public void Handle(IAriesSession session, AnswerChallenge answer)
{
var challenge = session.GetAttribute("challenge") as string;
if (challenge == null)
{
session.Close();
return;
}
var myAnswer = ChallengeResponse.AnswerChallenge(challenge, Secret);
if (myAnswer != answer.Answer)
{
session.Close();
return;
}
//Trust established, good to go
var newSession = Sessions.UpgradeSession <GluonSession>(session, x => {
x.IsAuthenticated = true;
x.CallSign = (string)session.GetAttribute("callSign");
x.PublicHost = (string)session.GetAttribute("publicHost");
x.InternalHost = (string)session.GetAttribute("internalHost");
});
newSession.Write(new AnswerAccepted());
}
/// <summary>
/// Constructs an instance of ManagerResponse based on a map of attributes.
/// </summary>
/// <param name="attributes">the attributes and their values. The keys of this map must be all lower case.</param>
/// <returns>the response with the given attributes.</returns>
internal static ManagerResponse BuildResponse(Dictionary <string, string> attributes)
{
ManagerResponse response;
string responseType = ((string)attributes["response"]).ToLower(Helper.CultureInfo);
// Determine type
if (responseType == "error")
{
response = new ManagerError();
}
else if (attributes.ContainsKey("challenge"))
{
response = new ChallengeResponse();
}
else if (attributes.ContainsKey("mailbox") && attributes.ContainsKey("waiting"))
{
response = new MailboxStatusResponse();
}
else if (attributes.ContainsKey("mailbox") && attributes.ContainsKey("newmessages") && attributes.ContainsKey("oldmessages"))
{
response = new MailboxCountResponse();
}
else if (attributes.ContainsKey("exten") && attributes.ContainsKey("context") && attributes.ContainsKey("hint") && attributes.ContainsKey("status"))
{
response = new ExtensionStateResponse();
}
else
{
response = new ManagerResponse();
}
Helper.SetAttributes(response, attributes);
return(response);
}
public ActionResult PostChallenge(string challengeid)
{
//string json = "{\"challengeId\": \"" + challengeid + "\",\"values\": [{\"name\": \"name\",\"data\": \"Dackotton\"},{\"name\": \"secret\",\"data\": \"Dackotton\"}]}";
Uri uri = new Uri("http://htf2018.azurewebsites.net/");
var client = new RestClient(uri);
var request = new RestRequest("/Challenges/", Method.POST);
//request.AddParameter("application/json; charset=utf-8", json, ParameterType.RequestBody);
request.RequestFormat = DataFormat.Json;
request.AddJsonBody(new Answer {
ChallengeId = challengeid, Values = new List <Value> {
new Value {
Name = "name", Data = "Dackotton"
}, new Value {
Name = "secret", Data = "Dackotton"
}
}
});
var response = client.Execute(request);
ChallengeResponse challenge = JsonConvert.DeserializeObject <ChallengeResponse>(response.Content);
return(View(challenge));
}
public GluonHost(GluonHostPool pool, string callSign, IKernel kernel, ServerConfiguration config)
{
this.Pool = pool;
this.CallSign = callSign;
this.Client = new AriesClient(Pool.Kernel);
Callbacks = new Dictionary <Guid, TaskCompletionSource <IGluonCall> >();
Client.AddSubscriber(this);
Router = new AriesPacketRouter();
Router.On <RequestClientSession>((session, message) =>
{
session.Write(new RequestChallenge()
{
CallSign = CallSign, PublicHost = PublicHost, InternalHost = InternalHost
});
});
Router.On <RequestChallengeResponse>((session, message) =>
{
var challenge = (RequestChallengeResponse)message;
var answer = ChallengeResponse.AnswerChallenge(challenge.Challenge, config.Secret);
session.Write(new AnswerChallenge {
Answer = answer
});
});
Router.On <AnswerAccepted>((session, message) =>
{
OnAuthenticated();
});
}
public void Challenge_Disposed()
{
ChallengeResponse ntlm = new ChallengeResponse("Mono", new byte [8]);
ntlm.Dispose();
ntlm.Challenge = new byte [8];
}
public async Task ItShouldReturnTheChallengeViewWithAModelWhenThereIsAMatch()
{
var challengeResponse = new ChallengeResponse
{
Account = new Core.Models.Account
{
AccountId = 123,
HashedAccountId = "ERERER",
DasAccountName = "Test Account"
},
StatusCode = SearchResponseCodes.Success
};
