public void Login___should_return_null___when_password_is_incorrect() { var password = "******"; var user = TestData.User(); user.Username = "******"; var hash = PasswordHasher.GenerateSaltedHash(password, user.Salt); var storedHash = PasswordHasher.GenerateSaltedHash("an_incorrect_password", user.Salt); var expectedSessionId = Guid.NewGuid(); _authStore.Setup(a => a.GetUserByName(user.Username)) .Returns(user); _authStore.Setup(a => a.GetPasswordHash(user.Id)) .Returns(storedHash) .Verifiable(); _authStore.Setup(a => a.CreateNewSession(user.Id)) .Throws(new Exception("should not create session")); var actualSessionId = _authenticationService.Login(user.Username, password); Assert.AreEqual(null, actualSessionId); _authStore.Verify(); }
public void Login___should_increment_failed_count___when_password_is_incorrect() { var password = "******"; var user = TestData.User(); user.Username = "******"; var hash = PasswordHasher.GenerateSaltedHash(password, user.Salt); var storedHash = PasswordHasher.GenerateSaltedHash("an_incorrect_password", user.Salt); var expectedSessionId = Guid.NewGuid(); user.FailedLoginCount = 0; _authStore.Setup(a => a.GetUserByName(user.Username)) .Returns(user); _authStore.Setup(a => a.GetPasswordHash(user.Id)) .Returns(storedHash) .Verifiable(); _authStore.Setup(a => a.SaveUser(It.Is <User>(s => s.FailedLoginCount == 1))) .Verifiable(); _authenticationService.Login(user.Username, password); _authStore.Verify(); }
public void Login___should_reset_failed_count___when_details_correct_and_fail_count_is_greaterthan_zero() { var password = "******"; var user = TestData.User(); user.Username = "******"; var hash = PasswordHasher.GenerateSaltedHash(password, user.Salt); var expectedSessionId = Guid.NewGuid(); user.FailedLoginCount = 1; _authStore.Setup(a => a.GetUserByName(user.Username)) .Returns(user) .Verifiable(); _authStore.Setup(a => a.GetPasswordHash(user.Id)) .Returns(hash) .Verifiable(); _authStore.Setup(a => a.CreateNewSession(user.Id)) .Returns(expectedSessionId) .Verifiable(); _authStore.Setup(a => a.SaveUser(It.Is <User>(u => u.FailedLoginCount == 0))) .Verifiable(); var actualSessionId = _authenticationService.Login(user.Username, password); Assert.AreEqual(expectedSessionId, actualSessionId); _authStore.VerifyAll(); }
public void Verify___when_valid___should_store_hashed_password_and_generate_salt() { var existingUser = TestData.User(); var emailVerify = existingUser.EmailVerificationPath; var twofactor = existingUser.TwoFactorCode; var password = "******"; existingUser.Salt = ""; _authStore.Setup(a => a.GetUserByEmailVerificationPath(emailVerify)) .Returns(existingUser); _authStore.Setup(a => a.SaveUser(It.Is <User>(u => u.Salt.Length > 0))) .Verifiable(); // ned to get this lazily, as salt is changed by service... Func <byte[]> expectedHash = () => PasswordHasher.GenerateSaltedHash(password, existingUser.Salt); _authStore.Setup(a => a.SavePasswordHash(existingUser.Id, It.Is <byte[]>(h => PasswordHasher.CompareByteArrays(expectedHash(), h))) ).Verifiable(); var result = _authenticationService.Verify(emailVerify, password, twofactor); Assert.IsTrue(result); _authStore.Verify(); }
public void Login___should_return_sessionId_from_store___when_details_correct() { var password = "******"; var user = TestData.User(); user.Username = "******"; var hash = PasswordHasher.GenerateSaltedHash(password, user.Salt); var expectedSessionId = Guid.NewGuid(); _authStore.Setup(a => a.GetUserByName(user.Username)) .Returns(user) .Verifiable(); _authStore.Setup(a => a.GetPasswordHash(user.Id)) .Returns(hash) .Verifiable(); _authStore.Setup(a => a.CreateNewSession(user.Id)) .Returns(expectedSessionId) .Verifiable(); var actualSessionId = _authenticationService.Login(user.Username, password); Assert.AreEqual(expectedSessionId, actualSessionId); _authStore.VerifyAll(); }
public async Task <Users> ChangePassword([FromForm] Users user) { PasswordHasher hasher = new PasswordHasher(); var submittedPassword = user.Password; var newPassword = user.PasswordSalt; var dbUser = await _context.Users.FirstOrDefaultAsync(u => u.UserId == user.UserId); if (dbUser == null) { return(null); } if (hasher.VerifyHash(submittedPassword, dbUser.PasswordSalt, dbUser.Password)) { dbUser.PasswordSalt = hasher.RandomSalt; dbUser.Password = hasher.GenerateSaltedHash(newPassword); } else { return(null); } await _context.SaveChangesAsync(); return(user); }
