public void Given_PasswordString_Then_HashedAsExpected()
{
var securedPassword = new SecuredPassword("password");
Assert.AreNotEqual("password", securedPassword.Hash);
Assert.AreEqual(256, securedPassword.Hash.Length);
}
public void Verify_WhenMatching_ReturnsTrue()
{
var securedPassword = new SecuredPassword("password");
var result = securedPassword.Verify("password");
Assert.That(result, Is.True);
}
public async Task Given_UserIsReusingAPassword_When_ValidatePassword_Then_ErrorReturned(HashStrategyKind hashStrategy)
{
// Arrange
var password = "******";
var previousPassword = new SecuredPassword(password, hashStrategy);
_configuration.MaxNumberOfPreviousPasswords = 4;
var user = new User
{
PreviousPasswords = new List <PreviousPassword>
{
new PreviousPassword {
Hash = Convert.ToBase64String(previousPassword.Hash), Salt = Convert.ToBase64String(previousPassword.Salt), HashStrategy = previousPassword.HashStrategy
}
}
};
// Act
var result = await _sut.ValidatePassword(user, password, _bannedWords);
// Assert
Assert.That(result.Succeeded, Is.False);
Assert.That(result.Errors.Count(), Is.EqualTo(1));
Assert.That(result.Errors.Single(), Is.EqualTo("You cannot use any of your 4 previous passwords"));
}
public void Given_PasswordString_Then_HashedAsExpected()
{
var securedPassword = new SecuredPassword("password", HashStrategyKind.Pbkdf210001Iterations);
Assert.AreNotEqual("password", securedPassword.Hash);
Assert.AreEqual(256, securedPassword.Hash.Length);
}
public void Given_PasswordString_Then_HashedAsExpected()
{
var securedPassword = new SecuredPassword("password", HashStrategyKind.Argon248KWorkCost);
Assert.AreNotEqual("password", securedPassword.Hash);
Assert.AreEqual(416, securedPassword.Hash.Length);
}
public void Given_SecuredPasswordIsDifferentToGiven_Then_VerifiesFalse()
{
var securedPassword = new SecuredPassword("password");
var result = securedPassword.Verify("Password");
Assert.IsFalse(result);
}
public void Given_SecuredPasswordGenerated_Then_VerifiesOk()
{
var securedPassword = new SecuredPassword("password");
var result = securedPassword.Verify("password");
Assert.IsTrue(result);
}
public void Verify_WhenDifferent_ReturnsFalse()
{
var securedPassword = new SecuredPassword("password");
var result = securedPassword.Verify("Password");
Assert.That(result, Is.False);
}
public void IsHashed_AsExpected()
{
var securedPassword = new SecuredPassword("password");
Assert.That(securedPassword.Hash, Is.Not.EqualTo("password"));
Assert.That(securedPassword.Hash.Length, Is.EqualTo(256));
}
} // End of addUseer()
protected Dictionary <String, String> getClientInfomation()
{
/* this method returns a doctionary that contains all the information obtain from client*/
Dictionary <String, String> clientInfomation = new Dictionary <String, String>();
String txt_Address2 = "";
if (txtAddress2.Text != null)
{
txt_Address2 += txtAddress2.Text;
}
clientInfomation.Add("FirstName", txtFirstName.Text);
clientInfomation.Add("LastName", txtLastName.Text);
clientInfomation.Add("Address1", txtAddress1.Text);
clientInfomation.Add("Address2", txt_Address2);
clientInfomation.Add("City", txtCity.Text);
clientInfomation.Add("State", drpStates.Text);
clientInfomation.Add("ZipCode", txtZipCode.Text);
clientInfomation.Add("Username", txtUsername.Text);
clientInfomation.Add("Email", txtEmail.Text);
