public void Dont_Auth_Correct_User_With_Invalid_Captcha_1() { // Arrange LoginViewModel userData = new LoginViewModel { Login = "******", Password = "******", Captcha = "bad" }; string storedPasswordHash = Convert.ToBase64String(HashPassword.HashPass(userData.Password.ToCharArray(), new byte[0])); IAuthProvider authProv = new FormsAuthProvider(userData.Login, storedPasswordHash, ""); AccountController target = new AccountController(authProv); SessionStorage storage = SessionStorage.Current; string captcha = "54asd#213_54WQExz"; storage.CaptchaCode = captcha; // Act ActionResult result = target.Login(userData, "#true", storage); // Assert Assert.IsInstanceOfType(result, typeof(ViewResult)); Assert.IsFalse(((ViewResult)result).ViewData.ModelState.IsValid); Assert.IsTrue(storage.UnsucLoginAttempts == 1); }
public UserModel Login(string username, string password) { User user = _userRepository.GetAll().FirstOrDefault(u => u.Username == username); if (user == null) { throw new UserException($"User with username:\"{username}\" does not exist!"); } string hashedPasswor = HashPassword.HashPass(password); if (user.Password != hashedPasswor) { throw new UserException($"Password does not match with user password with username:\"{username}\""); } UserModel userModel = new UserModel() { Id = user.Id, FirstName = user.Firstname, LastName = user.Lastname, UserName = user.Username, }; return(userModel); }
public RegisterUserResponse RegisterUser(RegisterUserRequest request) { var checkUser = _context.Client.Any(p => p.Login.Equals(request.Login) || p.Email.Equals(request.Email)); if (checkUser) { throw new UserExistsException(); } if (!MailValidator.IsValidMail(request.Email)) { throw new InvalidMail(); } var salt = SaltGenerator.GenerateSalt(); var hashedPass = HashPassword.HashPass(request.Password, salt); var client = new Client() { FirstName = request.FirstName, LastName = request.LastName, Email = request.Email, Phone = request.Phone, Login = request.Login, Password = hashedPass, Salt = salt }; var userclaim = new[] { new Claim(ClaimTypes.NameIdentifier, Convert.ToString(client.IdClient)), new Claim(ClaimTypes.Name, request.FirstName), new Claim(ClaimTypes.Role, "Client") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer: "AdCompany", audience: "Clients", claims: userclaim, expires: DateTime.Now.AddMinutes(5), signingCredentials: creds ); client.RefreshToken = Guid.NewGuid().ToString(); client.ExpireDate = DateTime.Now.AddDays(1); _context.Client.Add(client); _context.SaveChanges(); return(new RegisterUserResponse() { AccessToken = new JwtSecurityTokenHandler().WriteToken(token), RefreshToken = client.RefreshToken }); }
public void Register(RegisterModel registerModel) { string username = _userRepository.GetAll() .Where(u => u.Username == registerModel.Username) .Select(u => u.Username) .ToString(); if (username != null) { throw new UserException($"User with username:{registerModel.Username} already exists!"); } if (string.IsNullOrWhiteSpace(registerModel.Password) || string.IsNullOrWhiteSpace(registerModel.ConfirmPassword)) { throw new UserException("Password required!"); } if (registerModel.Password != registerModel.ConfirmPassword) { throw new UserException($"Passwords do not match!"); } if (string.IsNullOrWhiteSpace(registerModel.FirstName) || string.IsNullOrWhiteSpace(registerModel.LastName)) { throw new UserException("Both Firstnam and Lastname are required!"); } if (string.IsNullOrWhiteSpace(registerModel.Username)) { throw new UserException("Username is required!"); } string hashedPasswor = HashPassword.HashPass(registerModel.Password); User user = new User() { Firstname = registerModel.FirstName, Lastname = registerModel.LastName, Username = registerModel.Username, Password = hashedPasswor }; _userRepository.Insert(user); }
