| public static Verify ( string password, string hashedPassword ) : bool | ||
| password | string | the password |
| hashedPassword | string | the hash |
| return | bool | |
public bool ChangePassword(Guid userId, PasswordChangeEntity passwordEntity)
{
User User = context.Users.FirstOrDefault(u => u.Id.Equals(userId));
if (User == null) return false;
if (SecurePasswordHasher.Verify(passwordEntity.OldPassword, User.Password))
{
//User newPasswordUser = new User(passwordEntity.UserEntity);
User.Password = SecurePasswordHasher.Hash(passwordEntity.UserEntity.Password);
context.SaveChanges();
return true;
}
return false;
}
private void btnOk_Click(object sender, EventArgs e)
{
if (txtNewPass.Text != txtNewPass2.Text)
{
MessageBox.Show(@"New Passwords do not match.");
return;
}
var user = User.GetUserFromEmail(txtEmail.Text);
if (user == null)
{
MessageBox.Show(@"Incorrect Username or Password");
return;
}
var result = SecurePasswordHasher.Verify(txtPass.Text, user.PasswordHash);
if (!result)
{
MessageBox.Show(@"Incorrect Username or Password");
return;
}
user.UpdateUser(txtNewPass.Text);
}
public async Task <Response> Handle(Request request, CancellationToken cancellationToken)
{
var resetTicket = _session.Query <ResetTicket>()
.FirstOrDefault(x => x.UserEmail == request.Email);
if (resetTicket == null)
{
throw new NotFoundCoreException();
}
if (SecurePasswordHasher.Verify(request.Token, resetTicket.TokenHash) == false)
{
throw new Exception(); //TODO new exception for this error.
}
if (resetTicket.TokenUsed)
{
throw new Exception(); //TODO new exception for this error.
}
if (resetTicket.ExpirationDate < DateTime.UtcNow)
{
throw new Exception(); //TODO new exception for this error.
}
var user = _session.Query <User>()
.FirstOrDefault(x => x.Email == resetTicket.UserEmail);
user?.ResetPassword(request.Password);
resetTicket.TokenUsed = true;
_session.Store(resetTicket);
_session.Store(user);
return(new Response());
}
private async void OnLoginButtonClicked(object sender, EventArgs e)
{
if (!VerifyInput())
{
return;
}
IsBusy = true;
try
{
MyDartBuddy.Common.Entities.Account account = await SelectAccountAsync();
if (SecurePasswordHasher.Verify(passwordEntry.Text, account.Password))
{
ApplicationData.Current.CurrentAccount = account;
await Navigation.PopAsync();
}
else
{
messageLabel.Text = "Login has failed. Incorrect password";
}
}
catch (Exception ex)
{
messageLabel.Text = $"Login has failed: {ex.Message}";
}
IsBusy = false;
}
public IActionResult Mutq(User obj)
{
var user = (from item in baza.Users where item.login == obj.login select item).FirstOrDefault();
if (user == null)
{
TempData["Namak"] = "login is wrong";
}
else if (user.type == 2)
{
TempData["Namak"] = "error";
}
else if (SecurePasswordHasher.Verify(obj.password, user.password) == false)
{
TempData["Namak"] = "password is wrong";
}
else if (user.type == 1)
{
HttpContext.Session.SetInt32("test", user.Id);
return(Redirect("/User/Admin"));
}
else
{
HttpContext.Session.SetInt32("test", user.Id);
return(Redirect("/User/Profile"));
}
return(View());
}
private void Validation(object sender, System.EventArgs e)
{
// if user exist in table, then show the new form
using (var context = new MyDbContext())
{
var userLogin = context
.Users
.FirstOrDefault(x => x.user_name == _loginForm.GetLogin.Text);
if (userLogin is null)
{
_loginForm.MyLabel.Visible = true;
_loginForm.MyLabel.Text = "Invalid login.";
return;
}
if (!SecurePasswordHasher.Verify(_loginForm.GetPassword.Text, userLogin.password))
{
_loginForm.MyLabel.Visible = true;
_loginForm.MyLabel.Text = "Invalid password.";
return;
}
_loginForm.MyLabel.Visible = false;
if (userLogin.role == "user")
{
_mainForm.GetInsertButton.Visible = false;
_mainForm.GetDeleteButton.Visible = false;
_mainForm.GetGrid.RowHeadersVisible = false;
}
_loginForm.Hide();
_mainForm.Show();
}
}
public ActionResult EditLogin(User p)
{
p = Session["CurrentUser"] as User;
string curPass = Request.Params["curPassword"];
string oldlog = Request.Params["oldLogin"];
string newlog = Request.Params["newLogin"];
if (!SecurePasswordHasher.Verify(curPass, p.password))
{
TempData["msg2"] = "sxal";
return(Redirect("/User/Edit"));