clientInfomation.Add("Passwd", SecuredPassword.GenerateHash(txtPassword.Text));
String txt_Address2_Ship = "";
if (txtAddress2.Text != null)
{
txt_Address2_Ship += txtAddress2_Ship.Text;
}
clientInfomation.Add("Address1_Ship", txtAddress1_Ship.Text);
clientInfomation.Add("Address2_Ship", txt_Address2_Ship);
clientInfomation.Add("City_Ship", txtCity_Ship.Text);
clientInfomation.Add("State_Ship", drpStates_Ship.Text);
clientInfomation.Add("ZipCode_Ship", txtZipCode_Ship.Text);
return(clientInfomation);
}
public void Given_SecuredPasswordIsDifferentToGiven_Then_VerifiesFalse()
{
var securedPassword = new SecuredPassword("password", HashStrategyKind.Pbkdf210001Iterations);
var securedPassword2 = new SecuredPassword("Password2", HashStrategyKind.Pbkdf210001Iterations);
var result = securedPassword.Equals(securedPassword2);
Assert.IsFalse(result);
}
public void Given_PasswordHashWithIterationsChanged_Then_PasswordHashesDoNotMatch()
{
var password = "******";
var securedPassword = new SecuredPassword(password, HashStrategyKind.Argon248KWorkCost);
var securedPassword2 = new SecuredPassword(password, HashStrategyKind.Pbkdf28000Iterations);
Assert.IsFalse(securedPassword2.Equals(securedPassword));
}
public void Given_PasswordVerifiesIsNull_Then_ThrowsException()
{
Assert.Throws <ArgumentNullException>(() =>
{
var result = new SecuredPassword(null, HashStrategyKind.Pbkdf25009Iterations);
}
);
}
public void Given_SecuredPasswordIsDifferentToGiven_Then_VerifiesFalse()
{
var securedPassword = new SecuredPassword("password", HashStrategyKind.Argon248KWorkCost);
var securedPassword2 = new SecuredPassword("Password2", HashStrategyKind.Argon248KWorkCost);
var result = securedPassword.Equals(securedPassword2);
Assert.IsFalse(result);
}
public static User EncodeUsersPassword(User user)
{
SecuredPassword secPass = ComputeHash(user.Password, GenerateRandomByte());
user.Password = secPass.HashedSaltedPassword;
user.Salt = secPass.Salt;
return(user);
}
public void Given_WhenRehydratedAndMatching_Then_ReturnsTrue()
{
var securedPassword = new SecuredPassword("password123");
var rehydrated = new SecuredPassword(securedPassword.Hash, securedPassword.Salt);
var result = rehydrated.Verify("password123");
Assert.IsTrue(result);
}
public void Verify_WhenRehydrated_AndMatching_ReturnsTrue()
{
var securedPassword = new SecuredPassword("password123");
var rehydrated = new SecuredPassword(securedPassword.Hash, securedPassword.Salt);
var result = rehydrated.Verify("password123");
Assert.That(result, Is.True);
}
public void Given_PasswordHashWithIterationsChanged_Then_PasswordHashesDoNotMatch()
{
string password = "******";
var securedPassword = new SecuredPassword(password, HashStrategyKind.Pbkdf210001Iterations);
var securedPassword2 = new SecuredPassword(password, HashStrategyKind.Pbkdf210001Iterations);
Assert.IsFalse(securedPassword2.Equals(securedPassword));
}
public void Given_TwoIdenticalPasswords_Then_HashsGeneratedAreUnique()
{
var securedPassword = new SecuredPassword("password");
var securedPassword2 = new SecuredPassword("password");
Assert.IsNotNull(securedPassword.Hash);
Assert.IsNotNull(securedPassword2.Hash);
Assert.AreNotEqual(securedPassword.Hash, securedPassword2.Hash);
}
public void Generates_Unique_Salt()
{
var securedPassword = new SecuredPassword("password");