public void Dont_Auth_Incorrect_User() { // Arrange LoginViewModel userData = new LoginViewModel { Login = "******", Password = "******" }; string storedPasswordHash = Convert.ToBase64String(HashPassword.HashPass("pass".ToCharArray(), new byte[0])); IAuthProvider authProv = new FormsAuthProvider(userData.Login, storedPasswordHash, ""); AccountController target = new AccountController(authProv); // Act ActionResult result = target.Login(userData, "#true", SessionStorage.Current); // Assert Assert.IsInstanceOfType(result, typeof(ViewResult)); Assert.IsFalse(((ViewResult)result).ViewData.ModelState.IsValid); }
public LoginResponse Login(LoginRequest request) { var client = _context.Client.FirstOrDefault(p => p.Login == request.Login); if (client == null) { throw new UserNotFound(); } var passwordToCompare = HashPassword.HashPass(request.Password, client.Salt); if (!passwordToCompare.Equals(client.Password)) { throw new UserNotFound(); } var userclaim = new[] { new Claim(ClaimTypes.NameIdentifier, client.IdClient.ToString()), new Claim(ClaimTypes.Name, client.FirstName), new Claim(ClaimTypes.Role, "Client"), }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer: "AdCompany", audience: "Clients", claims: userclaim, expires: DateTime.Now.AddMinutes(5), signingCredentials: creds ); client.RefreshToken = Guid.NewGuid().ToString(); client.ExpireDate = DateTime.Now.AddDays(1); _context.SaveChanges(); return(new LoginResponse() { AccessToken = new JwtSecurityTokenHandler().WriteToken(token), RefreshToken = client.RefreshToken }); }
public void Auth_Correct_User() { // Arrange LoginViewModel userData = new LoginViewModel { Login = "******", Password = "******" }; string storedPasswordHash = Convert.ToBase64String(HashPassword.HashPass(userData.Password.ToCharArray(), new byte[0])); IAuthProvider authProv = new FormsAuthProvider(userData.Login, storedPasswordHash, ""); AccountController target = new AccountController(authProv); SessionStorage storage = SessionStorage.Current; // Act ActionResult result = target.Login(userData, "#true", storage); // Assert Assert.IsInstanceOfType(result, typeof(RedirectResult)); Assert.IsTrue(((RedirectResult)result).Url.Contains("#true")); }
public void RemindPass(string email, string url) { // Создаем данные для отправки // Генерируем код потверждения string code = JsonConvert.SerializeObject(new { guid = Guid.NewGuid(), login = login }); code = code.Replace('"', '\''); url = url + "?code=" + code; char[] newPass = HashPassword.GeneratePassword(6); // Генерируем новый пароль длиной в 6 символов // Отправляем письмо с паролем и кодом подтверждения MailSender.SendEmailToNewPass(email, login, newPass, url, MailSender.FromEmailServer.gmail); logger.Warn(string.Format("Mail to recover access sended to email: '{0}'.", email)); // Сохраняем новый пароль, код подтверждения и дату устаревания в хранилище данных string newPassHash = Convert.ToBase64String(HashPassword.HashPass(newPass, new byte[0])); BlogSettings.Current.TurnOnPassRemind(newPassHash, code, DateTime.Now.AddDays(1)); }
public ActionResult SettingsPost(SettingsIndexViewModel model) { if (ModelState.IsValid) { if (!string.IsNullOrEmpty(model.NewPassword) && string.IsNullOrEmpty(model.CurrentPassword)) { ModelState.AddModelError("CurrentPassword", "Для смены пароля нужно указать текущий пароль"); } else if (string.IsNullOrEmpty(model.NewPassword) && !string.IsNullOrEmpty(model.CurrentPassword)) { ModelState.AddModelError("NewPassword", "Вы не указали новый пароль"); } } string newPassHash = null; // если производится корректная смена пароля, то ниже получит значение if (ModelState.IsValid && !string.IsNullOrEmpty(model.NewPassword)) { // Берем логин с сервера, потому что на клиенте он мог измениться if (authProvider.IsValidUser(BlogSettings.Current.AdminLogin, model.CurrentPassword.ToCharArray())) { // Получаем хэш пароля newPassHash = Convert.ToBase64String( HashPassword.HashPass(model.NewPassword.ToCharArray(), new byte[0])); } else { ModelState.AddModelError("CurrentPassword", "Указанный пароль не соответствует текущему"); } } if (ModelState.IsValid) { // Сохранение новых настроек BlogSettings.Current.ChangeSettings(model.Settings, newPassHash, false); BlogEngineTK.WebUI.MvcApplication.ClearAppCache(); } return(View(model)); }