}
else
{
var isLoginExist = context.User.Where(y => y.login == newlog).ToList();
if (isLoginExist.Count > 0)
{
TempData["msg2"] = "Sorry the login is busy";
return(Redirect("/User/Edit"));
}
p = context.User.Where(m => m.id == p.id).ToList().First();
p.login = newlog;
context.SaveChanges();
return(Redirect("/User/Profile"));
}
}
public void CreateUser_UserIsCreated()
{
string originalPwd = "somePwd";
User userToSave = new User();
userToSave.Id = 1;
userToSave.Username = "******";
userToSave.Email = "*****@*****.**";
userToSave.Password = originalPwd;
userToSave.Currency = Models.Enums.Currency.CAD;
userToSave.PhoneNumber = "51878928";
List <User> userTable = new List <User>();
SetupMocks(new List <User>());
SaveResultModel <User> result = _userService.CreateUser(userToSave);
User createdUser = _userService.GetUser(userToSave.Id);
_dataMock.Verify(m => m.Add(It.IsAny <User>()), Times.Once);
Assert.IsTrue(result.Success);
Assert.IsNotNull(createdUser);
Assert.AreEqual(createdUser.Username, userToSave.Username);
Assert.IsTrue(SecurePasswordHasher.Verify(originalPwd, createdUser.Password));
Assert.AreEqual(createdUser.Currency, userToSave.Currency);
Assert.AreEqual(createdUser.PhoneNumber, userToSave.PhoneNumber);
}
public async void CreateUser_AddsUserRowIntoDatabase()
{
var userName = Guid.NewGuid().ToString();
var fullName = Guid.NewGuid().ToString();
var password = Guid.NewGuid().ToString();
await this._Repository.CreateUser(userName : userName, password : password, fullName : fullName);
var request = GraphQLQueryManager.GetQueryRequest(
GraphQLQueryManager.QueryRequest.GetUserByUserName, new
{
UserName = userName
});
var response = await this._Client.PostAsync(request);
var users = response.GetDataFieldAs <ICollection <User> >("User");
Assert.NotEmpty(users);
var user = users.First();
Assert.Equal(userName, user.UserName);
Assert.Equal(fullName, user.FullName);
Assert.True(SecurePasswordHasher.Verify(password, user.PasswordHash));
}
private bool CheckUserNamePass()
{
bool isSuccessful = false;
string username = comboBox1.Text;
string pass = textBox1.Text;
string filename = ".\\Accounts\\" + username + ".xml";
if (!AccountExists(username))
{
MessageBox.Show("There is no account with this name ..."); return(false);
}
XmlSerializer mySerializer = new XmlSerializer(typeof(List <UserSettings>));
StreamReader xmlReader = new StreamReader(filename);
List <UserSettings> TestAllUserSettings = new List <UserSettings>();
TestAllUserSettings = (List <UserSettings>)mySerializer.Deserialize(xmlReader);
string hash = TestAllUserSettings[0].PassHashCode;
isSuccessful = SecurePasswordHasher.Verify(pass, hash);
xmlReader.Close();
if (!isSuccessful)
{
MessageBox.Show("The password you entered is incorrect ...");
}
return(isSuccessful);
}
public ActionResult UserLogin([Bind] Users user)
{
BillingSystemContext context = new BillingSystemContext();
Users userFromBase = context.Users.FirstOrDefault(u => u.UserName == user.UserName);
if (userFromBase != null && SecurePasswordHasher.Verify(user.Password, userFromBase.Password))
{
UsersBLL usersBLL = new UsersBLL();
UserClaimsDto userRoles = usersBLL.GetUserClaims(user.UserName);
var userClaims = new List <Claim>()
{
new Claim(ClaimTypes.Name, userRoles.UserName),
new Claim(ClaimTypes.Email, userRoles.Email)
};
foreach (RoleMaster rm in userRoles.Roles)
{
userClaims.Add(new Claim(ClaimTypes.Role, rm.RollName));
}
var grandmaIdentity = new ClaimsIdentity(userClaims, "User Identity");
var userPrincipal = new ClaimsPrincipal(new[] { grandmaIdentity });
HttpContext.SignInAsync(userPrincipal);
return(RedirectToAction("Index", "Home"));
}
return(View(user));
}
public async Task SecurePasswordHasher_test()
{
var hash = SecurePasswordHasher.Hash("2324");
var v = SecurePasswordHasher.Verify("2324", hash);
v.ShouldBeTrue();
}
public async Task <ActionResult <ApplicationUser> > DeleteApplicationUser(int id, ApplicationUser currentUser)
{
string cookieValue;
try
{
Request.Cookies.TryGetValue("user_id", out cookieValue);
if (Convert.ToInt32(cookieValue) != id)
{
return(Unauthorized());
}
}
catch
{
return(BadRequest());
}
