/// <summary>
/// Repeated logic from SetNewPassword.
///
/// Pass it a resetToken to destroy on success (if user is anonymous).
///
/// Returns null if everything is OK, and an ActionResult if an error occurred.
/// </summary>
private ActionResult ChangePasswordAndSendEmail(string password, string password2, string token, PasswordReset resetToken, User user, DateTime now)
{
string message;
if (!Password.CheckPassword(password, password2, user.Email, user.VanityProviderId, user.ProviderId, out message))
{
return(RecoverableError(message, new { token }));
}
user.ChangePassword(now, password);
if (resetToken != null)
{
Current.WriteDB.PasswordResets.DeleteOnSubmit(resetToken);
}
Current.WriteDB.SubmitChanges();
var account = SafeRedirect((Func <ActionResult>)(new UserController()).ViewUser);
if (!Current.Email.SendEmail(user.Email, Email.Template.PasswordChanged, new { AccountLink = Current.Url(account.Url).AsLink() }))
{
return(IrrecoverableError("An error occurred sending the email", "This has been recorded, and will be looked into shortly"));
}
return(null);
}
public bool IsValidUser(string email, string password)
{
UserModel user = _dbService.GetUserByEmail(email);
if (user == null)
{
return(false);
}
return(Password.CheckPassword(password, user.Salt, user.Password));
}
public void ValidPasswords()
{
string ignored;
Assert.IsTrue(Password.CheckPassword("Password1234-", "Password1234-", "*****@*****.**", "blah.so", null, out ignored));
Assert.IsTrue(Password.CheckPassword("!@#$asdF6-", "!@#$asdF6-", "*****@*****.**", "blah.so", null, out ignored));
Assert.IsTrue(Password.CheckPassword("Password1234", "Password1234", "*****@*****.**", "blah.so", null, out ignored));
Assert.IsTrue(Password.CheckPassword("-password1234", "-password1234", "*****@*****.**", "blah.so", null, out ignored));
Assert.IsTrue(Password.CheckPassword("-Password", "-Password", "*****@*****.**", "blah.so", null, out ignored));
}
public ActionResult SendEmailVerficationToken(string email, string password, string password2, string realname)
{
if (email.IsNullOrEmpty())
{
return(RecoverableError("Email is required", new { realname }));
}
if (!Models.User.IsValidEmail(ref email))
{
return(RecoverableError("Email is not valid", new { email, realname, password, password2 }));
}
// Check that the captcha succeeded
string error;
if (!Captcha.Verify(Request.Form, out error))
{
return(RecoverableError(error, new { email, realname }));
}
string message;
if (!Password.CheckPassword(password, password2, email, null, null, out message))
{
return(RecoverableError(message, new { email, realname }));
}
string token, authCode;
if (!PendingUser.CreatePendingUser(email, password, realname, out token, out authCode, out error))
{
return(RecoverableError(error, new { email, realname, password, password2 }));
}
var toComplete =
SafeRedirect(
(Func <string, string, string, string, ActionResult>)CompleteRegistration,
new
{
token,
email,
realname,
authCode
}
);
var completeLink = Current.Url(toComplete.Url);
if (!Current.Email.SendEmail(email, Email.Template.CompleteRegistration, new { RegistrationLink = completeLink.AsLink() }))
{
return(IrrecoverableError("An error occurred sending the email", "This has been recorded, and will be looked into shortly"));
}
return(SuccessEmail("Registration Email Sent to " + email, "Check your email for the link to complete your registration"));
}
public void CheckPassword_PasswordAndEncryptedPasswordShouldBeSame()
{
//Arrange
var password = "******";
var encryptedPassword = Password.EncryptPassword(password);
//Act
bool result = Password.CheckPassword(password, encryptedPassword);
//Assert
result.Should().BeTrue();
}
static void Main(string[] args)
{
Console.WriteLine(Password.CheckPassword("$Alphes"));
Console.WriteLine(Password.CheckPassword("@John123"));
Console.WriteLine(Password.CheckPassword("Sami&123"));
Console.WriteLine(Password.CheckPassword("Aum Chant"));
Console.WriteLine(Password.CheckPassword("abracaDabrabra"));
bool result = Password.CheckPassword("Smith");
Console.WriteLine(result);
}
public ActionResult CompleteTrustedPasswordRecovery(string email, string resetToken, string password)
{
if (!CurrentAffiliate.IsTrusted)
{
return(NotFound());
}
if (!Models.User.IsValidEmail(ref email))
{
return(ApiFailure("Invalid email [" + email + "]"));
}
var user = Models.User.FindUserByEmail(email);
if (user == null)
{
return(ApiFailure("No user found with email [" + email + "]", (int)HttpStatusCode.NotFound));
}
var hash = Current.WeakHash(resetToken);
var t = Current.WriteDB.PasswordResets.Where(p => p.TokenHash == hash).SingleOrDefault();
if (t == null)
{
return(ApiFailure("Could not find a pending password reset request."));
}
if (t.UserId != user.Id)
{
return(ApiFailure("Token user doesn't match email user"));
}
string errorMessage;
if (!Password.CheckPassword(password, password, email, user.VanityProviderId, user.ProviderId, out errorMessage))
{
return(ApiFailure(errorMessage));
}
user.ChangePassword(Current.Now, password, "via " + CurrentAffiliate.DisplayableHostFilter);
// Don't let that token be used twice.
