public void PasswordHasher_Hash_Fails_WrongOwner()
{
var hasher = new PasswordHasher(11528);
var owner1 = new LongPasswordOwner(1000);
var owner2 = new LongPasswordOwner(1001);
var salt = hasher.GenerateSalt(32);
var password = hasher.GenerateSalt(32);
var hash = hasher.Hash(password, salt, owner1.ToArray);
// Do it a 2nd time with wrong owner and make sure they're not equal
var hash2 = hasher.Hash(password, salt, owner2.ToArray);
Assert.IsFalse(hash2.IsEqual(hash));
}
public UserMockRepository()
{
var hasher = new PasswordHasher();
hasher.GenerateSalt().HashPassword(hasher.Salt, "admin123");
var admin = new User(0, "TestAdmin", hasher.Salt, hasher.Hashed, true);
hasher.GenerateSalt().HashPassword(hasher.Salt, "user123");
var user = new User(1, "TestUser", hasher.Salt, hasher.Hashed);
List = new List <User> {
admin, user
};
}
public void PasswordHasher_Hash_Succeeds()
{
var hasher = new PasswordHasher(11528);
var salt = hasher.GenerateSalt(32);
var password = hasher.GenerateSalt(32);
var hash = hasher.Hash(password, salt);
Assert.IsNotNull(hash);
Assert.IsFalse(hash.IsEqual(password));
// Do it a 2nd time and make sure they're equal
var hash2 = hasher.Hash(password, salt);
Assert.IsTrue(hash2.IsEqual(hash));
}
public long InsertUser(UserModel userModel)
{
userModel.Email = userModel.Email.ToLower();
var user = GetUserByEmail(userModel.Email);
if (user != null)
{
return(-100);
}
var now = DateTime.Now;
var salt = PasswordHasher.GenerateSalt();
var pwdHash = Convert.ToBase64String(PasswordHasher.ComputeHash(userModel.Password, salt));
userModel.CreationDate = now;
userModel.ModificationDate = now;
userModel.ValidationToken = Guid.NewGuid().ToString();
userModel.PasswordSalt = Convert.ToBase64String(salt);
userModel.Password = pwdHash;
var modelId = usersRepository.Insert(userModel);
UnitOfWork.Commit();
return(modelId);
}
public static bool UpdatePassword(string username, string oldPassword, string newPassword)
{
var repo = new UserRepository <UsersModel>(Db);
var users = repo.GetAll();
var userToChange = users.FirstOrDefault(x => x.UserName == username);
if (userToChange == null)
{
return(false);
}
var passwordMatch = PasswordHasher.VerifyPassword(oldPassword, userToChange.Salt, userToChange.Hash);
if (!passwordMatch)
{
throw new SecurityException("Password does not match");
}
var newSalt = PasswordHasher.GenerateSalt();
var newHash = PasswordHasher.ComputeHash(newPassword, newSalt);
userToChange.Hash = newHash;
userToChange.Salt = newSalt;
return(repo.Update(userToChange));
}
public bool UpdatePassword(string username, string oldPassword, string newPassword)
{
var users = Repo.GetAll();
var userToChange = users.FirstOrDefault(x => x.UserName == username);
if (userToChange == null)
{
return(false);
}
var passwordMatch = PasswordHasher.VerifyPassword(oldPassword, userToChange.Salt, userToChange.Hash);
if (!passwordMatch)
{
throw new SecurityException("Incorrect password.");
}
var newSalt = PasswordHasher.GenerateSalt();
var newHash = PasswordHasher.ComputeHash(newPassword, newSalt);
userToChange.Hash = newHash;
userToChange.Salt = newSalt;
return(Repo.Update(userToChange));
}
public async Task <bool> Add(Credential entity)
{
bool success;
byte[] salt = PasswordHasher.GenerateSalt();
string hashedPass = PasswordHasher.HashPassword(entity.Password, salt);
entity.Salt = salt;
entity.Password = hashedPass;
if (_credentialContext.Credentials.Any(p => p.CredentialId == entity.CredentialId) == false)
{
System.Diagnostics.Debug.WriteLine("record doesnt exist, adding credential...");
_credentialContext.Credentials.Add(entity);
success = true;
}
else
{
System.Diagnostics.Debug.Write("record already exists, updating credential...");
Credential existingCredential = _credentialContext.Credentials.FirstOrDefault(p => p.CredentialId == entity.CredentialId);
await this.Update(entity);
success = false;
}
await _credentialContext.SaveChangesAsync();
_credentialContext.Entry(entity).State = EntityState.Detached;
return(success);
}
public async Task <ActionResult <User> > CreateUser(string username, string password, string name)
{
bool userExists = await UserExistsBasedOnEmail(username);
if (!userExists)
{
string salt = PasswordHasher.GenerateSalt(32);
string hashedPassword = PasswordHasher.HashPassword(password, salt);
User user = new()
{
Name = name,
Username = username,
Password = hashedPassword,
Salt = salt,
};
_userRepo.AddUser(user);
await _userRepo.SaveChangesAsync();
return(CreatedAtRoute("GetUser", new { id = user.UserId }, user));
}
else
{
return(BadRequest());
}
}
/// <summary>
/// Добавить пользователя.