var securedPassword2 = new SecuredPassword("password");
Assert.That(securedPassword.Salt, Is.Not.Null);
Assert.That(securedPassword2.Salt, Is.Not.Null);
Assert.That(securedPassword.Salt, Is.Not.EqualTo(securedPassword2.Salt));
}
public void Given_TwoIdenticalPasswords_Then_HashsGeneratedAreUnique()
{
var securedPassword = new SecuredPassword("password", HashStrategyKind.Pbkdf210001Iterations);
var securedPassword2 = new SecuredPassword("password", HashStrategyKind.Pbkdf210001Iterations);
Assert.IsNotNull(securedPassword.Hash);
Assert.IsNotNull(securedPassword2.Hash);
Assert.AreNotEqual(securedPassword.Hash, securedPassword2.Hash);
}
public void Generates_Unique_Hash()
{
var securedPassword = new SecuredPassword("password");
var securedPassword2 = new SecuredPassword("password");
Assert.That(securedPassword.Hash, Is.Not.Null);
Assert.That(securedPassword2.Hash, Is.Not.Null);
Assert.That(securedPassword.Hash, Is.Not.EqualTo(securedPassword2.Hash));
}
public void Given_TwoIdenticalPasswords_Then_SaltsGeneratedAreUnique()
{
var securedPassword = new SecuredPassword("password", HashStrategyKind.Argon248KWorkCost);
var securedPassword2 = new SecuredPassword("password", HashStrategyKind.Argon248KWorkCost);
Assert.IsNotNull(securedPassword.Salt);
Assert.IsNotNull(securedPassword2.Salt);
Assert.AreNotEqual(securedPassword.Salt, securedPassword2.Salt);
}
public void Given_WhenRehydratedAndMatching_Then_ReturnsTrue()
{
var password = "******";
var securedPassword = new SecuredPassword(password, HashStrategyKind.Argon248KWorkCost);
var rehydrated = new SecuredPassword(password, securedPassword.Hash, securedPassword.Salt, HashStrategyKind.Argon248KWorkCost);
Assert.IsTrue(securedPassword.Equals(rehydrated));
Assert.IsTrue(rehydrated.IsValid);
}
public void GivenTheFollowingUsersAreSetupInTheDatabase(Table table)
{
var usersToCreate = table.CreateSet <UserToCreate>().ToList();
var users = new List <User>();
var hashStrategy = (HashStrategyKind)Convert.ToInt32(ConfigurationManager.AppSettings["DefaultHashStrategy"]);
var encryptor = new Encryption();
var adminRole = SeDatabase.GetRoleByName("Admin");
foreach (var userToCreate in usersToCreate)
{
string encryptedSecurityAnswer;
string encryptedSecurityAnswerSalt;
var securePassword = new SecuredPassword(userToCreate.Password, hashStrategy);
var securityQuestion = SeDatabase.GetLookupItemsByLookupType(Consts.LookupTypeId.SecurityQuestion).Single(a => a.Description == userToCreate.SecurityQuestion);
encryptor.Encrypt(ConfigurationManager.AppSettings["EncryptionPassword"], Convert.ToInt32(ConfigurationManager.AppSettings["EncryptionIterationCount"]), userToCreate.SecurityAnswer, out encryptedSecurityAnswerSalt, out encryptedSecurityAnswer);
var user = new User
{
UserName = userToCreate.UserName,
FirstName = userToCreate.FirstName,
LastName = userToCreate.LastName,
TelNoWork = userToCreate.WorkTelephoneNumber,
TelNoHome = userToCreate.HomeTelephoneNumber,
TelNoMobile = userToCreate.MobileTelephoneNumber,
Title = userToCreate.Title,
Town = userToCreate.Town,
Postcode = userToCreate.Postcode,
SkypeName = userToCreate.SkypeName,
HashStrategy = hashStrategy,
PasswordHash = Convert.ToBase64String(securePassword.Hash),
PasswordSalt = Convert.ToBase64String(securePassword.Salt),
SecurityQuestionLookupItemId = securityQuestion.Id,