Current.WriteDB.PasswordResets.DeleteOnSubmit(t);
Current.WriteDB.SubmitChanges();
return(ApiSuccess());
}
public void PasswordShouldHave1LowerCaseChar()
{
var input = "CACTUS";
bool expected = false;
bool actual = Password.CheckPassword(input);
bool test;
if (expected.Equals(actual))
{
test = true;
}
else
{
test = false;
}
Assert.IsTrue(test, "Password should contain one lower case character");
}
public void PasswordShouldHaveNoWhiteSpace()
{
var input = "alPhas ";
bool expected = false;
bool actual = Password.CheckPassword(input);
bool test;
if (expected.Equals(actual))
{
test = true;
}
else
{
test = false;
}
Assert.IsTrue(test, "Password string cannot have white space");
}
public void PasswordLengthShouldNotBeMoreThan12Chars()
{
var input = "passwordalpha";
bool expected = false;
bool actual = Password.CheckPassword(input);
bool test;
if (expected.Equals(actual))
{
test = true;
}
else
{
test = false;
}
Assert.IsTrue(test, "Length of the Password string cannot be more than 12 characters");
}
public void PasswordShouldHave1SpecialChar()
{
var input = "$Smithonian";
bool expected = true;
bool actual = Password.CheckPassword(input);
bool test;
if (expected.Equals(actual))
{
test = true;
}
else
{
test = false;
}
Assert.IsTrue(test, "Password Should have 1 Special character");
}
public void PasswordShouldNotHaveTwoSimilarCharactersConsecutively()
{
var input = "Tomorrow";
bool expected = false;
bool actual = Password.CheckPassword(input);
bool test;
if (expected.Equals(actual))
{
test = true;
}
else
{
test = false;
}
Assert.IsTrue(test, "Password string cannot have two similar characters consecutively");
}
public void InvalidPasswords()
{
string msg;
Assert.IsFalse(Password.CheckPassword("password", "Password", "*****@*****.**", "blah.so", null, out msg));
Assert.IsNotNull(msg);
Assert.IsFalse(Password.CheckPassword("Password", "Password", "*****@*****.**", "blah.so", null, out msg));
Assert.IsNotNull(msg);
Assert.IsFalse(Password.CheckPassword("password", "password", "*****@*****.**", "blah.so", null, out msg));
Assert.IsNotNull(msg);
Assert.IsFalse(Password.CheckPassword("12345678", "12345678", "*****@*****.**", "blah.so", null, out msg));
Assert.IsNotNull(msg);
Assert.IsFalse(Password.CheckPassword("Pass1234", "Pass1234", "*****@*****.**", "blah.so", null, out msg));
Assert.IsNotNull(msg);
Assert.IsFalse(Password.CheckPassword("1234!@#$", "1234!@#$", "*****@*****.**", "blah.so", null, out msg));
Assert.IsNotNull(msg);
Assert.IsFalse(Password.CheckPassword("pP1-", "pP1-", "*****@*****.**", "blah.so", null, out msg));
Assert.IsNotNull(msg);
Assert.IsFalse(Password.CheckPassword("pass!@#$", "pass!@#$", "*****@*****.**", "blah.so", null, out msg));
Assert.IsNotNull(msg);
Assert.IsFalse(Password.CheckPassword("PASS!@#$", "PASS!@#$", "*****@*****.**", "blah.so", null, out msg));
Assert.IsNotNull(msg);
Assert.IsFalse(Password.CheckPassword("*****@*****.**", "*****@*****.**", "*****@*****.**", "blah.so", null, out msg));
Assert.IsNotNull(msg);
Assert.IsFalse(Password.CheckPassword("eMail1234@", "eMail1234@", "*****@*****.**", "blah.so", null, out msg));
Assert.IsNotNull(msg);
Assert.IsFalse(Password.CheckPassword("Indeed.1234", "Indeed.1234", "*****@*****.**", "so.Indeed.1234.go", null, out msg));
Assert.IsNotNull(msg);
var guid = Guid.NewGuid();
Assert.IsFalse(Password.CheckPassword(guid.ToString(), guid.ToString(), "*****@*****.**", "hello", guid, out msg));
Assert.IsNotNull(msg);
}
public IActionResult ChangePassword([FromBody] ChangePasswordModel model)
{
try
{
var connectionString = _configuration.GetConnectionString("LaboratoryBookConnectionString");
var userIdstr = HttpContext
