Пример #1
0
        public void NullTerminationCausesBCryptToTerminateStringInSomeFrameworksSetB(bool enhanced, string password, string leader)
        {
            var    x    = BCrypt.GenerateSalt();
            string hash = BCrypt.HashPassword(password, x, enhanced);

            Assert.False(BytesAreValid(SafeUTF8.GetBytes(password)));

            var t1 = BCrypt.Verify(leader, hash, enhanced);

            Assert.False(t1, "Null should be treated as part of password as per spec");
            Assert.False(BCrypt.Verify("", hash, enhanced), "Null should be treated as part of password as per spec");
        }
Пример #2
0
        public ActionResult changePassword(string id, changePassword pass)
        {
            try
            {
                using (Notestash_Database_Entities db = new Notestash_Database_Entities())
                {
                    if (pass.newPassword.Equals(pass.confirmNewPassword) && pass.newPassword.Length >= 6 && pass.newPassword.Length <= 15)
                    {
                        var    passwordChanged = db.tblUsers.Where(e => e.forgotPasswordCode == new Guid(id)).FirstOrDefault();
                        string newPass         = pass.newPassword;

                        var sha384Factory = HmacFactory;
                        var random        = new CryptoRandom();

                        byte[] derivedKey;
                        string hashedPassword = null;
                        string passwordText   = newPass;

                        byte[] passwordBytes = SafeUTF8.GetBytes(passwordText);
                        var    salt          = random.NextBytes(384 / 8);

                        using (var pbkdf2 = new PBKDF2(sha384Factory, passwordBytes, salt, 256 * 1000))
                            derivedKey = pbkdf2.GetBytes(384 / 8);


                        using (var hmac = sha384Factory())
                        {
                            hmac.Key       = derivedKey;
                            hashedPassword = hmac.ComputeHash(passwordBytes).ToBase16();
                        }

                        passwordChanged.Password           = hashedPassword;
                        passwordChanged.Salt               = salt;
                        passwordChanged.forgotPasswordCode = null;
                        db.SaveChanges();
                        ModelState.AddModelError("Changed", "Password changed successfully!");
                    }
                }
            }
            catch (Exception ex)
            {
                string s = ex.Message;
                ModelState.AddModelError("BadRequest", "Error occurred, please try again!");
            }
            return(View());
        }
Пример #3
0
        public HttpResponseMessage changePassword(string id, changePassword pass)
        {
            try
            {
                using (Notestash_DatabaseEntities db = new Notestash_DatabaseEntities())
                {
                    var    passwordChanged = db.tblUsers.Where(e => e.forgotPasswordCode == new Guid(id)).FirstOrDefault();
                    string newPass         = pass.newPassword;

                    var sha384Factory = HmacFactory;
                    var random        = new CryptoRandom();

                    byte[] derivedKey;
                    string hashedPassword = null;
                    string passwordText   = newPass;

                    byte[] passwordBytes = SafeUTF8.GetBytes(passwordText);
                    var    salt          = random.NextBytes(384 / 8);

                    using (var pbkdf2 = new PBKDF2(sha384Factory, passwordBytes, salt, 256 * 1000))
                        derivedKey = pbkdf2.GetBytes(384 / 8);


                    using (var hmac = sha384Factory())
                    {
                        hmac.Key       = derivedKey;
                        hashedPassword = hmac.ComputeHash(passwordBytes).ToBase16();
                    }

                    passwordChanged.Password           = hashedPassword;
                    passwordChanged.Salt               = salt;
                    passwordChanged.forgotPasswordCode = null;
                    db.SaveChanges();
                    return(Request.CreateResponse(HttpStatusCode.OK, "Password changed successfully!"));
                }
            }
            catch (Exception ex)
            {
                string s = ex.Message;
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Error occurred, please try again!"));
            }
        }
Пример #4
0
        public string Create(UserModel objUser)
        {
            var sha384Factory = HmacFactory;
            var random        = new CryptoRandom();

            byte[] derivedKey;
            string hashedPassword = null;
            string passwordText   = objUser.Password;

            byte[] passwordBytes = SafeUTF8.GetBytes(passwordText);
            var    salt          = random.NextBytes(384 / 8);

            using (var pbkdf2 = new PBKDF2(sha384Factory, passwordBytes, salt, 256 * 1000))
                derivedKey = pbkdf2.GetBytes(384 / 8);


            using (var hmac = sha384Factory())
            {
                hmac.Key       = derivedKey;
                hashedPassword = hmac.ComputeHash(passwordBytes).ToBase16();
            }

            try
            {
                tblUser objTblUser = new tblUser();
                objTblUser.Id              = objUser.Id;
                objTblUser.FullName        = objUser.FullName;
                objTblUser.Password        = hashedPassword;
                objTblUser.Email           = objUser.Email;
                objTblUser.Salt            = salt;
                objTblUser.ProfilePicture  = null;
                objTblUser.IsEmailVerified = 0;
                objTblUser.ActivationCode  = Guid.NewGuid();
                objTblUser.Created_at      = DateTime.Now;
                objTblUser.AdminOrUser     = 1;

