Пример #1
0
        public IActionResult Add()
        {
            if (ModelState.IsValid)
            {
                Passwd.UserId = Functions.getUser(_cache).Id;                                  // get logged user
                var masterPassword = _cache.Get(CacheNames.masterPassword).ToString();         // get current user masterpassword
                var encrypted      = AESHelper.EncryptString(Passwd.Password, masterPassword); // encrypt with masterpassword
                Passwd.Password = Convert.ToBase64String(encrypted);                           // add encypted password as a string to variable
                _db.Passwds.Add(Passwd);                                                       // add var to database

                ActionType actionType = new ActionType()
                {
                    Action = "Add password to database",
                    UserId = Passwd.UserId,
                    Time   = DateTime.Now
                };
                Functions.AddActionToDatabase(_db, actionType);


                _db.SaveChanges(); // save database
                return(RedirectToAction("Index"));
            }

            return(View(Passwd));
        }
Пример #2
0
        public IActionResult Decrypt(int id)
        {
            if (_cache.Get(CacheNames.getMasterPassword).ToString() != "1") // ask user for masterpassword first time
            {
                return(RedirectToAction("MasterPassword"));
            }
            Passwd toDecrypt = _db.Passwds.Where(a => a.Id == id).FirstOrDefault(); // get password to decrypt by id
            User   usr       = Functions.getUser(_cache);

            if (toDecrypt.UserId != usr.Id)
            {
                var        sharedPass = _db.SharedPasswds.Where(a => a.UserSharedId == usr.Id).ToList();
                List <int> ids        = new List <int>();

                foreach (SharedPasswd sPass in sharedPass)
                {
                    ids.Add(sPass.PasswdId);
                }

                if (!ids.Contains(toDecrypt.Id))
                {
                    return(RedirectToAction("Index"));
                }
            }

            ActionType actionType = new ActionType()
            {
                Action = "Decrypt password id=" + id,
                UserId = usr.Id,
                Time   = DateTime.Now
            };

            Functions.AddActionToDatabase(_db, actionType);

            var decrypt       = Convert.FromBase64String(toDecrypt.Password); // covnvert string into byte[] to decrypt
            var passwordOwner = _db.Users.Where(a => a.Id == toDecrypt.UserId).FirstOrDefault();

            toDecrypt.Password = AESHelper.DecryptToString(decrypt, passwordOwner.Password);  // decrypting password

            AppViewModel appViewModel = new AppViewModel
            {
                User   = Functions.getUser(_cache),
                Logged = Functions.getLogged(_cache),
                Passwd = toDecrypt
            };

            return(View(appViewModel));
        }
Пример #3
0
        public IActionResult Logout()
        {
            ActionType actionType = new ActionType()
            {
                Action = "Log out",
                UserId = Functions.getUser(_cache).Id,
                Time   = DateTime.Now
            };

            Functions.AddActionToDatabase(_db, actionType);

            _cache.Remove(CacheNames.readMode);
            _cache.Remove(CacheNames.user);
            _cache.Remove(CacheNames.logged);
            _cache.Remove(CacheNames.masterPassword);
            _cache.Remove(CacheNames.getMasterPassword);
            return(RedirectToAction("Login"));
        }
Пример #4
0
        public IActionResult Edit()
        {
            var password = _db.Passwds.Where(a => a.Id == Passwd.Id).FirstOrDefault();

            if (password.UserId == Functions.getUser(_cache).Id)
            {
                if (ModelState.IsValid)
                {
                    var oldPassword    = password.Password;
                    var masterPassword = _cache.Get(CacheNames.masterPassword).ToString();         // get current user masterpassword
                    var encrypted      = AESHelper.EncryptString(Passwd.Password, masterPassword); // encrypt with masterpassword
                    password.Password   = Convert.ToBase64String(encrypted);                       // add encypted password as a string to variable
                    password.WebAddress = Passwd.WebAddress;
                    password.Login      = Passwd.Login;

                    ActionType actionType = new ActionType()
                    {
                        Action = "Edit password id=" + password.Id,
                        UserId = password.UserId,
                        Time   = DateTime.Now
                    };
                    Functions.AddActionToDatabase(_db, actionType);

                    PasswdHistory passwdHistory = new PasswdHistory()
                    {
                        NewPasswd = password.Password,
                        OldPasswd = oldPassword,
                        Time      = DateTime.Now,
                        UserId    = password.UserId,
                        PasswdId  = password.Id
                    };


                    Functions.AddHistoryToDatabase(_db, passwdHistory);