/// </summary>
/// <param name="userModel">Данные о пользователе</param>
/// <returns>Идентификатор пользователя или -100, если пользователь уже существует</returns>
public long InsertUser(UserModel userModel)
{
// Преобразуем адрес электронной почты к строчным буквам
userModel.Email = userModel.Email.ToLower();
// Получаем данные о пользователе по адресу электронной почты
var user = GetUserByEmail(userModel.Email);
if (user != null) // Если пользователь найден
{
return(-100); // Возвращаем код -100
}
var now = DateTime.Now; // Берём текущуие дату и время
var salt = PasswordHasher.GenerateSalt(); // Генерируем модификатор пароля
// Вычисляем хэш-код пароля
var pwdHash = Convert.ToBase64String(PasswordHasher.ComputeHash(userModel.Password, salt));
userModel.CreationDate = now; // Задаём дату и время создания
userModel.ModificationDate = now; // Задаём дату и время изменения
// генерируем жетон проверки пользователя
userModel.ValidationToken = Guid.NewGuid().ToString();
// Преобразуем модификатор пароля в текстовый вид
userModel.PasswordSalt = Convert.ToBase64String(salt);
// Устанавливаем хэш пароля
userModel.Password = pwdHash;
// Добавляем пользователя в хранилище пользователей
var modelId = usersRepository.Insert(userModel);
// Подтверждаем Единицу работы
UnitOfWork.Commit();
// Возвращаем идентификатор созданного пользователя
return(modelId);
}
/// <summary>
/// Given a plain password and a hash strategy, calculate the salt and hash
/// </summary>
public SecuredPassword(string plainPassword, HashStrategyKind hashStrategy)
{
if (string.IsNullOrWhiteSpace(plainPassword))
{
throw new ArgumentNullException(plainPassword);
}
SetHashStrategy(hashStrategy);
switch (hashStrategy)
{
case HashStrategyKind.Pbkdf25009Iterations:
case HashStrategyKind.Pbkdf28000Iterations:
using (var deriveBytes = new Rfc2898DeriveBytes(plainPassword, _saltSize, (int)HashingParameter))
{
Salt = deriveBytes.Salt;
Hash = deriveBytes.GetBytes(_saltSize);
}
break;
case HashStrategyKind.Argon248KWorkCost:
var argon2Hasher = new PasswordHasher(memoryCost: HashingParameter);
Salt = PasswordHasher.GenerateSalt(256);
Hash = Encoding.ASCII.GetBytes(argon2Hasher.Hash(Encoding.ASCII.GetBytes(plainPassword), Salt));
break;
}
IsValid = true;
}
public static AccountModel ToAccountModel(this RegisterFormViewModel ViewModel)
{
AccountModel Model = new AccountModel();
Model = Mapper.Map <RegisterFormViewModel, AccountModel>(ViewModel);
Model.Salt = PasswordHasher.GenerateSalt();
Model.Password = PasswordHasher.ComputeHash(ViewModel.Password, Model.Salt);
return(Model);
}
public Doctor(string name, string specialty, string username, string password)
{
this.Name = name;
this.Specialty = specialty;
this.Username = username;
this.Salt = PasswordHasher.GenerateSalt();
this.Password = PasswordHasher.GenerateHash(password + this.Salt);
this.Visitations = new List <Visitation>();
}
private async void RegisterMethod()
{
string errors = null;
if (IsValid(ValidatesProperties, out errors))
{
Errors = errors;
var salt = PasswordHasher.GenerateSalt();
var hashedPassword = PasswordHasher.ComputeHash(Password, salt);
if (Password != ConfirmPassword)
{
Errors += "Password and Confirm password fields must match.\r\n";
return;
}
if (!_database.Users.Any(u => u.Login == Login))
{
var user = _database.Users.Add(new User
{
Login = Login,
Password = Convert.ToBase64String(hashedPassword),
Salt = Convert.ToBase64String(salt),
Name = FirstName,
Surname = LastName,
Birthday = DateTime.Parse(Birthday),
PositionId = Position.Id,
IsActive = true
});
await _database.SaveChangesAsync();
user.UserRoles.Add(new UserRole
{
RoleId = Constants.UserRole,
UserId = user.Id
});
await _database.SaveChangesAsync();
GoToLoginPageMethod();
}
else
{
Errors += "User with same login is already exists.\r\n";
}
}
else
{
Errors = errors;
}
Errors = Errors?.Trim();
}
/// <summary>
/// Saves the entity.
