public void TestVerifyFalseKey()
        {
            Dictionary<string, string> insertedData = createRequestData();

            insertedData.Remove("secret");
            insertedData.Add("secret", "shk5");

            String value = "";
            insertedData.TryGetValue("email", out value);
            string authorization = value;
            insertedData.TryGetValue("secret", out value);
            authorization += value + "mg24";

            Request request = new Request(null, RestService.Web_Service.RestMethods.GET, insertedData, null, authorization);

            try
            {
                Authenticator.VerifyHash(request);
                Assert.Fail("No exception was thrown");
            }
            catch (Exception e)
            {
                Assert.AreEqual("No such clientKey exists", e.Message);
            }
        }
        public void TestTokenHandler()
        {
            DatabaseConnection db = new DatabaseConnection("SMU");
            PreparedStatement stmt = db.Prepare("SELECT * FROM user_account WHERE id = 14");

            SqlDataReader reader = db.Query(null, stmt); ;

            User user = null;
            while (reader.Read())
            {
                int id = reader.GetInt32(reader.GetOrdinal("id"));
                string userEmail = reader.GetString(reader.GetOrdinal("email"));
                string userPassword = reader.GetString(reader.GetOrdinal("password_hash"));

                //TODO userdata has to be fetched witht he rast of the data
                user = new User(id, userEmail, userPassword, null);
            }

            Token token = TokenHandler.getToken(user.email, user.password);

            Console.WriteLine(token.token);

            Request preRequest = new Request(null, 0, null, null, token.token);

            Request postRequest = TokenHandler.validateTokenAndGetUser(preRequest);

            Assert.IsTrue(user.id == postRequest.user.id);
        }
        public void TestVerifyFalseHash()
        {
            Dictionary<string, string> insertedData = createRequestData();

            String value = "";
            insertedData.TryGetValue("email", out value);
            string authorization = value;
            insertedData.TryGetValue("secret", out value);
            authorization += value + "mg24";

            authorization = SHAEncrypter.SHAEncrypt(authorization);

            insertedData.Remove("email");
            insertedData.Add("email", "*****@*****.**");

            Request request = new Request(null, RestService.Web_Service.RestMethods.GET, insertedData, null, authorization);

            Assert.IsFalse(Authenticator.VerifyHash(request));
        }
Exemplo n.º 4
0
        public static Request validateTokenAndGetUser(Request request)
        {
            string emailAndPassword = DecryptToken(request.authorization);

            string [] emailAndPasswordArray = emailAndPassword.Split(new string[] { ":::" }, StringSplitOptions.None);

            string email = emailAndPasswordArray[0];
            string password = emailAndPasswordArray[1];
            DateTime expires;
            try
            {
                expires = DateTime.Parse(emailAndPasswordArray[2]);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
                throw new Exception("Token is invalid");
            }

            if (DateTime.Now.CompareTo(expires) > 0)
            {
                Exception ex = new Exception("The token is expired");
                ex.Data.Add("errorCode", 201);

                throw ex;
            }
            else
            {
                User user = GetUser(email, password);

                if (user == null)
                {
                    throw new Exception("Token is invalid");
                }
                else
                {
                    request.user = user;
                    return request;
                }
            }
        }
Exemplo n.º 5
0
        /**
         * The method will return false if it at any point is unable to verify
         * the hash. This can be due to the hash not being present in the request,
         * or the requestHash not matching the verificationHash.
         */
        public static bool VerifyHash(Request request)
        {
            string requestHash = request.authorization;

            /**
             * Declaring verificationString here as part of creating the correct
             * string using an unknown amount of data.
             */
            string verificationString = "";
            foreach (KeyValuePair<string, string> dataPair in request.data)
            { verificationString += dataPair.Value; }

            string hashKey = "";
            if (request.data.TryGetValue("secret", out hashKey))
            { verificationString += GetSecretKey(hashKey); }
            else
            { throw new Exception("Hashkey not found. Cannot look up secretKey"); }

            string verificationHash = SHAEncrypter.SHAEncrypt(verificationString);

            if (verificationHash.Equals(requestHash)) { return true; }
            return false;
        }