public async Task ValidadeUserPasswordForHistoryAsync_Invalid_False()
{
// Arrange
var cxn = new SqlConnectionWrapperMock();
var repository = new SqlUserRepository(cxn.Object, cxn.Object);
const int userId = 99;
var userSalt = new Guid();
const string newPassword = "******";
var passwordHystory = new List <SqlUserRepository.HashedPassword>
{
new SqlUserRepository.HashedPassword {
Password = HashingUtilities.GenerateSaltedHash(newPassword, userSalt), UserSALT = userSalt
}
};
cxn.SetupQueryAsync(
"GetLastUserPasswords",
new Dictionary <string, object>
{
{ "@userId", userId }
},
passwordHystory);
// Act
var result = await repository.ValidateUserPasswordForHistoryAsync(userId, newPassword);
// Assert
cxn.Verify();
Assert.AreEqual(false, result);
}
public async Task <FullStubModel> AddStubAsync(StubModel stub)
{
if (string.IsNullOrWhiteSpace(stub.Id))
{
// If no ID is sent, create one here.
var id = HashingUtilities.GetMd5String(JsonConvert.SerializeObject(stub));
stub.Id = $"stub-{id}";
}
// Check that a stub with the new ID isn't already added to a readonly stub source.
var stubs = await GetStubsAsync(true);
if (stubs.Any(s => string.Equals(stub.Id, s.Stub.Id, StringComparison.OrdinalIgnoreCase)))
{
throw new ConflictException($"Stub with ID '{stub.Id}'.");
}
var source = GetWritableStubSource();
await source.AddStubAsync(stub);
return(new FullStubModel {
Stub = stub, Metadata = new StubMetadataModel {
ReadOnly = false
}
});
}
/// <summary>
/// Sets an autogenerated ID on a stub if no ID has been set yet.
/// </summary>
/// <param name="stub">The stub.</param>
/// <returns>The stub ID.</returns>
public static string EnsureStubId(this StubModel stub)
{
if (!string.IsNullOrWhiteSpace(stub.Id))
{
return(stub.Id);
}
var id = $"generated-{HashingUtilities.GetMd5String(JsonConvert.SerializeObject(stub))}";
stub.Id = id;
return(id);
}
public void GetMd5String_HappyFlow()
{
// Arrange
var input = "test 123";
var expectedOutput = "39d0d586a701e199389d954f2d592720";
// Act
var result = HashingUtilities.GetMd5String(input);
// Assert
Assert.AreEqual(expectedOutput, result);
}
public void GetSha512String_HappyFlow()
{
// Arrange
var input = "test 123";
var expectedOutput = "RNiw9ZCfWvIt1SyjF8exd7hnDQHw8KK1iVcbqV+fyPt6yij3RnZkJS1SsuEmtxH4jjllJO4f3HK3Rjp0hKIcbw==";
// Act
var result = HashingUtilities.GetSha512String(input);
// Assert
Assert.AreEqual(expectedOutput, result);
}
public async Task UpdateUserPasswordAsync(string login, string password)
{
var userSalt = Guid.NewGuid();
var newPassword = HashingUtilities.GenerateSaltedHash(password, userSalt);
var parameters = new DynamicParameters();
parameters.Add("@Login", login);
parameters.Add("@UserSALT", userSalt);
parameters.Add("@Password", newPassword);
await _connectionWrapper.ExecuteAsync("UpdateUserOnPasswordResetAsync", parameters, commandType : CommandType.StoredProcedure);
}
private static void EnsureStubsHaveId(IEnumerable <StubModel> stubs)
{
foreach (var stub in stubs)
{
if (!string.IsNullOrWhiteSpace(stub.Id))
{
continue;
}
// If no ID is set, calculate a unique ID based on the stub contents.