/// </summary>
/// <param name="entity">The entity.</param>
public override void SaveEntity(User entity)
{
if (entity.IsNew || string.IsNullOrEmpty(entity.Password) || !entity.Password.IsBase64())
{
AssertSpecification(entity, new UserHasValidPasswordSpec());
entity.Salt = PasswordHasher.GenerateSalt();
entity.Password = PasswordHasher.ComputeHash(entity.Password, entity.Salt);
}
base.SaveEntity(entity);
}
public void TestHash()
{
var password = "******";
var salt = PasswordHasher.GenerateSalt();
var hash = PasswordHasher.ComputeHash(password, salt);
Assert.That(hash, Is.Not.EqualTo(password));
var match = PasswordHasher.VerifyPassword(password, salt, hash);
Assert.That(match, Is.True);
}
private async void RegisterMethod()
{
string errors = null;
if (IsValid(ValidatesProperties, out errors))
{
Errors = errors;
var salt = PasswordHasher.GenerateSalt();
var password = RandomStringGenerator.GenerateRandomString(20, false);
var hashedPassword = PasswordHasher.ComputeHash(password, salt);
if (!_database.Users.Any(u => u.Login == Login))
{
var user = _database.Users.Add(new User
{
Login = Login,
Password = Convert.ToBase64String(hashedPassword),
Salt = Convert.ToBase64String(salt),
Name = FirstName,
Surname = LastName,
Birthday = DateTime.Parse(Birthday),
PositionId = Position.Id,
IsInitial = true,
DefaultPassword = password,
IsActive = true
});
await _database.SaveChangesAsync();
user.UserRoles.Add(new UserRole
{
RoleId = Role.Id,
UserId = user.Id
});
await _database.SaveChangesAsync();
}
else
{
Errors = "User with same login is already exists.\r\n";
}
await GetUsersMethod();
_eventAggregator.GetEvent <UpdateUserEvent>().Publish();
}
else
{
Errors = errors;
}
Errors = Errors?.Trim();
}
public async Task <User> RegisterAsync(User user, string password)
{
byte[] salt = PasswordHasher.GenerateSalt();
var passwordSalt = Convert.ToBase64String(salt);
var hashPassword = Convert.ToBase64String(PasswordHasher.HashPasswordWithSalt(Encoding.UTF8.GetBytes(password), salt));
user.PasswordSalt = passwordSalt;
user.PasswordHash = hashPassword;
repositoryWrapper.User.CreateUser(user);
await repositoryWrapper.Complete();
return(user);
}
public void Different_salt_produces_different_hash()
{
var salt1 = PasswordHasher.GenerateSalt();
var salt2 = PasswordHasher.GenerateSalt();
using (var sha256 = new SHA256CryptoServiceProvider())
{
var passwordHasher = new PasswordHasher(sha256);
string hash1 = passwordHasher.ComputeHash("foobar", salt1);
string hash2 = passwordHasher.ComputeHash("foobar", salt2);
Assert.AreNotEqual(hash1, hash2);
}
}
public void TestHashPassword()
{
var password = "******";
var orgHasher = new PasswordHasher();
var salt = orgHasher.GenerateSalt().Salt;
var orgResult = orgHasher.HashPassword(salt, password).Hashed;
var newHasher = new PasswordHasher();
var newResult = newHasher.HashPassword(salt, password).Hashed;
Assert.Equal(orgResult, newResult);
}
public async Task Update(Credential entity)
{
byte[] salt = PasswordHasher.GenerateSalt();
string hashedPass = PasswordHasher.HashPassword(entity.Password, salt);
entity.Salt = salt;
entity.Password = hashedPass;
Credential dbEntity = await _credentialContext.FindAsync <Credential>(entity.CredentialId);
_credentialContext.Entry(dbEntity).CurrentValues.SetValues(entity);
await _credentialContext.SaveChangesAsync();
System.Diagnostics.Debug.Write("Updated credentials...");
}
public static Encrypted For(string PlainText)
{
var encrypted = new Encrypted();
try
{
