Пример #1
0
        public async Task <IdentityResult> ValidateAsync(UserManager <TUser> manager, TUser user, string password)
        {
            var hashedPassword = HashPasswordToSHA1(password);
            Dictionary <string, int> matchedHashes;

            try
            {
                matchedHashes = await _blacklistService.GetBlacklistedHashedPasswords(hashedPassword.Substring(0, 5));
            }
            catch (ApiCallFailedException)
            {
                _trackTelemetry.TrackEvent(EventName.SetPassword, EventType.VulnerablePassword, user.Id);
                return(IdentityResult.Success);
            }

            if (matchedHashes.TryGetValue(hashedPassword.Substring(5), out int timesCompromised) && timesCompromised > _passwordThreshold)
            {
                return(IdentityResult.Failed(
                           new IdentityError()
                {
                    Code = nameof(password),
                    Description = "The password you have entered is known to be vulnerable."
                }
                           ));
            }
            return(IdentityResult.Success);
        }
Пример #2
0
        public async Task <IActionResult> Index()
        {
            var user = await _userManager.GetUserAsync(User);

            if (user == null)
            {
                _trackTelemetry.TrackEvent(EventName.AdminManagement, EventType.Action, EventStatus.UserNotFound);
                return(BadRequest(_messageConstants.RequestUnsuccessful));
            }

            var clients      = _configurationDbContext.Clients.ToList();
            var apiResources = _configurationDbContext.ApiResources.ToList();
            var registeredIdentityResources = _configurationDbContext.IdentityResources.ToList();

            var model = new AdminViewModel
            {
                Clients      = clients,
                ApiResources = apiResources,
                RegisteredIdentityResources          = registeredIdentityResources,
                IdentityResources                    = _identityResources.Values,
                IsRemoveButtonVisibleForClients      = clients.Any(),
                IsRemoveButtonVisibleForApiResources = apiResources.Any()
            };

            return(View(model));
        }
Пример #3
0
        public async Task <IActionResult> Register(RegisterModel model, string returnUrl = null)
        {
            ViewData["ReturnUrl"] = returnUrl;
            if (ModelState.IsValid)
            {
                var user = new IdentityUser {
                    UserName = model.Username, Email = model.Email
                };
                var result = await _userManager.CreateAsync(user, model.Password);

                if (result.Succeeded)
                {
                    await SendEmailConfirmation(user, returnUrl);

                    if (!Guid.TryParse(user.Id, out var userId))
                    {
                        throw new FormatException($"{nameof(user.Id)} could not be parsed as a Guid");
                    }

                    await _registerService.SendUserRegistrationAsync(userId, user.UserName, user.Email);

                    _trackTelemetry.TrackEvent(EventName.Registration, EventType.Method, Providers.Zupa);

                    return(View(nameof(ConfirmEmail)));
                }
                AddErrors(result);
            }

            return(View(model));
        }