public ClientMembershipUser(User user, string passwordSalt,
PasswordFormat passwordFormat, int failedPasswordAttemptCount,
DateTime failedPasswordAttemptWindowStart,
int failedPasswordAnswerAttemptCount,
DateTime failedPasswordAnswerAttemptWindowStart)
: base(user.UserKey,
user.UserName, user.Email, user.PasswordQuestion,
user.IsLockedOut, user.CreationDate, user.LastLoginDate,
user.LastActivityDate, user.LastPasswordChangedDate,
user.LastLockoutDate)
{
if (passwordSalt != null)
{
passwordSalt = passwordSalt.Trim();
}
this.passwordSalt = passwordSalt;
this.passwordFormat = passwordFormat;
this.failedPasswordAttemptCount = failedPasswordAttemptCount;
this.failedPasswordAttemptWindowStart
= failedPasswordAttemptWindowStart;
this.failedPasswordAnswerAttemptCount
= failedPasswordAnswerAttemptCount;
this.failedPasswordAnswerAttemptWindowStart
= failedPasswordAnswerAttemptWindowStart;
}
public AccountRegistrationRequest(Account account, string email,string password,PasswordFormat passwordFormat)
{
Account = account;
Email = email;
Password = password;
PasswordFormat = passwordFormat;
}
private Customer CreateCustomer(PasswordFormat passwordFormat, bool isRegistered = true)
{
var customer = new Customer
{
Username = "******",
Email = "*****@*****.**",
Active = true
};
_customerService.InsertCustomer(customer);
var password = "******";
if (passwordFormat == PasswordFormat.Encrypted)
password = _encryptionService.EncryptText(password);
_customerService.InsertCustomerPassword(new CustomerPassword
{
CustomerId = customer.Id,
PasswordFormat = passwordFormat,
Password = password,
CreatedOnUtc = DateTime.UtcNow
});
if (isRegistered)
_customerService.AddCustomerRoleMapping(new CustomerCustomerRoleMapping
{
CustomerId = customer.Id,
CustomerRoleId = _customerService
.GetCustomerRoleBySystemName(NopCustomerDefaults.RegisteredRoleName).Id
});
return customer;
}
public ClientMembershipUser(User user, string passwordSalt,
PasswordFormat passwordFormat, int failedPasswordAttemptCount,
DateTime failedPasswordAttemptWindowStart,
int failedPasswordAnswerAttemptCount,
DateTime failedPasswordAnswerAttemptWindowStart)
: base(user.UserKey,
user.UserName, user.Email, user.PasswordQuestion,
user.IsLockedOut, user.CreationDate, user.LastLoginDate,
user.LastActivityDate, user.LastPasswordChangedDate,
user.LastLockoutDate)
{
if (passwordSalt != null)
{
passwordSalt = passwordSalt.Trim();
}
this.passwordSalt = passwordSalt;
this.passwordFormat = passwordFormat;
this.failedPasswordAttemptCount = failedPasswordAttemptCount;
this.failedPasswordAttemptWindowStart
= failedPasswordAttemptWindowStart;
this.failedPasswordAnswerAttemptCount
= failedPasswordAnswerAttemptCount;
this.failedPasswordAnswerAttemptWindowStart
= failedPasswordAnswerAttemptWindowStart;
}
public UserRegistrationStatus Register(string email, string password, PasswordFormat passwordFormat)
{
//before registering the user, we need to check a few things
//does the user exist already?
