                return(false);
            }
            var user = part.As <UserPart>();

            if (user == null)
            {
                return(false);
            }

            if (user.EmailStatus != UserStatus.Approved)
            {
                return(false);
            }

            if (user.RegistrationStatus != UserStatus.Approved)
            {
                return(false);
            }

            return(true);
        }
Exemplo n.º 3
0
        private bool TestSecret(ApiCredentialsPart userApi, string secret)
        {
            var valid = BearerTokenHelpers.TestSecret(userApi, secret);

            // TODO: migrate secrets hashed with "old" algorithms
            // This will have to happen here whenever we change the default hash algorithm
            // See how the similar thing is done in Orchard.Users

            return(valid);
        }
Exemplo n.º 4
0
        public static void SetSecretHashed(ApiCredentialsPart credentialsPart, string secret)
        {
            var saltBytes = new byte[0x10];

            using (var random = new RNGCryptoServiceProvider()) {
                random.GetBytes(saltBytes);
            }

            credentialsPart.ApiSecretHash = ComputeHashBase64(credentialsPart.HashAlgorithm, saltBytes, secret);
            credentialsPart.SecretSalt    = Convert.ToBase64String(saltBytes);
        }
Exemplo n.º 5
0
 public string GetSecret(ApiCredentialsPart part)
 {
     if (string.IsNullOrWhiteSpace(part.ApiSecret))
     {
         return(part.ApiSecret);
     }
     // decryption
     return(Encoding.UTF8.GetString(
                _encryptionService.Decode(
                    Convert.FromBase64String(part.ApiSecret))));
 }
Exemplo n.º 6
0
        public static bool TestSecret(ApiCredentialsPart userApi, string secret)
        {
            var saltBytes = Convert.FromBase64String(userApi.SecretSalt);

            bool isValid;

            if (userApi.HashAlgorithm == PBKDF2)
            {
                // We can't reuse ComputeHashBase64 as the internally generated salt repeated
                // calls to Crypto.HashPassword() return different results.
                isValid = Crypto.VerifyHashedPassword(
                    userApi.ApiSecretHash,
                    Encoding.Unicode.GetString(
                        CombineSaltAndSecret(saltBytes, secret)));
            }
            else
            {
                isValid = SecureStringEquality(
                    userApi.ApiSecretHash,
                    ComputeHashBase64(userApi.HashAlgorithm, saltBytes, secret));
            }

            return(isValid);
        }
Exemplo n.º 7
0
 public ApiCredentialsPartViewModel(ApiCredentialsPart part)
 {
     Part = part;
 }