var contents = JsonConvert.SerializeObject(stub);
stub.Id = HashingUtilities.GetMd5String(contents);
}
}
public async Task ResetPassword(AuthenticationUser user, string oldPassword, string newPassword)
{
if (string.IsNullOrEmpty(newPassword))
{
throw new BadRequestException("Password reset failed, new password cannot be empty", ErrorCodes.EmptyPassword);
}
if (oldPassword != null && oldPassword == newPassword)
{
throw new BadRequestException("Password reset failed, new password cannot be equal to the old one", ErrorCodes.SamePassword);
}
if (newPassword.ToLower() == user.Login?.ToLower())
{
throw new BadRequestException("Password reset failed, new password cannot be equal to login name", ErrorCodes.PasswordSameAsLogin);
}
if (newPassword.ToLower() == user.DisplayName?.ToLower())
{
throw new BadRequestException("Password reset failed, new password cannot be equal to display name", ErrorCodes.PasswordSameAsDisplayName);
}
string errorMsg;
if (!PasswordValidationHelper.ValidatePassword(newPassword, true, out errorMsg))
{
throw new BadRequestException("Password reset failed, new password is invalid", ErrorCodes.TooSimplePassword);
}
if (await IsChangePasswordCooldownInEffect(user))
{
throw new ConflictException("Password reset failed, password reset cooldown in effect", ErrorCodes.ChangePasswordCooldownInEffect);
}
if (!await _userRepository.ValidateUserPasswordForHistoryAsync(user.Id, newPassword))
{
throw new BadRequestException("The new password matches a previously used password.", ErrorCodes.PasswordAlreadyUsedPreviously);
}
var newGuid = Guid.NewGuid();
user.UserSalt = newGuid;
user.Password = HashingUtilities.GenerateSaltedHash(newPassword, user.UserSalt);
await _userRepository.UpdateUserOnPasswordResetAsync(user);
}
public async Task <bool> ValidateUserPasswordForHistoryAsync(int userId, string newPassword)
{
var prm = new DynamicParameters();
prm.Add("@userId", userId);
var passwordHistory = await _connectionWrapper.QueryAsync <HashedPassword>("GetLastUserPasswords", prm, commandType : CommandType.StoredProcedure);
foreach (var password in passwordHistory)
{
var newHashedPassword = HashingUtilities.GenerateSaltedHash(newPassword, password.UserSALT);
if (string.Equals(newHashedPassword, password.Password))
{
return(false);
}
}
return(true);
}
public async Task <UserLogInModelOut> LogIn(UserLoginModelIn modelIn, UserTokenSessionModel userTokenSessionModel)
{
UserTokenSession userTokenSession = _mapper.Map <UserTokenSession>(userTokenSessionModel);
UserLogInModelOut response = new UserLogInModelOut();
User user = await _repos.Users.GetUserByEmailAndPassword(modelIn.Email, modelIn.Password);
if (user == null)
{
response.AddError(CustomErrorEnum.UnsuccessfulLogIn);
return(response);
}
response.Id = user.Id;
response.Email = user.Email;
response.EmailIsVerified = user.EmailIsVerified;
response.PhoneNumber = user.PhoneNumber;
response.Token = HashingUtilities.GetHashSHA512(Guid.NewGuid().ToString());
userTokenSession.UserId = user.Id;
userTokenSession.Date = DateTime.UtcNow;
userTokenSession.LastUpdateDate = DateTime.UtcNow;
userTokenSession.Token = response.Token;
await _repos.UserTokenSessions.Create(userTokenSession);
if (await _repos.SaveAsync() == 0)
{
response.AddError(CustomErrorEnum.UnsuccessfulLogIn);
return(response);
}
UserTokenSessionCacheModel clientTokenSessionCacheModel = _mapper.Map <UserTokenSessionCacheModel>(userTokenSession);
_memoryCache.Set(response.Token, clientTokenSessionCacheModel, _cacheExpirationByMinutes.Value);
return(response);
}
private AuthenticationStatus AuthenticateDatabaseUser(AuthenticationUser user, string password, int passwordExpirationInDays = 0)
{
var hashedPassword = HashingUtilities.GenerateSaltedHash(password, user.UserSalt);
if (!string.Equals(user.Password, hashedPassword))
{
return(AuthenticationStatus.InvalidCredentials);
}
if (!user.IsEnabled)
{
return(AuthenticationStatus.Locked);
}
if (HasExpiredPassword(user, passwordExpirationInDays))
{
return(AuthenticationStatus.PasswordExpired);
}
return(AuthenticationStatus.Success);
}
public async Task <FullStubModel> GenerateStubBasedOnRequestAsync(string requestCorrelationId)
{
_logger.LogInformation($"Creating stub based on request with corr.ID '{requestCorrelationId}'.");
// TODO lateron, when the querying is fixed, only query for one request result.