var existingUser = _userService.FirstOrDefault(x => x.Email == email);
if (existingUser != null)
return UserRegistrationStatus.FailedAsEmailAlreadyExists;
//we can create a user now, we'll need to hash the password
var salt = _cryptographyService.CreateSalt(8); //64 bits...should be good enough
var hashedPassword = _cryptographyService.GetHashedPassword(password, salt, passwordFormat);
//create a new user entity
var user = new User()
{
Email = email,
DateCreated = DateTime.UtcNow,
DateUpdated = DateTime.UtcNow,
LastLoginDate = DateTime.UtcNow,
LastLoginIpAddress = WebHelper.GetClientIpAddress(),
Password = hashedPassword,
PasswordSalt = salt,
PasswordFormat = passwordFormat,
Guid = Guid.NewGuid(),
IsSystemAccount = false,
Active = true
};
_userService.Insert(user);
return UserRegistrationStatus.Success;
}
/// <summary>
/// Converte
/// </summary>
/// <param name="format"></param>
/// <returns></returns>
private static PasswordFormat Convert(ServerHost.PasswordFormat format)
{
PasswordFormat result = PasswordFormat.Clear;
Enum.TryParse <PasswordFormat>(format.ToString(), out result);
return(result);
}
public AccountRegistrationRequest(Account account, string email, string password, PasswordFormat passwordFormat)
{
Account = account;
Email = email;
Password = password;
PasswordFormat = passwordFormat;
}
public Application(string name, bool enablePasswordReset,
bool enablePasswordRetrieval, int maxInvalidPasswordAttempts,
int minRequiredNonAlphanumericCharacters, int minRequiredPasswordLength,
int passwordAttemptWindow, PasswordFormat passwordFormat,
string passwordStrengthRegularExpression, bool requiresQuestionAndAnswer,
bool requiresUniqueEmail, bool isDecryptionKeyAutogenerated,
bool isHashAlgorithmFromMembershipConfig, string hashAlgorithmType,
int maxPasswordSize, int maxPasswordAnswerSize, int maxUsernameSize,
int maxPasswordQuestionSize)
{
this.name = name;
this.enablePasswordReset = enablePasswordReset;
this.enablePasswordRetrieval = enablePasswordRetrieval;
this.maxInvalidPasswordAttempts = maxInvalidPasswordAttempts;
this.minRequiredNonAlphanumericCharacters = minRequiredNonAlphanumericCharacters;
this.minRequiredPasswordLength = minRequiredPasswordLength;
this.passwordAttemptWindow = passwordAttemptWindow;
this.passwordFormat = passwordFormat;
this.passwordStrengthRegularExpression = passwordStrengthRegularExpression;
this.requiresQuestionAndAnswer = requiresQuestionAndAnswer;
this.requiresUniqueEmail = requiresUniqueEmail;
this.isDecryptionKeyAutogenerated = isDecryptionKeyAutogenerated;
this.isHashAlgorithmFromMembershipConfig = isHashAlgorithmFromMembershipConfig;
this.hashAlgorithmType = hashAlgorithmType;
this.maxPasswordSize = maxPasswordSize;
this.maxPasswordAnswerSize = maxPasswordAnswerSize;
this.maxUsernameSize = maxUsernameSize;
this.maxPasswordQuestionSize = maxPasswordQuestionSize;
}
private string EncodePassword(string pass, PasswordFormat passwordFormat, string salt)
{
if (passwordFormat == PasswordFormat.Clear)
{
return(pass);
}
byte[] bIn = Encoding.Unicode.GetBytes(pass), bSalt = Convert.FromBase64String(salt);
byte[] hash;
byte[] bAll = new byte[bSalt.Length + bIn.Length];
Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);
Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);
if (passwordFormat == PasswordFormat.Hashed)
{
// Password is hashed
//HashAlgorithm ha = HashAlgorithm.Create("SHA1"); // 'SHA1' is typically used by Membership.