public async Task <Users> Post([FromForm] Users user) { var newUser = user; PasswordHasher hasher = new PasswordHasher(); newUser.PasswordSalt = hasher.RandomSalt; newUser.Password = hasher.GenerateSaltedHash(newUser.Password); await _context.Users.AddAsync(newUser); await _context.SaveChangesAsync(); return(newUser); }
public void GenerateSaltedHash_NonEmptyPassword_ShouldReturnNonEmptySaltAndHash() { // arrange var hasher = new PasswordHasher(); var password = "******"; string hash; string salt; // act hasher.GenerateSaltedHash(password, out hash, out salt); // assert Assert.NotNull(hash); Assert.NotEmpty(hash); Assert.NotNull(salt); Assert.NotEmpty(salt); _testOutputHelper.WriteLine($"PW: {password} hash: {hash} salt: {salt}"); }
private static User GetWorkerAccount(PasswordHasher passwordHasher) { var saltedHash = passwordHasher.GenerateSaltedHash(16, "worker"); var worker = new User { FirstName = "John", LastName = "Brandon", IdentificationNumber = "000111", Email = "*****@*****.**", MobileNumber = "44443254", RoleOfUser = RoleOfWorker.Worker, CodeOfVerification = "89x2", HashPassword = saltedHash.Hash, Salt = saltedHash.Salt, DateCreated = DateTime.Now, IsDeleted = false }; return(worker); }
private static User GetAdminAccount(PasswordHasher passwordHasher) { var saltedHash = passwordHasher.GenerateSaltedHash(16, "admin"); var admin = new User { FirstName = "Bohdan", LastName = "Doe", IdentificationNumber = "000000", Email = "*****@*****.**", MobileNumber = "458963254", RoleOfUser = RoleOfWorker.Admin, CodeOfVerification = "7py2", HashPassword = saltedHash.Hash, Salt = saltedHash.Salt, DateCreated = DateTime.Now, IsDeleted = false }; return(admin); }
public async Task <RegisterUserDto> RegisterUser(RegisterUserDto registerUserDto) { PasswordHasher passwordHasher = new PasswordHasher(); var password = passwordHasher.GenerateSaltedHash(16, registerUserDto.Password); var new_user = new Users(registerUserDto.Name, registerUserDto.Surname, registerUserDto.Email, password.Hash, password.Salt, (RoleOfUser)Int32.Parse(registerUserDto.RoleOfUser)); var check_user = await userRepository.FindByLoginAsync(registerUserDto.Email); if (check_user == null) { userRepository.Create(new_user); await userRepository.SaveChangesAsync(); registerUserDto.CodeOfVerification = new_user.CodeOfVerification; emailService.EmailAfterRegistration(registerUserDto); } else { return(null); } return(mapper.Map <RegisterUserDto>(new_user)); }
public async Task <bool> ResetPassword(string code, ResetPasswordDto resetPassword) { if (resetPassword.Password != resetPassword.ConfirmPassword) { return(false); } var user = await userRepository.FindByCodeOfVerificationAsync(code); if (user == null) { return(false); } PasswordHasher passwordHasher = new PasswordHasher(); var hash_password = passwordHasher.GenerateSaltedHash(16, resetPassword.Password); user.HashPassword = hash_password.Hash; user.Salt = hash_password.Salt; user.CodeOfVerification = user.GetRandomString(128); userRepository.Update(user); await userRepository.SaveChangesAsync(); return(true); }
public void Login___should_return_null___when_username_does_not_exist() { var password = "******"; var user = TestData.User(); user.Username = "******"; var hash = PasswordHasher.GenerateSaltedHash(password, user.Salt); var expectedSessionId = Guid.NewGuid(); _authStore.Setup(a => a.GetUserByName("an_incorrect_username")) .Returns <User>(null); _authStore.Setup(a => a.GetPasswordHash(It.IsAny <int>())) .Throws(new Exception("should not try and fetch password hash")); _authStore.Setup(a => a.CreateNewSession(user.Id)) .Throws(new Exception("should not create session")); var actualSessionId = _authenticationService.Login(user.Username, password); Assert.AreEqual(null, actualSessionId); _authStore.Verify(); }
/// <summary> /// It's function for generate hash password and salt /// </summary> /// <param name="size"></param> /// <param name="password"></param> /// <returns></returns> public static HashSalt GenerateSaltedHash(int size, string password) { var passwordHasher = new PasswordHasher(); return(passwordHasher.GenerateSaltedHash(size, password)); }
/// <summary> /// Método que recebe a senha do usuário e seta o valor já encriptado com hash /// </summary> /// <param name="password">Senha do usuário</param> public virtual void SetPassword(string password) { Password = PasswordHasher.GenerateSaltedHash(password); }