SecurityAnswer = encryptedSecurityAnswer,
SecurityAnswerSalt = encryptedSecurityAnswerSalt,
Approved = true,
EmailVerified = true,
Enabled = true,
PasswordLastChangedDateUtc = DateTime.UtcNow,
PasswordResetToken = string.IsNullOrWhiteSpace(userToCreate.PasswordResetToken) ? null : userToCreate.PasswordResetToken,
PasswordResetExpiryDateUtc = userToCreate.PasswordResetExpiry == "[One day from now]" ? (DateTime?)DateTime.UtcNow.AddDays(1) : null,
NewEmailAddress = string.IsNullOrWhiteSpace(userToCreate.NewEmailAddress) ? null : userToCreate.NewEmailAddress,
NewEmailAddressToken = string.IsNullOrWhiteSpace(userToCreate.NewEmailAddressToken) ? null : userToCreate.NewEmailAddressToken,
NewEmailAddressRequestExpiryDateUtc = userToCreate.NewEmailAddressRequestExpiryDate == "[One day from now]" ? (DateTime?)DateTime.UtcNow.AddDays(1) : null,
PasswordExpiryDateUtc = userToCreate.PasswordExpiryDate == "[Expired]" ? (DateTime?)DateTime.Now.AddDays(-1) : null
};
if (userToCreate.IsAdmin)
{
user.UserRoles = new List <UserRole> {
new UserRole {
RoleId = adminRole.Id, UserId = 1
}
};
}
users.Add(user);
}
SeDatabase.SetUsers(users);
}
public void Given_SecuredPasswordGenerated_Then_MatchesAnIdenticalHash()
{
var securedPassword = new SecuredPassword("password", HashStrategyKind.Argon248KWorkCost);
var securedPassword2 = new SecuredPassword("password", securedPassword.Hash, securedPassword.Salt, HashStrategyKind.Argon248KWorkCost);
Assert.IsTrue(securedPassword2.IsValid);
Assert.AreEqual(securedPassword.HashStrategy, securedPassword2.HashStrategy);
Assert.AreEqual(securedPassword.HashingParameter, securedPassword2.HashingParameter);
}
public void CreatePasswordHashAndSaltForSeeding()
{
var password = "******";
var securedPassword = new SecuredPassword(password, HashStrategyKind.Pbkdf25009Iterations);
var storedSalt = Convert.ToBase64String(securedPassword.Salt);
var storedHash = Convert.ToBase64String(securedPassword.Hash);
Debug.WriteLine("salt for password {0} is {1}", password, storedSalt);
Debug.WriteLine("hash for password {0} is {1}", password, storedHash);
}
public void CreatePasswordHashAndSaltForSeeding()
{
string password = "******";
var securedPassword = new SecuredPassword(password, HashStrategyKind.Pbkdf210001Iterations);
var storedSalt = Convert.ToBase64String(securedPassword.Salt);
var storedHash = Convert.ToBase64String(securedPassword.Hash);
System.Diagnostics.Debug.WriteLine($"salt for password {password} is {storedSalt}");
System.Diagnostics.Debug.WriteLine($"hash for password {password} is {storedHash}");
}
public void CreatePasswordHashAndSaltForSeeding()
{
string password = "******";
var securedPassword = new SecuredPassword(password, HashStrategyKind.Argon2_48kWorkCost);
var storedSalt = Convert.ToBase64String(securedPassword.Salt);
var storedHash = Convert.ToBase64String(securedPassword.Hash);
System.Diagnostics.Debug.WriteLine(string.Format("salt for password {0} is {1}", password, storedSalt));
System.Diagnostics.Debug.WriteLine(string.Format("hash for password {0} is {1}", password, storedHash));
}
public static AccountModel New(string username, SecuredPassword password, AccessType accountType)
{
return(new AccountModel
{
Identity = DEAFULT_IDENTITY,
Username = username,
Password = password,
AccessType = accountType,
IsActive = true
});
}