var sha1 = SHA1.Create();
hash = sha1.ComputeHash(bAll);
}
else
{
// Password is encrypted
hash = RijndaelCrypto.EncryptToBytes(Encoding.Unicode.GetBytes(pass));
}
return(Convert.ToBase64String(hash));
}
public Application(string name, bool enablePasswordReset,
bool enablePasswordRetrieval, int maxInvalidPasswordAttempts,
int minRequiredNonAlphanumericCharacters, int minRequiredPasswordLength,
int passwordAttemptWindow, PasswordFormat passwordFormat,
string passwordStrengthRegularExpression, bool requiresQuestionAndAnswer,
bool requiresUniqueEmail, bool isDecryptionKeyAutogenerated,
bool isHashAlgorithmFromMembershipConfig, string hashAlgorithmType,
int maxPasswordSize, int maxPasswordAnswerSize, int maxUsernameSize,
int maxPasswordQuestionSize)
{
this.name = name;
this.enablePasswordReset = enablePasswordReset;
this.enablePasswordRetrieval = enablePasswordRetrieval;
this.maxInvalidPasswordAttempts = maxInvalidPasswordAttempts;
this.minRequiredNonAlphanumericCharacters = minRequiredNonAlphanumericCharacters;
this.minRequiredPasswordLength = minRequiredPasswordLength;
this.passwordAttemptWindow = passwordAttemptWindow;
this.passwordFormat = passwordFormat;
this.passwordStrengthRegularExpression = passwordStrengthRegularExpression;
this.requiresQuestionAndAnswer = requiresQuestionAndAnswer;
this.requiresUniqueEmail = requiresUniqueEmail;
this.isDecryptionKeyAutogenerated = isDecryptionKeyAutogenerated;
this.isHashAlgorithmFromMembershipConfig = isHashAlgorithmFromMembershipConfig;
this.hashAlgorithmType = hashAlgorithmType;
this.maxPasswordSize = maxPasswordSize;
this.maxPasswordAnswerSize = maxPasswordAnswerSize;
this.maxUsernameSize = maxUsernameSize;
this.maxPasswordQuestionSize = maxPasswordQuestionSize;
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
var args = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(args);
if (args.Cancel)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
if (RequiresUniqueEmail && !string.IsNullOrWhiteSpace(GetUserNameByEmail(email)))
{
status = MembershipCreateStatus.DuplicateEmail;
return(null);
}
MembershipUser u = GetUser(username, false);
if (u == null)
{
DateTime createDate = DateTime.Now;
passwordQuestion = string.IsNullOrWhiteSpace(passwordQuestion) ? string.Empty : passwordQuestion;
passwordAnswer = string.IsNullOrWhiteSpace(passwordAnswer) ? string.Empty : passwordAnswer;
string salt = GenerateSalt();
var user = new DbEntryMembershipUser
{
UserName = username,
Password = EncodePassword(password, (int)this.PasswordFormat, salt),
PasswordFormat = PasswordFormat.GetHashCode(),
PasswordSalt = salt,
Email = email,
LoweredEmail = email == null ? string.Empty : email.ToLowerInvariant(),
PasswordQuestion = passwordQuestion,
PasswordAnswer = passwordAnswer,
IsApproved = isApproved,
IsLockedOut = false,
LastLoginDate = createDate,
LastPasswordChangedDate = createDate,
LastLockoutDate = createDate,
FailedCount = 0,
FailedStart = createDate,
FailedAnswerCount = 0,
FailedAnswerStart = createDate,
LastActivityDate = createDate,
Comment = string.Empty
};
//.Init(username, password, email, passwordQuestion, passwordAnswer, isApproved, null);
// user.CreateDate = createDate;
user.Save();
status = MembershipCreateStatus.Success;
return(GetUser(username, false));
}
status = MembershipCreateStatus.DuplicateUserName;
return(null);
}
public IList <Customer> GetAllCustomersByPasswordFormat(PasswordFormat passwordFormat)
{
var passwordFormatId = (int)passwordFormat;
var query = _customerRepository.Table;
query = query.Where(m => m.PasswordFormatId == passwordFormatId);
query = query.OrderByDescending(m => m.CreatedOnUtc);
return(query.ToList());
}
/// <summary>
/// Ctor
/// </summary>
/// <param name="customer">Customer</param>
/// <param name="username">Username</param>
/// <param name="password">Password</param>
/// <param name="passwordFormat">Password fprmat</param>
public CustomerRegistrationRequest(Customer customer, string username,
string password,
PasswordFormat passwordFormat)
{
this.Customer = customer;
this.Username = username;
this.Password = password;
this.PasswordFormat = passwordFormat;