encrypted.Salt = PasswordHasher.GenerateSalt();
encrypted.Hash = PasswordHasher.ComputeHash(PlainText, encrypted.Salt);
}
catch (Exception ex)
{
throw new EncryptedInvalidException(PlainText, ex);
}
return(encrypted);
}
public ActionResult Create(AppUser user)
{
if (this.Authorizer.IsLogedIn(this.Session, this.Request) && this.ModelState.IsValid)
{
string salt = PasswordHasher.GenerateSalt(20);
string hash = PasswordHasher.Hash(user.NewPassword, salt);
DBEditor editor = new DBEditor()
{
FirstName = user.FirstName, MiddleName = user.MiddleName, LastName = user.LastName, Username = user.NewUsername, UTCRegisteredOn = DateTime.UtcNow, PasswordHash = hash, PasswordSalt = salt
};
new DBEditorRepository(this.DatabaseContext).Add(editor, true);
return(RedirectToAction("Index"));
}
return(RedirectToAction("Index", "Login"));
}
public static bool CreateUser(string Username, string Password, string RoleName)
{
byte[] generatedSalt = PasswordHasher.GenerateSalt();
byte[] hashedPassword = PasswordHasher.ComputeHash(Password, generatedSalt);
using (var db = new LiteDatabase(@"Mineski.db"))
{
var accounts = db.GetCollection <Account>("accounts");
var accountData = new Account
{
Username = Username,
Password = hashedPassword,
Salt = generatedSalt,
RoleName = RoleName
};
accounts.Insert(accountData);
}
return(true);
}
public Guid?CreateUser(string username, string password, UserProperties properties = null)
{
var salt = PasswordHasher.GenerateSalt();
var userModel = new UsersModel
{
UserName = username,
UserGuid = Guid.NewGuid().ToString(),
Salt = salt,
Hash = PasswordHasher.ComputeHash(password, salt),
Claims = new byte[] { 0 },
UserProperties = ByteConverterHelper.ReturnBytes(properties ?? new UserProperties()),
};
Repo.Insert(userModel);
var userRecord = Repo.Get(userModel.UserGuid);
return(new Guid(userRecord.UserGuid));
}
public async Task <IActionResult> AddUser([FromBody] UserToCreateDto userToCreteDto)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
using (var session = _store.OpenAsyncSession())
{
var user = await session.Query <User>()
.Where(u => u.Email.Equals(userToCreteDto.Email, StringComparison.OrdinalIgnoreCase))
.FirstOrDefaultAsync();
if (user != null)
{
return(BadRequest(new { error = "The email is already in use." }));
}
var dbUser = _mapper.Map <User>(userToCreteDto);
dbUser.Color = await GetColor();
var temporaryPassword = RandomPasswordGenerator.GeneratePassword(15);
var salt = Convert.ToBase64String(PasswordHasher.GenerateSalt());
var hashedPassword = PasswordHasher.HashPassword(temporaryPassword, Convert.FromBase64String(salt));
dbUser.Salt = salt;
dbUser.TemporaryPassword = hashedPassword;
await session.StoreAsync(dbUser);
await session.SaveChangesAsync();
string username = FormatUsername(dbUser.Email);
string message = $"<b>Dear {dbUser.FirstName}</b></br><p>You're receiving this message because your Scheduler Account has been created.</p><p>Your <b>username</b>: {username}</p><p>Your <b>first-time login password</b>: {temporaryPassword}</p><p>Follow the link below to change your password and log in to Scheduler application:</p><p><a href={_dataServiceConfiguration.ClientUrl}>Login</a></p><p>Best</p><p>Scheduler Team</p>";
_schedulerMailer.SendMail("Scheduler-Notifications", dbUser.Email, "Scheduler Account", message, _dataServiceConfiguration.MailBoxPassword);
var userToReturn = _mapper.Map <PostCreationUserToReturnDto>(dbUser);
return(CreatedAtRoute("GetUser", new { userId = dbUser.Id }, userToReturn));