.User
.Claims
.First(claim => claim.Type == "UserId").Value;
var userId = int.Parse(userIdstr);
var checkOldPasswordResult = Password.CheckPassword(
connectionString,
userId,
model.oldPassword);
if (!checkOldPasswordResult.Item1)
{
return(BadRequest(new { message = checkOldPasswordResult.Item2 }));
}
var setNewPasswordResult = Password.SetNewPassword(
connectionString,
userId,
model.newPassword);
if (setNewPasswordResult)
{
return(Ok(new { message = "Password changed" }));
}
else
{
return(BadRequest(new { message = "Password was not changed" }));
}
}
catch (Exception exception)
{
return(StatusCode(
StatusCodes.Status500InternalServerError,
new { message = exception.Message }));
}
}
public async Task <AuthResult> LoginAsync(string email, string password)
{
var existUser = await Task.Run(() => userRepository.FindByEmail(email));
if (existUser == null)
{
return(new AuthResult
{
Errors = new[] { "No such user" }
});
}
if (Password.CheckPassword(password, existUser.Salt, existUser.Password))
{
var authClaims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, existUser.Name),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Email, existUser.Email)
};
var token = new JwtSecurityToken(
_authOptions.Issuer,
_authOptions.Audience,
expires: DateTime.Now.AddMinutes(_authOptions.ExpiresInMinutes),
claims: authClaims,
signingCredentials: new SigningCredentials(
new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_authOptions.Securekey)), SecurityAlgorithms.HmacSha256Signature)
);
return(new AuthResult
{
Success = true,
Token = new JwtSecurityTokenHandler().WriteToken(token)
});
}
return(new AuthResult
{
Errors = new[] { "Wrong password" }
});
}
private void loginButton_Click(object sender, EventArgs e)
{
if (usernameTextBox.Text == "" || passwordTextBox.Text == "")
{
MessageBox.Show("Username/Password cannot be empty.");
return;
}
user = Reusable.CheckUserModel(_myContext, usernameTextBox.Text);
if (user == null)
{
MessageBox.Show("Wrong username/password.");
return;
}
if (Password.CheckPassword(passwordTextBox.Text, user.Password))
{
MessageBox.Show("Successfully Logged in as " + user.UserName + "!");
DialogResult = DialogResult.OK;
}
else
{
MessageBox.Show("Wrong username/password.");
}
}
IServerAdmin IServerBase.GetServerAdmin(Password password)
{
Password serverPassword;
try
{
serverPassword = new Password(Config.Instance.GetIntegerList("Server.AdminPassword").ToArray());
}
catch(ArgumentOutOfRangeException)
{
serverPassword = new Password("");
}
if(!serverPassword.CheckPassword(password))
throw new BadServerPasswordException();
return admin;
}
public static async Task Login(HttpContext httpContext, LoginData loginData)
{
var captchaResponse = await Captcha.ValidateCaptcha(loginData.Captcha, httpContext.Connection.RemoteIpAddress.ToString());
if (!captchaResponse.Success)
{
await httpContext.Response.SendRequestErrorAsync(403, "Invalid captcha.", captchaResponse.ErrorMessage);
return;
}
await using var context = new DatabaseContext();
var account = await(from a in context.Accounts where a.Email.Equals(loginData.Email) select a).FirstOrDefaultAsync();
if (account == null)
{
await httpContext.Response.SendRequestErrorAsync(4, "There is no account registered with this email.");
return;
}
/*
* if (!account.Active) {
* await httpContext.Response.SendRequestErrorAsync(5, "You need to confirm your email before logging in.");
* return;
* }
*
* if (account.Banned) {
* var accountBan = await (from a in context.AccountBans where a.AccountId.Equals(account.Id) select a).FirstOrDefaultAsync();
* if (accountBan == null) {