var requestResults = await _stubContext.GetRequestResultsAsync();
var requestResult = requestResults.FirstOrDefault(r => r.CorrelationId == requestCorrelationId);
if (requestResult == null)
{
throw new NotFoundException(nameof(RequestResultModel), requestCorrelationId);
}
var stub = new StubModel();
foreach (var handler in _handlers.OrderByDescending(w => w.Priority))
{
var executed = await handler.HandleStubGenerationAsync(requestResult, stub);
_logger.LogInformation($"Handler '{handler.GetType().Name}'" + (executed ? " executed" : "") + ".");
}
// Set a default response
stub.Response.Text = "OK!";
// Generate an ID based on the created stub.
var contents = JsonConvert.SerializeObject(stub);
stub.Id = "generated-" + HashingUtilities.GetMd5String(contents);
await _stubContext.DeleteStubAsync(stub.Id);
var result = await _stubContext.AddStubAsync(stub);
_logger.LogInformation($"Stub with ID '{stub.Id}' generated!");
return(result);
}
private void PasswordBox_OnLostFocus(object sender, RoutedEventArgs e)
{
UserSignIn.Password = HashingUtilities.GetHash512(passwordBox.Password);
}
private static string CreateHash(string username, string password) =>
HashingUtilities.GetSha512String($"{Salt}:{username}:{password}");
private void ConfPasswordBox_LostFocus(object sender, RoutedEventArgs e)
{
UserSignUp.ConfirmPassword = HashingUtilities.GetHash512(ConfPasswordBox.Password);
}
public async Task <IHttpActionResult> PostPasswordResetAsync([FromBody] ResetPasswordContent content)
{
// the deserializer creates a zero filled guid when none provided
if (content.Token == Guid.Empty || content.Token.GetHashCode() == 0)
{
throw new BadRequestException("Password reset failed, token not provided", ErrorCodes.PasswordResetEmptyToken);
}
var tokens = (await _userRepository.GetPasswordRecoveryTokensAsync(content.Token)).ToList();
if (!tokens.Any())
{
// user did not request password reset
throw new ConflictException("Password reset failed, recovery token not found.", ErrorCodes.PasswordResetTokenNotFound);
}
if (tokens.First().RecoveryToken != content.Token)
{
// provided token doesn't match last requested
throw new ConflictException("Password reset failed, a more recent recovery token exists.", ErrorCodes.PasswordResetTokenNotLatest);
}
var tokenLifespan = await _applicationSettingsRepository.GetValue(PasswordResetTokenExpirationInHoursKey, DefaultPasswordResetTokenExpirationInHours);
if (tokens.First().CreationTime.AddHours(tokenLifespan) < DateTime.Now)
{
// token expired
throw new ConflictException("Password reset failed, recovery token expired.", ErrorCodes.PasswordResetTokenExpired);
}
var userLogin = tokens.First().Login;
var user = await _userRepository.GetUserByLoginAsync(userLogin);
if (user == null)
{
// user does not exist
throw new ConflictException("Password reset failed, the user does not exist.", ErrorCodes.PasswordResetUserNotFound);
}
if (!user.IsEnabled)
{
// user is disabled
throw new ConflictException("Password reset failed, the login for this user is disabled.", ErrorCodes.PasswordResetUserDisabled);
}
string decodedNewPassword;
try
{
decodedNewPassword = SystemEncryptions.Decode(content.Password);
}
catch (Exception)
{
throw new BadRequestException("Password reset failed, the provided password was not encoded correctly", ErrorCodes.PasswordDecodingError);
}
if (decodedNewPassword != null && user.Password == HashingUtilities.GenerateSaltedHash(decodedNewPassword, user.UserSalt))
{
throw new BadRequestException("Password reset failed, new password cannot be equal to the old one", ErrorCodes.SamePassword);
}
// reset password
await _authenticationRepository.ResetPassword(user, null, decodedNewPassword);
// drop user session
var uri = new Uri(WebApiConfig.AccessControl);
var http = _httpClientProvider.Create(uri);
var request = new HttpRequestMessage {
RequestUri = new Uri(uri, $"sessions/{user.Id}"), Method = HttpMethod.Delete
};
await http.SendAsync(request);
return(Ok());
}