var applicationUser = await _context.ApplicationUsers.FindAsync(id);
if (applicationUser == null)
{
return(NotFound());
}
if (!SecurePasswordHasher.Verify(currentUser.password, applicationUser.password))
{
return(Unauthorized());
}
_context.ApplicationUsers.Remove(applicationUser);
await _context.SaveChangesAsync();
Response.Cookies.Delete("user_id");
return(applicationUser);
}
public async Task <IActionResult> PutPreferences(int id, ApplicationUser applicationUser)
{
var userList = _context.ApplicationUsers.Where(u => u.username.Equals(applicationUser.username) && u.Id == id);
if (!(userList.Count() > 0) || !SecurePasswordHasher.Verify(applicationUser.password, userList.FirstOrDefault().password))
{
return(BadRequest());
}
var user = userList.FirstOrDefault();
user.sitePref = applicationUser.sitePref;
user.reversePref = applicationUser.reversePref;
user.typePref = applicationUser.typePref;
user.sortPref = applicationUser.sortPref;
_context.Entry(user).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!ApplicationUserExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(NoContent());
}
/// <summary>
/// Verfies the auth password. Throws an exception if not valid.
/// </summary>
/// <param name="auth"></param>
/// <param name="password"></param>
private void VerifyAuthPassword(AuthModel auth, string password)
{
if (auth == null || !SecurePasswordHasher.Verify(password, auth.Password))
{
throw new PasswordException();
}
}
public HttpResponseMessage PostSignIn([FromBody] User user)
{
IEnumerable <DBUser> usrs = db.Users.AsEnumerable().Where(u =>
u.Email.Equals(user.Email) &&
SecurePasswordHasher.Verify(user.Password, u.PassHash)
);
if (usrs.Count() == 0)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid User", Configuration.Formatters.JsonFormatter));
}
DBUser profile = usrs.First();
if (profile == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid User", Configuration.Formatters.JsonFormatter));
}
else
{
AuthenticationModule authentication = new AuthenticationModule();
string token = authentication.GenerateTokenForUser(profile.Email, profile.Id);
return(Request.CreateResponse(HttpStatusCode.OK, token, Configuration.Formatters.JsonFormatter));
}
}
public Guest Validate(string username, string password)
{
using (var context = new HotelManagementContext())
{
return(context.Guests.First(x => x.Username.ToLower() == username && SecurePasswordHasher.Verify(password, x.PasswordHash)));
}
}
public IActionResult UpdatePassword([FromBody] UpdatePassword updatePassword)
{
int?id = User.GetUserId();
if (id == null)
{
return(BadRequest());
}
var user = _authHandler.FindById((int)id);
if (user == null)
{
return(BadRequest());
}
if (!SecurePasswordHasher.Verify(updatePassword.CurrentPassword, user.PasswordHash))
{
ModelState.AddModelError("Fail", "Password is incorrect");
return(BadRequest(ModelState));
}
user.PasswordHash = SecurePasswordHasher.Hash(updatePassword.Password);
_authHandler.Update(user);
return(Ok());
}
public OperationResponse Login(LoginModel model)
{
var user = _userService.Get(model.Email);
if (user == null)
{
return new OperationResponse()
{
Success = false, Message = "User not found"
}
}
;
bool isPasswordCorrect = SecurePasswordHasher.Verify(model.Password, user.Password);
if (!isPasswordCorrect)
{
return new OperationResponse()
{
Success = false, Message = "Invalid password"
}
}
;
var token = GenerateJwtToken(user);
return(new OperationResponse {
Success = true, Data = new Dictionary <string, object> {
{ "token", token }
}
});
}
public async Task <IActionResult> ChangePassword(ChangePasswordViewModel model)
{
if (ModelState.IsValid)
{
var user = await _api.GetAsync <UserModel>($"/users/{UserID}");
if (user != null && SecurePasswordHasher.Verify(model.OldPassword, user.Password))
{
if (model.NewPassword == model.OldPassword)
{
//New password must be different that current password
ModelState.AddModelError("CustomError", $"New password must be different that current password.");
}
else if (model.NewPassword == model.ConfirmPassword)
{
user.Password = SecurePasswordHasher.Hash(model.NewPassword);
await _api.PutAsync($"/users/{UserID}", user);
return(RedirectToAction("Index"));
}
else
{