}
public CustomerRegistrationRequest(Customer customer, string email, string userName, string password, PasswordFormat passwordFormat, bool isAproved = true)
{
Customer = customer;
Email = email;
UserName = userName;
Password = password;
PasswordFormat = passwordFormat;
IsAproved = true; //TODO change logic
}
/// <summary>
/// Ctor
/// </summary>
/// <param name="userName">Email</param>
/// <param name="validateRequest">A value indicating whether we should validate request</param>
/// <param name="newPasswordFormat">Password format</param>
/// <param name="newPassword">New password</param>
/// <param name="oldPassword">Old password</param>
public ChangePasswordRequest(string userName, bool validateRequest,
PasswordFormat newPasswordFormat, string newPassword, string oldPassword = "")
{
this.UserName = userName;
this.ValidateRequest = validateRequest;
this.NewPasswordFormat = newPasswordFormat;
this.NewPassword = newPassword;
this.OldPassword = oldPassword;
}
/// <summary>
/// Ctor
/// </summary>
/// <param name="userName">Email</param>
/// <param name="validateRequest">A value indicating whether we should validate request</param>
/// <param name="newPasswordFormat">Password format</param>
/// <param name="newPassword">New password</param>
/// <param name="oldPassword">Old password</param>
public ChangePasswordRequest(string userName, bool validateRequest,
PasswordFormat newPasswordFormat, string newPassword, string oldPassword = "")
{
this.UserName = userName;
this.ValidateRequest = validateRequest;
this.NewPasswordFormat = newPasswordFormat;
this.NewPassword = newPassword;
this.OldPassword = oldPassword;
}
public ChangePasswordRequest(string email, bool validateRequest,
PasswordFormat newPasswordFormat, string newPassword, string oldPassword = "")
{
this.Email = email;
this.ValidateRequest = validateRequest;
this.NewPasswordFormat = newPasswordFormat;
this.NewPassword = newPassword;
this.OldPassword = oldPassword;
}
public object Authenticate(string userName, object password, PasswordFormat format, IDictionary options, string authenticationType)
{
if (_yourAuthenticationService.isValid(userName, password.ToString()))
{
return(true);
}
//Returning null means the authentication failed
return(null);
}
public void UpdatePassword(int userId, string password, PasswordFormat passwordFormat)
{
//we can create a user now, we'll need to hash the password
var salt = _cryptographyService.CreateSalt(8); //64 bits...should be good enough
var hashedPassword = _cryptographyService.GetHashedPassword(password, salt, passwordFormat);
_userService.Update(new { password = hashedPassword, passwordSalt = salt, passwordFormat = passwordFormat, requirePasswordChange = false },
x => x.Id == userId, null);
//update the require change field
}
public virtual IList <Customer> GetAllCustomersByPasswordFormat(PasswordFormat passwordFormat)
{
int passwordFormatId = (int)passwordFormat;
var customers = _customerRepository.Table
.Where(c => c.PasswordFormatId == passwordFormatId)
.OrderByDescending(c => c.CreatedOnUtc)
.ToList();
return(customers);
}
/// <summary>
/// Ctor
/// </summary>
/// <param name="email">Email</param>
/// <param name="validateRequest">A value indicating whether we should validate request</param>
/// <param name="newPasswordFormat">Password format</param>
/// <param name="newPassword">New password</param>
/// <param name="oldPassword">Old password</param>
/// <param name="hashedPasswordFormat">Hashed password format</param>
public ChangePasswordRequest(string email, bool validateRequest,
PasswordFormat newPasswordFormat, string newPassword, string oldPassword = "",
string hashedPasswordFormat = null)
{
Email = email;
ValidateRequest = validateRequest;
NewPasswordFormat = newPasswordFormat;
NewPassword = newPassword;
OldPassword = oldPassword;
HashedPasswordFormat = hashedPasswordFormat;
}
/// <summary>
/// Ctor
/// </summary>
/// <param name="customer">Customer</param>
/// <param name="email">Email</param>
/// <param name="username">Username</param>
/// <param name="password">Password</param>
/// <param name="passwordFormat">Password format</param>