public EnrollStudentResponse EnrollStudent(EnrollStudentRequest request) { var response = new EnrollStudentResponse(); using (var con = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18963;Integrated Security=True")) { using (var com = new SqlCommand()) { com.Connection = con; com.CommandText = "Select * From Studies Where Name = @Name"; com.Parameters.AddWithValue("Name", request.Studies); con.Open(); var trans = con.BeginTransaction(); com.Transaction = trans; var dr = com.ExecuteReader(); if (!dr.Read()) { dr.Close(); trans.Rollback(); return(null); } int idStudy = (int)dr["IdStudy"]; dr.Close(); com.CommandText = "Select * From Enrollment Where Semester = 1 And IdStudy = @idStudy"; int IdEnrollment = (int)dr["IdEnrollemnt"] + 1; com.Parameters.AddWithValue("IdStudy", idStudy); dr = com.ExecuteReader(); if (dr.Read()) { dr.Close(); com.CommandText = "Select MAX(idEnrollment) as 'idEnrollment' From Enrollment"; dr = com.ExecuteReader(); dr.Close(); DateTime StartDate = DateTime.Now; com.CommandText = "Insert Into Enrollment(IdEnrollment, Semester, IdStudy, StartDate, Password) Values (@IdEnrollemnt, 1, @IdStudy, @StartDate, @Password)"; com.Parameters.AddWithValue("IdEnrollemnt", IdEnrollment); com.Parameters.AddWithValue("StartDate", StartDate); com.ExecuteNonQuery(); } dr.Close(); com.CommandText = "Select * From Student Where IndexNumber=@IndexNumber"; com.Parameters.AddWithValue("IndexNumber", request.IndexNumber); dr = com.ExecuteReader(); if (!dr.Read()) { var salt = SaltGenerator.GenerateSalt(); dr.Close(); com.CommandText = "Insert Into Student(IndexNumber, FirstName, LastName, Birthdate, IdEnrollment, Password, Salt) Value (@IndexNumber, @FirstName, @LastName, @BirthDate, @IdEnrollment, @Password, @Salt)"; com.Parameters.AddWithValue("FirstName", request.FirstName); com.Parameters.AddWithValue("LastName", request.LastName); com.Parameters.AddWithValue("BirthDate", request.BirthDate); com.Parameters.AddWithValue("IdEnrollment", IdEnrollment); com.Parameters.AddWithValue("Password", HashPassword.HashPass(request.Password, salt)); com.Parameters.AddWithValue("Salt", salt); com.ExecuteNonQuery(); dr.Close(); response.Semester = 1; } else { dr.Close(); trans.Rollback(); throw new Exception("You can't add student with the same index number"); } trans.Commit(); } } return(response); }
public IActionResult Login(LoginRequest request) { var student = new Student(); using (var con = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18963;Integrated Security=True")) { using (var com = new SqlCommand()) { //login can be moved to service com.Connection = con; var salt = String.Empty; var password = String.Empty; com.CommandText = "Select IndexNumber, FirstName Password, Salt From Student Where IndexNumber = @login"; com.Parameters.AddWithValue("login", request.Login); con.Open(); var dr = com.ExecuteReader(); if (!dr.Read()) { return(NotFound("Specified student was not found.")); } student.IndexNumber = dr["IndexNumber"].ToString(); student.FirstName = dr["FirstName"].ToString(); password = dr["Password"].ToString(); salt = dr["Salt"].ToString(); var passToCompare = HashPassword.HashPass(request.Password, salt); if (!password.Equals(passToCompare)) { return(BadRequest("Wrong login or password")); } dr.Close(); var userclaim = new[] { new Claim(ClaimTypes.NameIdentifier, student.IndexNumber), new Claim(ClaimTypes.Name, student.FirstName), new Claim(ClaimTypes.Role, "Student"), }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer: "Gakko", audience: "Students", claims: userclaim, expires: DateTime.Now.AddMinutes(1), signingCredentials: creds ); student.RefreshToken = Guid.NewGuid().ToString(); student.RefreshTokenExpirationDate = DateTime.Now.AddDays(1); com.CommandText = "Update Student set RefreshToken = @RefreshToken and RefreshTokenExpirationDate = @ExpDate"; com.Parameters.AddWithValue("RefreshToken", student.RefreshToken); com.Parameters.AddWithValue("ExpDate", student.RefreshTokenExpirationDate); return(Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token), refreshToken = student.RefreshToken })); } } }