//passwords did not match
ModelState.AddModelError("CustomError", $"Passwords did not match.");
}
}
else
{
//old password was not correct
ModelState.AddModelError("CustomError", $"Password was not correct.");
}
}
return(View(model));
}
public IHttpActionResult Authenticate(User user)
{
var loginRequest = new User
{
Username = user.Username,
Password = user.Password
};
User databaseUser;
if (user != null)
{
databaseUser = DatabaseAccessModel.GetUserByUsername(loginRequest.Username);
var isUsernamePasswordValid = SecurePasswordHasher.Verify(loginRequest.Password, databaseUser.Password);
if (isUsernamePasswordValid)
{
//loginRequest.id = databaseUser.id;
loginRequest.Role = databaseUser.Role;
//var token = CreateToken(loginRequest.Username);
var token = CreateToken(loginRequest.Role, loginRequest.Username);
return(Ok(token));
}
}
return(Unauthorized());
}
public JsonResult IsValidPassword1(string Password1, string IdPessoa)
{
if (Password1 == null)
{
return(Json(new string("Password inválida!")));
}
Pessoa Pessoa = _context.Pessoas.SingleOrDefault(p => p.NumCC == IdPessoa);
if (Pessoa == null)
{
return(Json(false));
}
if (SecurePasswordHasher.Verify(Password1, Pessoa.Password))
{
return(Json(new string("A nova password não pode ser igual à sua password antiga!")));
}
if (HelperFunctions.IsValidPassword(Password1))
{
return(Json(true));
}
else
{
return(Json(new string("A Password tem de possuir 8 carateres, um carater maiúsculo, um mínusculo e um número!")));
}
}
public IActionResult ChangeLogin(User obj)
{
int?id = HttpContext.Session.GetInt32("test");
var data = (from item in baza.Users where item.Id == id select item).FirstOrDefault();
if (SecurePasswordHasher.Verify(obj.password, data.password) == false)
{
TempData["Namak"] = "Password sxal e";
return(Redirect("/user/ChangeLogin"));
}
else
{
var log = (from item in baza.Users where item.login == obj.login select item).Count();
if (log > 0)
{
TempData["Namak"] = "Login@ zbaxvac e";
return(Redirect("/user/ChangeLogin"));
}
else
{
data.login = obj.login;
baza.SaveChanges();
}
}
return(Redirect("/user/Profile"));
}
public async Task <LoginResponseDto> Login(LoginDto loginUser)
{
var user = await GetByEmail(loginUser.Email);
if (user == null)
{
throw new Exception("Email doesn't exist");
}
if (!SecurePasswordHasher.Verify(loginUser.Password, user.PasswordHash))
{
throw new Exception("Password incorrect");
}
user.LastLoginDate = DateTime.Now;
await _unitOfWork.SaveChangesAsync();
var token = GenerateJwtToken(user);
return(new LoginResponseDto
{
Token = token,
User = _mapper.Map <UserDto>(user)
});
}
public async Task <User> Login(string userName, string password)
{
var request = GraphQLQueryManager.GetQueryRequest(
GraphQLQueryManager.QueryRequest.GetUserByUserName, new
{
UserName = userName
});
var response = await this._Client.PostAsync(request);
var users = response.GetDataFieldAs <ICollection <User> >("User");
if (!users.Any())
{
throw new AccountNotFoundException(userName);
}
var user = users.First();
if (!SecurePasswordHasher.Verify(password, user.PasswordHash))
{
throw new WrongPasswordException();
}
return(user);
}
public JsonResult IsValidPassword(string Password, string Username)
{
if (Password == null)
{
return(Json(new string("Password incorrecta!")));
}
Pessoa Pessoa = _context.Pessoas.SingleOrDefault(p => p.Username == Username);
if (Pessoa == null)
{
return(Json(false));
}
if (String.IsNullOrWhiteSpace(Pessoa.Password))
{
if (HelperFunctions.IsValidPassword(Password))
{
return(Json(true));
}
else
{
return(Json(new string("A Password tem de possuir 8 carateres, um carater maiúsculo, um mínusculo e um número!")));
}
}
if (SecurePasswordHasher.Verify(Password, Pessoa.Password))
{
return(Json(true));
}
else
{
return(Json(new string("A password está incorrecta!")));
}
}
public async Task <IActionResult> OnPostAsync(string button)
{
if (button != "submit")
{
// the user clicked the "cancel" button
var context = await _interaction.GetAuthorizationContextAsync(ReturnUrl);
if (context != null)
{
// if the user cancels, send a result back into IdentityServer as if they
// denied the consent (even if this client does not require consent).