/// <param name="isApproved">Is approved</param>
public CustomerRegistrationRequest(Customer customer, string username,
string password,
PasswordFormat passwordFormat,
bool isApproved = true)
{
this.Customer = customer;
this.Username = username;
this.Password = password;
this.PasswordFormat = passwordFormat;
this.IsApproved = isApproved;
}
public UserRegistrationRequest(User user, string email, string username, string password,
PasswordFormat passwordFormat, int tenantId, bool isApproved = true)
{
this.User = user;
this.Email = email;
this.Username = username;
this.Password = password;
this.PasswordFormat = passwordFormat;
this.IsApproved = isApproved;
this.TenantId = tenantId;
}
public CustomerRegistrationRequest(Customer customer, string email, string username,
string password,
PasswordFormat passwordFormat,
bool isApproved = true)
{
this.Customer = customer;
this.Email = email;
this.Username = username;
this.Password = password;
this.PasswordFormat = passwordFormat;
this.IsApproved = isApproved;
}
public UserRegistrationRequest(User user, string email,string mobile, string username,
string password,
PasswordFormat passwordFormat,
bool isApproved = true)
{
this.User = user;
this.Email = email;
this.Username = username;
this.Password = password;
this.PasswordFormat = passwordFormat;
this.IsApproved = isApproved;
Mobile = mobile;
}
/// <summary>
/// Ctor
/// </summary>
/// <param name="customer">Customer</param>
/// <param name="email">Email</param>
/// <param name="username">Username</param>
/// <param name="password">Password</param>
/// <param name="passwordFormat">Password format</param>
/// <param name="storeId">Store identifier</param>
/// <param name="isApproved">Is approved</param>
public CustomerRegistrationRequest(Customer customer, int[] rolesBinded, string email, string username,
string password,
PasswordFormat passwordFormat,
int storeId,
bool isApproved = true)
{
this.Customer = customer;
this.Email = email;
this.Username = username;
this.Password = password;
this.PasswordFormat = passwordFormat;
this.StoreId = storeId;
this.IsApproved = isApproved;
this.RolesBinded = rolesBinded;
}
public UserRegistrationStatus Register(User user, PasswordFormat passwordFormat)
{
//does the user exist already?
var existingUser = _userService.FirstOrDefault(x => x.Email == user.Email);
if (existingUser != null)
return UserRegistrationStatus.FailedAsEmailAlreadyExists;
//we can create a user now, we'll need to hash the password
var salt = _cryptographyService.CreateSalt(8); //64 bits...should be good enough
var hashedPassword = _cryptographyService.GetHashedPassword(user.Password, salt, passwordFormat);
user.Password = hashedPassword;
user.PasswordSalt = salt;
user.PasswordFormat = passwordFormat;
_userService.Insert(user);
return UserRegistrationStatus.Success;
}
public override void Configure(XmlElement element)
{
base.Configure(element);
Format = XmlUtilities.GetAttribute(element, "format", Format);
}
private static PasswordFormatContract ToPasswordFormatContract(PasswordFormat passwordFormat)
{
return (PasswordFormatContract)Enum.Parse(typeof(PasswordFormatContract),
passwordFormat.ToString());
}
bool inventoryWebdav_OnDigestAuthenticate(string username, out PasswordFormat format, out string password)
{
/*/
password = "******";
format = PasswordFormat.MD5;
return true;
/*/
Uri owner;
format = PasswordFormat.Plain;
password = String.Empty; //TODO: this should eventually be some session generated passwd
if (Uri.TryCreate(username, UriKind.Absolute, out owner))
{
UUID agentID = CableBeachUtils.IdentityToUUID(owner);
UUID ownerID = CableBeachUtils.MessageToUUID(owner, agentID);
}
return false;
//*/
}
private HashAlgorithm CreateAlgorithm(PasswordFormat passwordFormat)
{
switch (passwordFormat)
{
case PasswordFormat.Sha1:
return new SHA1Managed();
case PasswordFormat.Sha256:
return new SHA256Managed();
case PasswordFormat.Sha384:
return new SHA384Managed();
case PasswordFormat.Sha512:
return new SHA512Managed();
case PasswordFormat.Md5:
return new MD5Cng();
default:
throw new ArgumentOutOfRangeException("passwordFormat");