                using (Notestash_DatabaseEntities db = new Notestash_DatabaseEntities())
                {
                    DateTime present  = DateTime.Now;
                    var      userList = db.tblUsers.Where(a => a.IsEmailVerified == 0).ToList();
                    foreach (tblUser user in userList)
                    {
                        DateTime expire = user.Created_at.Value.AddDays(1);
                        if (present >= expire)
                        {
                            db.tblUsers.Remove(user);
                        }
                    }
                    db.SaveChanges();
                    var existingUser = db.tblUsers.FirstOrDefault(e => e.Email.Equals(objUser.Email));
                    if (existingUser == null)
                    {
                        db.tblUsers.Add(objTblUser);
                        db.SaveChanges();

                        return(objUser.Email + " " + objTblUser.ActivationCode.ToString());
                    }
                    else
                    {
                        return("exists");
                    }
                }
            }
            catch (Exception ex)
            {
                string message = ex.ToString();
                return("error");
            }
        }
Пример #5
0
        public string Check(LoginModel objUser)
        {
            try
            {
                using (Notestash_DatabaseEntities db = new Notestash_DatabaseEntities())
                {
                    var user = db.tblUsers.FirstOrDefault(e => e.Email.Equals(objUser.Email));

                    if (user == null)
                    {
                        return("invalid");
                    }
                    else
                    {
                        var sha384Factory = HmacFactory;

                        byte[] derivedKey;
                        string hashedPassword   = null;
                        string suppliedPassword = objUser.Password;

                        byte[] passwordBytes = SafeUTF8.GetBytes(suppliedPassword);

                        using (var pbkdf2 = new PBKDF2(sha384Factory, passwordBytes, user.Salt, 256 * 1000))
                            derivedKey = pbkdf2.GetBytes(384 / 8);


                        using (var hmac = sha384Factory())
                        {
                            hmac.Key       = derivedKey;
                            hashedPassword = hmac.ComputeHash(passwordBytes).ToBase16();
                        }



                        var userCredentials =
                            db.tblUsers.FirstOrDefault(e => e.Email.Equals(objUser.Email) && e.Password.Equals(hashedPassword) && e.AdminOrUser == 1);

                        if (userCredentials != null)
                        {
                            if (userCredentials.IsEmailVerified == 0)
                            {
                                return("inactive");
                            }
                            else
                            {
                                string token = createToken(objUser.Email);
                                return(token);
                            }
                        }
                        else
                        {
                            return("invalid");
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                string message = ex.ToString();
                return("error");
            }
        }
Пример #6
0
        public ActionResult SignIn(signIn User)
        {
            try
            {
                using (Notestash_Database_Entities db = new Notestash_Database_Entities())
                {
                    var user = db.tblUsers.FirstOrDefault(e => e.Email.Equals(User.Email));

                    if (user != null)
                    {
                        var    sha384Factory = HmacFactory;
                        byte[] derivedKey;
                        string hashedPassword   = null;
                        string suppliedPassword = User.Password;
                        byte[] passwordBytes    = SafeUTF8.GetBytes(suppliedPassword);

                        using (var pbkdf2 = new PBKDF2(sha384Factory, passwordBytes, user.Salt, 256 * 1000))
                            derivedKey = pbkdf2.GetBytes(384 / 8);


                        using (var hmac = sha384Factory())
                        {
                            hmac.Key       = derivedKey;
                            hashedPassword = hmac.ComputeHash(passwordBytes).ToBase16();
                        }

                        var userCredentials = db.tblUsers.FirstOrDefault(e => e.Email.Equals(user.Email) && e.Password.Equals(hashedPassword) && e.AdminOrUser == 2);

                        if (userCredentials != null)
                        {
                            Session["Login"] = user.Id;

                            // cookie based login

                            //int timeout = User.RememberMe ? 52560 : 20;
                            //var ticket = new FormsAuthenticationTicket(User.Email, User.RememberMe, timeout);
                            //string encrypted = FormsAuthentication.Encrypt(ticket);
                            //var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
                            //cookie.Expires = DateTime.Now.AddMinutes(timeout);
                            //cookie.HttpOnly = true;
                            //Response.Cookies.Add(cookie);
                            return(RedirectToAction("User_Data", "UserData"));
                        }
                        else
                        {
                            ModelState.AddModelError("WrongCredentials", "Wrong Credentials!");
                        }
                    }
                    else
                    {
                        ModelState.AddModelError("WrongCredentials", "Wrong Credentials!");
                    }
                }
            }
            catch (Exception ex)
            {
                string s = ex.ToString();
                ModelState.AddModelError("BadRequest", "Invalid Request!");
            }
            return(View());
        }