var id = "123";
MockChallengeHandler.Setup(x => x.Get(id))
.ReturnsAsync(challengeResponse);
var actual = await Unit.Index(id);
Assert.IsInstanceOf <ViewResult>(actual);
var viewResult = (ViewResult)actual;
Assert.IsInstanceOf <ChallengeViewModel>(viewResult.Model);
}
public static void GetChallenge(int rating)
{
PlayerDataManager.ArenaMatchData = null;
IsRequestingChallenge = true;
rating = Mathf.Min(999, rating);
ChallengeRequest challengeRequest = new ChallengeRequest();
challengeRequest.rating = rating;
ChallengeResponse response2 = new ChallengeResponse();
Manager <BackendManager> .instance.SendRequest(challengeRequest, response2, delegate(ChallengeResponse response)
{
if (response.error == BackendError.Ok)
{
UnityEngine.Debug.Log("Challenge found successfully! " + response.payload.name + " " + response.payload.actualRating);
PlayerDataManager.ArenaMatchData = new ArenaMatchData();
PlayerDataManager.ArenaMatchData.arenaPayload = response.payload;
}
else
{
if (response.error == BackendError.InvalidToken)
{
UnityEngine.Debug.LogError("Players token is not valid");
}
else if (response.error == BackendError.NoChallengeFound)
{
UnityEngine.Debug.LogError("No actual challenge was found.");
}
UnityEngine.Debug.LogError("Challenge was not found!");
}
IsRequestingChallenge = false;
});
}
public void NT_Disposed()
{
ChallengeResponse ntlm = new ChallengeResponse("Mono", new byte [8]);
ntlm.Dispose();
Assert.IsNotNull(ntlm.NT, "NT");
}
public void LM_Disposed()
{
ChallengeResponse ntlm = new ChallengeResponse("Mono", new byte [8]);
ntlm.Dispose();
Assert.IsNotNull(ntlm.LM, "LM");
}
public IEnumerator GetChallenges(System.Action <ChallengeResponse> callback)
{
ChallengeResponse challenges = new ChallengeResponse
{
challenges = new ChallengeDTO[0]
};
UnityWebRequest webRequest = UnityWebRequest.Get(url);
yield return(webRequest.SendWebRequest());
/*if (webRequest.isNetworkError)
* {
*
* }*/
if (webRequest.result == UnityWebRequest.Result.ConnectionError)
{
Debug.Log(webRequest.error);
Debug.Log("[ERROR] Failed to get challenges.");
}
else
{
var json = "{ \"challenges\": " + webRequest.downloadHandler.text + "}";
Debug.Log("[INFO] Response: " + json);
challenges = JsonUtility.FromJson <ChallengeResponse>(json);
}
callback(challenges);
}
public void Password_Disposed()
{
ChallengeResponse ntlm = new ChallengeResponse("Mono", new byte [8]);
ntlm.Dispose();
ntlm.Password = "******";
}
public void NoPropertiesOutput()
{
ChallengeResponse ntlm = new ChallengeResponse("Mono", new byte [8]);
// no out!
AssertNull("Password", ntlm.Password);
AssertNull("Challenge", ntlm.Challenge);
}
public void NoPropertiesOutput()
{
ChallengeResponse ntlm = new ChallengeResponse("Mono", new byte [8]);
// no out!
Assert.IsNull(ntlm.Password, "Password");
Assert.IsNull(ntlm.Challenge, "Challenge");
}
// Example from http://www.innovation.ch/java/ntlm.html
public void BeeblebroxSrvNonce()
{
byte[] SrvNonce = Encoding.ASCII.GetBytes("SrvNonce");
using (ChallengeResponse ntlm = new ChallengeResponse("Beeblebrox", SrvNonce)) {
Assert.AreEqual("E0-E0-0D-E3-10-4A-1B-F2-05-3F-07-C7-DD-A8-2D-3C-48-9A-E9-89-E1-B0-00-D3", BitConverter.ToString(ntlm.NT), "NT");
Assert.AreEqual("AD-87-CA-6D-EF-E3-46-85-B9-C4-3C-47-7A-8C-42-D6-00-66-7D-68-92-E7-E8-97", BitConverter.ToString(ntlm.LM), "LM");
}
}
protected void btnResetSms_Click(object sender, EventArgs e)
{
User user = Factory.UserClient.Where <User>(u => u.Profile.Login.Equals(this.tbUsername.Text)).FirstOrDefault();
UserFactorsClient factorsClient = Factory.UserClient.GetUserFactorsClient(user);
Factor smsFactor = factorsClient.First(x => x.FactorType == FactorType.Sms);
ChallengeResponse response = factorsClient.BeginChallenge(smsFactor);
this.lblMessage.Text = "An SMS message was sent to your phone number on file.";
}
public void Handle(IGluonSession session, RequestChallengeResponse challenge)
{
var rawSession = ((CityConnection)session);
var answer = ChallengeResponse.AnswerChallenge(challenge.Challenge, Secret);
session.Write(new AnswerChallenge {
Answer = answer
});
}