}
}
private bool CheckPasswordAnswer(string passwordAnswer,
string passwordAnswerFromPersistence,
PasswordFormat passwordFormat, string salt)
{
return this.CheckPassword(
passwordAnswer.ToLower(CultureInfo.InvariantCulture),
passwordAnswerFromPersistence, passwordFormat, salt);
}
private string EncodePassword(string password,
PasswordFormat passwordFormat, string salt)
{
if (passwordFormat == PasswordFormat.Clear)
{
return password;
}
byte[] bytes = Encoding.Unicode.GetBytes(password);
byte[] source = Convert.FromBase64String(salt);
byte[] destination = new byte[source.Length + bytes.Length];
byte[] passwordBytes = null;
Buffer.BlockCopy(source, 0, destination, 0, source.Length);
Buffer.BlockCopy(bytes, 0, destination, source.Length, bytes.Length);
if (passwordFormat == PasswordFormat.Hashed)
{
HashAlgorithm algorithm = HashAlgorithm.Create(
this.Application.HashAlgorithmType);
if ((algorithm == null) &&
this.Application.IsHashAlgorithmFromMembershipConfig)
{
this.ThrowHashAlgorithmException();
}
passwordBytes = algorithm.ComputeHash(destination);
}
return Convert.ToBase64String(passwordBytes);
}
public string GetPasswordFormatName(PasswordFormat passwordFormat)
{
//algorithm to use
var algorithmName = "SHA1";
switch (passwordFormat)
{
case PasswordFormat.Md5Hashed:
algorithmName = "MD5";
break;
case PasswordFormat.Sha1Hashed:
algorithmName = "SHA1";
break;
case PasswordFormat.Sha256Hashed:
algorithmName = "SHA256";
break;
}
return algorithmName;
}
public string GetHashedPassword(string plainText, string salt, PasswordFormat passwordFormat)
{
//get the algorithm name
var algorithmName = GetPasswordFormatName(passwordFormat);
var algorithm = HashAlgorithm.Create(algorithmName);
if(algorithm == null)
throw new mobSocialException(string.Format("Can't find a hash algorithm with name '{0}'", algorithmName));
var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
var saltBytes = Encoding.UTF8.GetBytes(salt);
//now merge both the byte arrays
var plainTextWithSaltBytes =
new byte[plainTextBytes.Length + saltBytes.Length];
for (var i = 0; i < plainTextBytes.Length; i++)
{
plainTextWithSaltBytes[i] = plainTextBytes[i];
}
for (var i = 0; i < saltBytes.Length; i++)
{
plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];
}
//find the hash
var hashBytes = algorithm.ComputeHash(plainTextWithSaltBytes);
return Convert.ToBase64String(hashBytes);
}
public PasswordGenerator()
{
Format = PasswordFormat.Auto;
}
/// <summary>
/// Gets all customers by customer format (including deleted ones)
/// </summary>
/// <param name="passwordFormat">Password format</param>
/// <returns>Customers</returns>
public virtual IList<Customer> GetAllCustomersByPasswordFormat(PasswordFormat passwordFormat)
{
int passwordFormatId = (int)passwordFormat;
var query = _customerRepository.Table;
query = query.Where(c => c.PasswordFormatId == passwordFormatId);
query = query.OrderByDescending(c => c.CreatedOnUtc);
var customers = query.ToList();
return customers;
}
private bool CheckPassword(string password, string passwordFromPersistence,
PasswordFormat passwordFormat, string salt)
{
string encodedPassword = this.EncodePassword(password,
passwordFormat, salt);
return passwordFromPersistence.Equals(encodedPassword);
}
private object GetHash(Column column, PasswordFormat format, string password)
{
using (HashAlgorithm algorithm = CreateAlgorithm(format))
{
byte[] buffer = Encoding.UTF8.GetBytes(password);
byte[] hash = algorithm.ComputeHash(buffer);
if (IsStringDbType(column))
{
return ConvertUtilities.ToHexa(hash);
}
return hash;
}
}
/// <summary>
/// Gets all Accounts by Account format (including deleted ones)
/// </summary>
/// <param name="passwordFormat">Password format</param>
/// <returns>Accounts</returns>
public virtual IList<Account> GetAllAccountsByPasswordFormat(PasswordFormat passwordFormat)
{
int passwordFormatId = (int)passwordFormat;
var query = _accountRepository.Table;
query = query.Where(c => c.PasswordFormatId == passwordFormatId);
query = query.OrderByDescending(c => c.CreatedOnUtc);
var Accounts = query.ToList();
return Accounts;
}