                    _db.SaveChanges(); // save database
                    return(RedirectToAction("Index"));
                }
                return(View(Passwd));
            }
            _cache.Set(CacheNames.error4, "You are not the owner");
            return(RedirectToAction("Index"));
        }
Пример #5
0
        public IActionResult Signin()
        {
            var       ip      = HttpContext.Connection.RemoteIpAddress.ToString();
            AddressIP address = _db.AddressIPs.Where(a => a.Address == ip).FirstOrDefault();

            if (address == null)
            {
                address = new AddressIP()
                {
                    Address   = ip,
                    Correct   = 0,
                    Incorrect = 1
                };
                _db.AddressIPs.Add(address);
            }

            if (Functions.IsIpBlocked(address))
            {
                if (_db.Users.Where(a => a.Nickname == App.User.Nickname).FirstOrDefault <User>() is User user)
                {
                    var lastAttempt = _db.LoginAttempts.Where(a => a.AddressIp == ip && a.UserId == user.Id)
                                      .OrderByDescending(a => a.Date).FirstOrDefault();
                    if (lastAttempt == null)
                    {
                        lastAttempt = new LoginAttempt()
                        {
                            Attempt = 0
                        };
                    }

                    if (Functions.IsUserBlocked(user))
                    {
                        user = Functions.UnblockUser(user);
                    }

                    if (Functions.Login(user, App.User.Password))
                    {
                        LoginAttempt loginAttempt = new LoginAttempt()
                        {
                            UserId     = user.Id,
                            AddressIp  = ip,
                            Attempt    = 0,
                            Date       = DateTime.Now,
                            Successful = true
                        };

                        address.Correct   = 1;
                        address.Incorrect = 0;

                        _db.LoginAttempts.Add(loginAttempt);

                        ActionType actionType = new ActionType()
                        {
                            Action = "Log in",
                            UserId = user.Id,
                            Time   = DateTime.Now
                        };
                        Functions.AddActionToDatabase(_db, actionType);

                        _db.SaveChanges();

                        _cache.Set(CacheNames.readMode, "0");  // set cache variables
                        _cache.Set(CacheNames.user, user);
                        _cache.Set(CacheNames.logged, "1");
                        _cache.Set(CacheNames.masterPassword, user.Password);
                        _cache.Set(CacheNames.getMasterPassword, "0");
                        return(RedirectToAction("Index", "Home"));
                    }
                    else if (Functions.IsUserBlocked(user))
                    {
                        error = "\n\nKonto jest zablokowane do " + user.AccountBlockDate;
                    }
                    else
                    {
                        LoginAttempt failedLoginAttempt = new LoginAttempt()
                        {
                            UserId     = user.Id,
                            AddressIp  = ip,
                            Attempt    = lastAttempt.Attempt + 1,
                            Date       = DateTime.Now,
                            Successful = false
                        };
                        switch (failedLoginAttempt.Attempt)
                        {
                        case 1: break;

                        case 2: user.AccountBlockDate = DateTime.Now.AddSeconds(15); user.IsAccountBlocked = true; break;

                        case 3: user.AccountBlockDate = DateTime.Now.AddSeconds(30); user.IsAccountBlocked = true; break;

                        case 4: user.AccountBlockDate = DateTime.Now.AddMinutes(2); user.IsAccountBlocked = true; break;

                        default: user.AccountBlockDate = DateTime.Now.AddYears(30); user.IsAccountBlocked = true; break;
                        }

                        address.Incorrect++;
                        switch (address.Incorrect)
                        {
                        case 1: break;

                        case 2: break;

                        case 3: break;

                        case 4: break;

                        case 5: address.IpBlockDate = DateTime.Now.AddSeconds(15); break;

                        case 6: address.IpBlockDate = DateTime.Now.AddSeconds(30); break;

                        default: address.IpBlockDate = DateTime.Now.AddMinutes(1); break;
                        }

                        _db.LoginAttempts.Add(failedLoginAttempt);
                        _db.SaveChanges();

                        if (Functions.IsUserBlocked(user))
                        {
                            error = "Konto jest zablokowane do " + user.AccountBlockDate;
                        }
                    }
                }
            }
            if (address.IpBlockDate > DateTime.Now)
            {
                error2 = "Twoje IP jest zablokowane do " + address.IpBlockDate;
            }


            AppViewModel appViewModel = new AppViewModel
            {
                User   = App.User,
                Logged = Functions.getLogged(_cache),
                Error  = error,
                Error2 = error2
            };

            return(View("Login", appViewModel));
        }