// Example from http://packetstormsecurity.nl/Crackers/NT/l0phtcrack/l0phtcrack2.5-readme.html
public void L0phtCrack()
{
byte[] SrvNonce = new byte [8] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
using (ChallengeResponse ntlm = new ChallengeResponse("WELCOME", SrvNonce)) {
Assert.AreEqual("7A-CE-90-85-AB-CC-37-59-38-0B-1C-68-62-E3-98-C3-C0-EF-9C-FC-22-E8-A2-C2", BitConverter.ToString(ntlm.NT), "NT");
Assert.AreEqual("CA-12-00-72-3C-41-D5-77-AB-18-C7-64-C6-DE-F3-4F-A6-1B-FA-06-71-EA-5F-C8", BitConverter.ToString(ntlm.LM), "LM");
}
}
public void NullPassword()
{
byte[] SrvNonce = new byte [8] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
using (ChallengeResponse ntlm = new ChallengeResponse(null, SrvNonce)) {
Assert.AreEqual("4A-FD-81-EC-01-87-E8-8D-97-77-8D-F7-93-C6-DA-D4-F0-3A-36-63-66-9D-20-1C", BitConverter.ToString(ntlm.NT), "NT");
// note the last 8 bytes... they are the same as the previous unit test ;-)
Assert.AreEqual("0A-39-2B-11-CF-05-2B-02-6D-65-CF-F5-68-BD-E4-15-A6-1B-FA-06-71-EA-5F-C8", BitConverter.ToString(ntlm.LM), "LM");
}
}
private JsonResult DoChallenge(string body)
{
var req = JObject.Parse(body);
var res = new ChallengeResponse()
{
challenge = (string)req["challenge"]
};
return(new JsonResult(res));
}
public void EmptyPassword()
{
byte[] SrvNonce = new byte [8] {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
using (ChallengeResponse ntlm = new ChallengeResponse(String.Empty, SrvNonce)) {
// same as the previous one as this is the same (null/empty) password expressed diffently
Assert.AreEqual("4A-FD-81-EC-01-87-E8-8D-97-77-8D-F7-93-C6-DA-D4-F0-3A-36-63-66-9D-20-1C", BitConverter.ToString(ntlm.NT), "NT");
Assert.AreEqual("0A-39-2B-11-CF-05-2B-02-6D-65-CF-F5-68-BD-E4-15-A6-1B-FA-06-71-EA-5F-C8", BitConverter.ToString(ntlm.LM), "LM");
}
}
public void Handle(IAriesSession session, RequestChallenge request)
{
var challenge = ChallengeResponse.GetChallenge();
session.SetAttribute("challenge", challenge);
session.SetAttribute("callSign", request.CallSign);
session.SetAttribute("publicHost", request.PublicHost);
session.SetAttribute("internalHost", request.InternalHost);
session.Write(new RequestChallengeResponse {
Challenge = challenge
});
}
private void ChallengeResponder(ChallengeResponse response)
{
new Thread(() =>
{
PackageResponse resp1 = this.socket.SendAndBlock(new ChallengeRequest(response.Challenge));
ChallengeAchievedResponse resp2 = resp1 as ChallengeAchievedResponse;
if (resp2 == null)
{
Console.WriteLine("Error Challenge Failed");
}
}).Start();
}
private void EventParser(object sender, MessageEventArgs e)
{
ChallengeResponse response = e.Package as ChallengeResponse;
if (response != null && this.socket != null)
{
this.ChallengeResponder(response);
}
ChatInvitationResponse response2 = e.Package as ChatInvitationResponse;
if (response2 != null && this.socket != null)
{
this.StartSwitchboardSession(response2);
}
}
protected override void ConstructeResponse()
{
if (_session.InstantKey != _request.InstantKey)
{
_session.SetInstantKey(_request.InstantKey);
}
// We send the echo packet to check the ping
_sendingBuffer = new ChallengeResponse(_request).BuildResponse();
GameServer.UpdateServer(
_session.RemoteEndPoint,
_gameServer.ServerData.KeyValue["gamename"],
_gameServer
);
}
public async Task ItShouldReturnHttpNoFoundWhenTheSearchFails()
{
var challengeResponse = new ChallengeResponse
{
Account = null,
StatusCode = SearchResponseCodes.SearchFailed
};
var id = "123";
MockChallengeHandler.Setup(x => x.Get(id))
.ReturnsAsync(challengeResponse);
var actual = await Unit.Index(id);
Assert.IsInstanceOf <HttpNotFoundResult>(actual);
}
public async Task <ChallengeResponse> Get(string id)
{
var response = new ChallengeResponse
{
StatusCode = SearchResponseCodes.NoSearchResultsFound
};
var record = await _accountRepository.Get(id, AccountFieldsSelection.PayeSchemes);
if (record != null)
{
response.StatusCode = SearchResponseCodes.Success;
response.Account = record;
response.Characters = _challengeService.GetPayeSchemesCharacters(record.PayeSchemes);