// this will send back an access denied OIDC error response to the client.
await _interaction.GrantConsentAsync(context, ConsentResponse.Denied);
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
return(Redirect(ReturnUrl));
}
else
{
// since we don't have a valid context, then we just go back to the home page
return(Redirect("~/"));
}
}
if (ModelState.IsValid)
{
var user = await _userManager.FindByEmailAsync(Input.Email);
var factors = await _multiFactorUserStore.GetFactorsAsync(user, CancellationToken.None);
var factorDictionary = new Dictionary <string, ApplicationFactor>();
foreach (var factor in factors)
{
factorDictionary.Add(factor.Challenge, factor);
}
bool challengeResponseValid = true;
foreach (var inputFactor in Input.Factors)
{
var factor = factorDictionary[inputFactor.Challenge];
challengeResponseValid = SecurePasswordHasher.Verify(inputFactor.ChallengeResponse, factor.ChallengeResponseHash);
if (!challengeResponseValid)
{
ModelState.AddModelError(string.Empty, $"{inputFactor.Challenge}: Invalid Challenge Response.");
}
}
if (challengeResponseValid)
{
// we can now signin.
await _signInManager.SignInAsync(user, false, IdentityConstants.ApplicationScheme);
return(LocalRedirect(ReturnUrl));
}
}
return(Page());
}
public BucketListSignInResult SignInUser(string email, string password)
{
BucketListSignInResult result = new BucketListSignInResult();
result.Errors = new List <string>();
User user = _context.Users.Single(x => x.Email == email);
if (user != null)
{
if (SecurePasswordHasher.Verify(password, user.PasswordHash))
{
result.Succeeded = true;
}
else
{
result.Errors.Add("Password was incorrect");
result.Succeeded = false;
}
}
else
{
result.Errors.Add("Couldn't find user");
result.Succeeded = false;
}
return(result);
}
public async Task <IActionResult> Login(Users user)
{
string pass = user.Password;
user = (from item in context.Users where item.Login == user.Login
select item)
.ToList().FirstOrDefault();
if (user == null)
{
TempData["msg"] = "Login sxal en";
return(Redirect("/"));
}
else
{
Users current = user;
if (!SecurePasswordHasher.Verify(pass, current.Password))
{
//TempData["msg"] = "password sxal en";
return(Redirect("/"));
}
}
HttpContext.Session.SetString("user", user.Id.ToString());
await Authenticate(user.Login);
return(Redirect("/User/Profile"));
}
public async Task <IActionResult> Login([FromForm] User user)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var dbUser = await _context.User.SingleOrDefaultAsync(c => c.Email == user.Email);
bool verified = SecurePasswordHasher.Verify(user.Password, dbUser.Password);
if (verified == true)
{
var token = Authentication.GenerateToken(dbUser.Username, _configuration);
var retVal = new
{
dbUser.UserID,
dbUser.Email,
dbUser.Username,
Token = new JwtSecurityTokenHandler().WriteToken(token)
};
return(Ok(retVal));
}
else
{
return(Unauthorized());
}
}