}
}
public async Task <User> Register(User user)
{
if (_context.Users.FirstOrDefault(x => (x.Email == user.Email)) != null)
{
throw new ArgumentException("User already exists");
}
byte[] hashedPasswordSalt = PasswordHasher.HashPassword(user.Password, PasswordHasher.GenerateSalt());
user.Password = Convert.ToBase64String(hashedPasswordSalt);
UserProfile userProfile = new UserProfile {
User = user, UserId = user.Id
};
_context.Users.Add(user);
_context.UserProfiles.Add(userProfile);
await _context.SaveChangesAsync();
return(user);
}
private Guid?CreateUser(string username, string password, string[] claims = default(string[]))
{
var salt = PasswordHasher.GenerateSalt();
var userModel = new UsersModel
{
UserName = username,
UserGuid = Guid.NewGuid().ToString(),
Salt = salt,
Hash = PasswordHasher.ComputeHash(password, salt),
Claims = ByteConverterHelper.ReturnBytes(claims),
UserProperties = ByteConverterHelper.ReturnBytes(new UserProperties())
};
Repo.Insert(userModel);
var userRecord = Repo.Get(userModel.UserGuid);
return(new Guid(userRecord.UserGuid));
}
// RegisterUser <username> <password> <repeat-password> <email>
public override string Execute(string[] data, PhotoShareContext context)
{
string username = data[0];
string password = data[1];
string repeatPassword = data[2];
string email = data[3];
if (context.Users.Any(u => u.Username == username))
{
throw new InvalidOperationException($"Username {username} is already taken!");
}
if (!password.Any(char.IsLower) || !password.Any(char.IsDigit))
{
throw new ArgumentException($"Value {password} not valid. Password must include a lower letter and a digit.{Environment.NewLine}Invalid Password");
}
if (password != repeatPassword)
{
throw new ArgumentException("Passwords do not match!");
}
string salt = PasswordHasher.GenerateSalt();
User currentUser = new User
{
Username = username,
Salt = salt,
Password = PasswordHasher.GenerateHash(password + salt),
Email = email,
IsDeleted = false,
RegisteredOn = DateTime.Now
};
context.Users.Add(currentUser);
context.SaveChanges();
return($"User {currentUser.Username} was registered successfully!");
}
public async Task SeedDataAsync()
{
if (await repositoryWrapper.User.VerifyAsync() == "00")
{
var userData = System.IO.File.ReadAllText(configuration["Seed:PATH"]);
var userDataCollection = JsonConvert.DeserializeObject <List <User> >(userData);
foreach (var user in userDataCollection)
{
byte[] salt = PasswordHasher.GenerateSalt();
var passwordSalt = Convert.ToBase64String(salt);
var hashPassword = Convert.ToBase64String(PasswordHasher.HashPasswordWithSalt(Encoding.UTF8.GetBytes("password"), salt));
user.Username = user.Username.ToLowerInvariant();
user.PasswordSalt = passwordSalt;
user.PasswordHash = hashPassword;
repositoryWrapper.User.CreateUser(user);
await repositoryWrapper.Complete();
}
}
}
public static bool UpdateUser(Int32 Id, string Username, string Password, string RoleName)
{
using (var db = new LiteDatabase(@"Mineski.db"))
{
// Get customer collection
var collection = db.GetCollection <Account>("accounts");
var accountUpdate = collection.FindById(Id);
if (Password != null)
{
byte[] generatedSalt = PasswordHasher.GenerateSalt();
byte[] hashedPassword = PasswordHasher.ComputeHash(Password, generatedSalt);
accountUpdate.Password = hashedPassword;
accountUpdate.Salt = generatedSalt;
}
accountUpdate.Username = Username;
accountUpdate.RoleName = RoleName;
collection.Update(accountUpdate);
}
return(true);
}
