Exemplo n.º 1
0
        public User Authenticate(string userName, string password)
        {
            if ((String.IsNullOrWhiteSpace(userName)) || (String.IsNullOrWhiteSpace(password)))
            {
                return(null);
            }

            DbUser user;

            using (var context = new RelayContext())
            {
                user = context.Users.SingleOrDefault(u => u.UserName == userName);

                if (user == null)
                {
                    return(null);
                }
            }

            var passwordInformation = new PasswordInformation
            {
                Hash       = user.Password,
                Salt       = user.Salt,
                Iterations = user.Iterations
            };

            if (_passwordHash.ValidatePassword(Encoding.UTF8.GetBytes(password), passwordInformation))
            {
                return(new User()
                {
                    UserName = user.UserName,
                    Id = user.Id,
                    CreationDate = user.CreationDate
                });
            }

            return(null);
        }
Exemplo n.º 2
0
        public bool Authenticate(string userName, string password, out Guid linkId)
        {
            linkId = Guid.Empty;

            using (var context = new RelayContext())
            {
                byte[] passwordBytes;

                try
                {
                    passwordBytes = Convert.FromBase64String(password);
                }
                catch
                {
                    return(false);
                }

                var link = context.Links.Where(p => p.UserName == userName).Select(p => new
                {
                    p.Id,
                    p.Password,
                    p.Iterations,
                    p.Salt
                }).FirstOrDefault();

                if (link == null)
                {
                    return(false);
                }

                var passwordInformation = new PasswordInformation
                {
                    Hash       = link.Password,
                    Iterations = link.Iterations,
                    Salt       = link.Salt
                };

                var cacheKey = userName + "/" + password;
                PasswordInformation previousInfo;

                lock (_successfullyValidatedUsernamesAndPasswords)
                {
                    _successfullyValidatedUsernamesAndPasswords.TryGetValue(cacheKey, out previousInfo);
                }

                // found in cache (NOTE: cache only contains successfully validated passwords to prevent DOS attacks!)
                if (previousInfo != null)
                {
                    if (previousInfo.Hash == passwordInformation.Hash &&
                        previousInfo.Iterations == passwordInformation.Iterations &&
                        previousInfo.Salt == passwordInformation.Salt)
                    {
                        linkId = link.Id;
                        return(true);
                    }
                }

                // ELSE: calculate and cache
                if (!_passwordHash.ValidatePassword(passwordBytes, passwordInformation))
                {
                    return(false);
                }

                lock (_successfullyValidatedUsernamesAndPasswords)
                {
                    {
                        _successfullyValidatedUsernamesAndPasswords[cacheKey] = passwordInformation;
                    }
                }

                linkId = link.Id;
                return(true);
            }
        }
 public PasswordInformationTest()
 {
     _passwordInformation = null;
 }
Exemplo n.º 4
0
 public void SetFields(PasswordInformation info)
 {
     if (!string.IsNullOrWhiteSpace(info.Hint))
     {
         _password.Placeholder = info.Hint;
     }
     _forgotPassword.IsVisible = info.HasRecovery;
     _currentSalt = info.CurrentSalt;
     _newSalt = info.NewSalt;
 }
Exemplo n.º 5
0
        private static Task<ActivationResult> Register(Service service, string nationalNumber, string countryCode, string code, string firstName = null, string lastName = null)
        {
            return Task<ActivationResult>.Factory.StartNew(() =>
                {
                    var result = Telegram.RegisterCode(service, GetSettingsTelegramSettings(nationalNumber), countryCode + nationalNumber,
                                                       GetSettingsCodeHash(nationalNumber), code, firstName, lastName, GetSettingsRegistered(nationalNumber));

                    if (result == null)
                    {
                        return new ActivationResult
                        {
                            Success = false,
                            ErrorMessage = Localize.GetString("TelegramCodeError")
                        };
                    }

                    if (result.Response != Telegram.CodeRegister.Type.Success)
                    {
                        string errorMessage = null;
                        var info = new PasswordInformation();
                        switch (result.Response)
                        {
                            case Telegram.CodeRegister.Type.NumberInvalid:
                                errorMessage = Localize.GetString("TelegramCodeNumberInvalid");
                                break;
                            case Telegram.CodeRegister.Type.CodeEmpty:
                                errorMessage = Localize.GetString("TelegramCodeInvalidMessage");
                                break;
                            case Telegram.CodeRegister.Type.CodeExpired:
                                errorMessage = Localize.GetString("TelegramCodeCodeExpired");
                                break;
                            case Telegram.CodeRegister.Type.CodeInvalid:
                                errorMessage = Localize.GetString("TelegramCodeCodeInvalid");
                                break;
                            case Telegram.CodeRegister.Type.FirstNameInvalid:
                                errorMessage = Localize.GetString("TelegramCodeFirstNameInvalid");
                                break;
                            case Telegram.CodeRegister.Type.LastNameInvalid:
                                errorMessage = Localize.GetString("TelegramCodeLastNameInvalid");
                                break;
                            case Telegram.CodeRegister.Type.PasswordNeeded:
                                info.CurrentSalt = result.CurrentSalt;
                                info.HasRecovery = result.HasRecovery;
                                info.Hint = result.Hint;
                                info.NewSalt = result.NewSalt;
                                break;
                            default:
                                errorMessage = Localize.GetString("TelegramCodeError");
                                break;
                        }
                        return new ActivationResult
                        {
                            Success = false,
                            ErrorMessage = errorMessage,
                            PasswordNeeded = result.Response == Telegram.CodeRegister.Type.PasswordNeeded,
                            PasswordInformation = info
                        };
                    }

                    return new ActivationResult
                    {
                        Success = true,
                        AccountId = result.AccountId,
                    };
                });
        }