* await httpContext.Response.SendRequestErrorAsync(6, "This account is banned but it was not possible to obtain the reason, this may be a failure, please contact support.");
* return;
* }
* await httpContext.Response.SendRequestErrorAsync(7, $"This account is banned. Ban ID: #{accountBan.Id}, Reason: {accountBan.Reason}", new {
* id = accountBan.Id.ToString(),
* reason = accountBan.Reason
* });
* return;
* }*/
if (await Password.CheckPassword(account.Password, loginData.Password))
{
try {
account.LastAccess = DateTime.UtcNow;
context.Accounts.Update(account);
await context.SaveChangesAsync();
httpContext.Session.Set("account", account.Id);
await httpContext.Session.CommitAsync();
await httpContext.Response.WriteAsync(JsonConvert.SerializeObject(new { success = true, token = httpContext.Session.Id, account = new AccountView(account) }));
} catch (Exception ex) {
HtcPlugin.Logger.LogError(ex);
await httpContext.Response.SendInternalErrorAsync(8, "An internal failure occurred while attempting to create the account. Please try again later.");
}
}
else
{
await httpContext.Response.SendRequestErrorAsync(9, "The password is incorrect.");
}
}
public async void ChangePassowrdCommand_Executed(object sender, ExecutedRoutedEventArgs e)
{
if (PbxNewPassword.Password != PbxRepeatPassword.Password)
{
MessageBox.Show(
"New password and repeat password do not match",
"Set new password error",
MessageBoxButton.OK,
MessageBoxImage.Error);
return;
}
if (PbxNewPassword.Password.Length < 6)
{
MessageBox.Show(
"New password should have more than 5 symbols",
"Set new password error",
MessageBoxButton.OK,
MessageBoxImage.Error);
return;
}
var user = this.LaboratoryBookUser;
var password = this.PbxOldPassword.Password;
var newPassword = this.PbxNewPassword.Password;
var checkOldPasswordTask = new Task <Tuple <bool, string> >(() => Password.CheckPassword(user.GetUserID(), password));
var checkPasswordResult = new Tuple <bool, string>(false, "null");
try
{
checkOldPasswordTask.Start();
checkPasswordResult = await checkOldPasswordTask;
}
catch (Exception exception)
{
MessageBox.Show(
exception.Message,
"Set new password error",
MessageBoxButton.OK,
MessageBoxImage.Error);
}
if (checkPasswordResult.Item1 == false)
{
MessageBox.Show(
"Old password does not match",
"Ser new password error",
MessageBoxButton.OK,
MessageBoxImage.Error);
return;
}
var setNewPasswordTask = new Task <bool>(() => Password.SetNewPassword(user.GetUserID(), newPassword));
var setNewPasswordResult = false;
try
{
setNewPasswordTask.Start();
setNewPasswordResult = await setNewPasswordTask;
}
catch (Exception exception)
{
MessageBox.Show(
exception.Message,
"Set new password error",
MessageBoxButton.OK,
MessageBoxImage.Error);
}
if (setNewPasswordResult == true)
{
MessageBox.Show(
"Password was successfully changed!",
"Set new password error",
MessageBoxButton.OK,
MessageBoxImage.Information);
}
else
{
MessageBox.Show(
"Password was not changed",
"Set new password error",
MessageBoxButton.OK,
MessageBoxImage.Error);
}
}
public void GoodPasswordTest1()
{
Password.SetPassword("MAMA");
Assert.IsTrue(Password.CheckPassword("MAMA"));
}
public void FalsePasswordTest2()
{
Password.SetPassword("MAMA");
Assert.IsFalse(Password.CheckPassword("papa"));
}
public ActionResult SignupIFrameSubmit(string email, string password, string password2, string realname, string background, string color)
{
if (email.IsNullOrEmpty())
{
// Can't use standard RecoverableError things in affiliate forms, do it by hand
ViewData["error_message"] = "Email is required";
ViewData["affId"] = CurrentAffiliate.Id;
ViewData["realname"] = realname;
ViewData["password"] = password;
ViewData["password2"] = password2;