}
return(response);
}
public void Respond(ChallengeResponse response)
{
if (Direction == ChallengeDirection.Challenged)
throw new InvalidOperationException("You cannot respond to a challenge that you created");
OtherSession.Publish(new ChallengeRespondedToEvent(response));
if (response == ChallengeResponse.Rejected)
{
Destroy();
}
else if (response == ChallengeResponse.Accepted)
{
_application.Registry.Get<LobbyComponent>(lobby =>
{
lobby.AcceptChallenge(this);
});
}
}
// after receiving response from the client/service
// encrypt the sent challenge with the stored password hash
// if the received response and the result are the same, user authentication is complete
// Logs result
public bool CheckPassword(UserRequest userRequest, byte[] response)
{
byte[] passHash;
if (!Database.usersDB.TryGetValue(userRequest.Username, out passHash))
{
throw new FaultException <SecurityException>(new SecurityException($"Authentication Service: Username '{userRequest.Username}' doesn't exist"));
}
ChallengeResponse cr = new ChallengeResponse();
byte[] expected = cr.Encrypt(passHash, userRequest.Challenge);
if (Equals(expected, response))
{
try
{
Audit.AuthenticationSuccess(userRequest.Username);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
Console.WriteLine($"Authentication service: {userRequest.Username} authenticated.");
return(true);
}
else
{
try
{
Audit.AuthenticationFailure(userRequest.Username);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
throw new FaultException <SecurityException>(new SecurityException($"Authentication Service: {userRequest.Username} failed to authenticate. Invalid password."));
}
}
/// <summary>
/// ChallengeResponse client Hub method.
/// </summary>
/// <param name="enemyName">
/// Name of the challenging player.
/// </param>
/// <param name="gameName">
/// Name of the selected game.
/// </param>
/// <param name="response">
/// Response of the challenged player.
/// </param>
public async Task ChallengeResponse(ChallengeResponse response)
{
User currentUser = await this._manager
.GetUser(connectionId : Context.ConnectionId);
User enemyUser = await this._manager
.GetUser(name : response.EnemyName);
List <User> allUser = new List <User>
{
currentUser,
enemyUser
};
switch (response.Response)
{
case (ModalStates.Accepted):
//[TODO] More Games
string groupName = currentUser.Name + enemyUser.Name;
await this.Clients.Clients(enemyUser.ConnectionIds).
StartGame(groupName, response.GameName);
await this.Clients.Caller.StartGame(groupName, response.GameName);
break;
case (ModalStates.Declined):
await Clients.Clients(enemyUser.ConnectionIds)
.OpenModal(response.EnemyName, response.GameName, Constants.ModalStatus.DECLINED);
allUser.ForEach(x => x.Status = Constants.Status.ONLINE);
await this._manager.UpdateUser(allUser);
break;
}
}
protected void btnVerifySms_Click(object sender, EventArgs e)
{
string passcode = this.tbSmsCode.Text;
User user = Factory.UserClient.Where <User>(u => u.Profile.Login.Equals(this.tbUsername.Text)).FirstOrDefault();
UserFactorsClient factorsClient = Factory.UserClient.GetUserFactorsClient(user);
Factor smsFactor = factorsClient.First(x => x.FactorType == FactorType.Sms);
MfaAnswer answer = new MfaAnswer {
Passcode = passcode
};
ChallengeResponse response = factorsClient.CompleteChallenge(smsFactor, answer);
if (response.FactorResult == "SUCCESS")
{
Uri uri = Factory.UserClient.ForgotPassword(user, false);
string recoveryToken = this.GetRecoveryTokenFromUri(uri);
string resetLink = string.Format("{0}/ResetPassword?ott={1}", "http://localhost:8080", recoveryToken);
Response.Redirect(resetLink);
}
else
{
// TODO what to do if the verification fails?
lblMessage.Text = string.Format("Result {0}: {1}", response.FactorResult, response.FactorResultMessage);
}
}
public void Challenge_Null()
{
ChallengeResponse ntlm = new ChallengeResponse();
ntlm.Challenge = null;
}
public ChallengeRespondedToEvent(ChallengeResponse response)
{
Response = response;
}
public RespondToChallengeCommand(ChallengeResponse response)
{
Response = response;
}