return(SignupIFrame(null, background, color));
}
if (!Models.User.IsValidEmail(ref email))
{
// Can't use standard RecoverableError things in affiliate forms, do it by hand
ViewData["error_message"] = "Email is not valid";
ViewData["affId"] = CurrentAffiliate.Id;
ViewData["realname"] = realname;
ViewData["email"] = email;
ViewData["password"] = password;
ViewData["password2"] = password2;
return(SignupIFrame(null, background, color));
}
// Check that the captcha succeeded
string error;
if (!Captcha.Verify(Request.Form, out error) || !Password.CheckPassword(password, password2, email, null, null, out error))
{
// Can't use standard RecoverableError things in affiliate forms, do it by hand
ViewData["error_message"] = error;
ViewData["affId"] = CurrentAffiliate.Id;
ViewData["email"] = email;
ViewData["realname"] = realname;
ViewData["password"] = password;
ViewData["password2"] = password2;
return(SignupIFrame(null, background, color));
}
var cookie = System.Web.HttpContext.Current.CookieSentOrReceived(Current.AnonymousCookieName);
var callback = Current.GetFromCache <string>(CallbackKey(cookie));
string token, authCode;
if (!PendingUser.CreatePendingUser(email, password, realname, out token, out authCode, out error))
{
// Can't use standard RecoverableError things in affiliate forms, do it by hand
ViewData["error_message"] = error;
ViewData["affId"] = CurrentAffiliate.Id;
ViewData["email"] = email;
ViewData["realname"] = realname;
ViewData["password"] = password;
ViewData["password2"] = password2;
return(SignupIFrame(null, background, color));
}
var complete =
SafeRedirect(
(Func <string, string, string, string, string, string, ActionResult>)
(new AccountController()).CompleteAffiliateTriggeredRegistration,
new
{
email,
affId = CurrentAffiliate.Id,
token,
callback,
realname,
authCode
}
);
var completeLink = Current.Url(complete.Url);
string affName = CurrentAffiliate.HostFilter;
Uri callbackUri;
if (Uri.TryCreate(callback, UriKind.Absolute, out callbackUri))
{
affName = callbackUri.Host;
}
var success =
Current.Email.SendEmail(
email,
Email.Template.CompleteRegistrationViaAffiliate,
new {
AffiliateName = affName,
RegistrationLink = completeLink.AsLink()
});
if (!success)
{
return(IrrecoverableError("An error occurred sending the email", "This has been recorded, and will be looked into shortly"));
}
ViewData["Background"] = background;
ViewData["Color"] = color;
return(SuccessEmail("Registration Email Sent to " + email, "Check your email for the link to complete your registration."));
}
public bool IsValidUser(string username, string password)
{
UserCredentials testUser = repo.GetUser(username);
return(Password.CheckPassword(password, testUser.Salt, testUser.PasswordHash));
}
void IServerBase.ChangePassword(Password password, Password newPassword)
{
Password serverPassword;
try
{
serverPassword = new Password(Config.Instance.GetIntegerList("Server.AdminPassword").ToArray());
}
catch(ArgumentOutOfRangeException)
{
serverPassword = new Password("");
}
if(!serverPassword.CheckPassword(password))
throw new BadServerPasswordException();
Config.Instance.SetIntegerList("Server.AdminPassword", newPassword.LongHash.ToList());
}
public bool CheckPassword(string password)
{
return(Password.CheckPassword(password));
}
public void ThrowExceptionIfPasswordLengthIsLessThan6Chars()
{
var input = "alpha";
Assert.Throws <System.ArgumentException>(() => pw.CheckPassword(input));
}
static void BIO_2000_Q1()
{
Password.CheckPassword();
}
public bool IsValidUser(string email, string password)
{
var user = _modelRepository.Read(email).Result;
return(Password.CheckPassword(password, user.Salt, user.Password));
}
