public virtual async Task ValidateOldPasswordAsync(string username, string oldPassword) { var user = await _repository.UserByUsernameAsync(username); var valid = user != null && CryptoUtilities.ValidatePassword(oldPassword, user.Password); if (!valid) { throw new ValidationException(ValidationReason.PasswordIsIncorrect); } }
public void TestInvalidPassword() { // arrange var hash = CryptoUtilities.CreateHash("password"); // act var valid = CryptoUtilities.ValidatePassword("something else", hash); // assert Assert.False(valid); }
public virtual async Task ResetPasswordAsync(dynamic model) { _validationService.Bundles.ValidateNewPassword(model); string q = model.q; int id; string ciphertext; try { var split = q.Split(new[] { ':' }); id = int.Parse(split[0]); ciphertext = split[1]; } catch { throw new ServiceException(ServiceReason.InvalidUserRequest); } var request = await _repository.GetAsync <UserRequest>(id); if (request == null || request.RequestType != UserRequestType.ResetPassword) { throw new ServiceException(ServiceReason.InvalidUserRequest); } try { var plaintext = CryptoUtilities.Decrypt(ciphertext, request.Key, request.IV); dynamic obj = JObject.Parse(plaintext); var credentials = new User { Username = obj.username, Password = obj.password }; if (!CryptoUtilities.ValidatePassword(credentials.Password, request.Password)) { throw new ServiceException(ServiceReason.ResetPasswordError); } var user = await _repository.UserByUsernameAsync(credentials.Username); user.Password = CryptoUtilities.CreateHash((string)model.password); await _repository.UpdateAsync(user); await _repository.UpdateAsync(request); } catch { throw new ServiceException(ServiceReason.ResetPasswordError); } }
public virtual async Task SignInAsync(HttpContextBase httpContext, dynamic model) { var user = await _repository.UserByEmailAsync((string)model.email); if (user == null || !user.Enabled || !CryptoUtilities.ValidatePassword((string)model.password, user.Password)) { throw new ServiceException(ServiceReason.InvalidCredentials); } bool rememberMe = model.rememberMe ?? false; CreateAuthorizationTicket(httpContext, user, rememberMe); }
public void TestValidPassword() { // arrange var obj = new { password = "******" }; var hash = CryptoUtilities.CreateHash(obj.password); // act var valid = CryptoUtilities.ValidatePassword(obj.password, hash); // assert Assert.True(valid); }
public void DecryptFromFile(string filePath, SecureString password) { if (string.IsNullOrWhiteSpace(filePath)) { throw new ArgumentNullException("File path is empty."); } try { // Reading vault from file //string xml = string.Empty; //using (FileStream sourceStream = new FileStream(filePath, // FileMode.Open, FileAccess.Read, FileShare.Read, // bufferSize: 4096, useAsync: true)) //{ // StringBuilder sb = new StringBuilder(); // byte[] buffer = new byte[0x1000]; // int numRead; // while ((numRead = await sourceStream.ReadAsync(buffer, 0, buffer.Length)) != 0) // { // string text = Encoding.UTF8.GetString(buffer, 0, numRead); // sb.Append(text); // } // xml = sb.ToString(); //} // Deserializing vault var xml = File.ReadAllText(filePath); XmlSerializer serializer = new XmlSerializer(typeof(Vault)); using (TextReader reader = new StringReader(xml)) { var vault = (Vault)serializer.Deserialize(reader); EncryptionInfo = vault.EncryptionInfo; Data = vault.Data; Name = vault.Name; Description = vault.Description; } using (var cu = new CryptoUtilities(EncryptionInfo.SelectedAlgorithm)) { if (!CryptoUtilities.ValidatePassword(password, EncryptionInfo.ValidationKey, EncryptionInfo.Salt)) { throw new ArgumentException("Incorrect password."); } // Unprotect the key and decrypt data var plainData = cu.Decrypt(Data, cu.UnprotectEncryptionKey(password, EncryptionInfo.EncryptionKey, EncryptionInfo.Salt, EncryptionInfo.IV), EncryptionInfo.IV); // Deserialize folder list serializer = new XmlSerializer(typeof(MvxObservableCollection <Folder>)); using (TextReader reader = new StringReader(Encoding.UTF8.GetString(plainData))) { FolderList = (MvxObservableCollection <Folder>)serializer.Deserialize(reader); } // Set vault's Location Location = filePath; } } catch (Exception) { throw; } }
public void EncryptToFile(string filepath, SecureString password) { #region Parameter Checks if (null == filepath) { throw new ArgumentNullException("Filepath can't be empty"); } if (null == EncryptionInfo) { throw new NullReferenceException("EncryptionInfo can't be empty"); } if (null == EncryptionInfo.EncryptionKey) { throw new NullReferenceException("EncryptionKey can't be empty"); } if (null == EncryptionInfo.ValidationKey) { throw new NullReferenceException("ValidationKey can't be empty"); } if (null == EncryptionInfo.IV) { throw new NullReferenceException("IV can't be empty"); } if (null == EncryptionInfo.Salt) { throw new NullReferenceException("Salt can't be empty"); } #endregion Parameter Checks try { using (var cu = new CryptoUtilities(EncryptionInfo.SelectedAlgorithm)) { if (!CryptoUtilities.ValidatePassword(password, EncryptionInfo.ValidationKey, EncryptionInfo.Salt)) { throw new ArgumentException("Incorrect password"); } // Serialize and encrypt folder list XmlSerializer xsSubmit = new XmlSerializer(typeof(MvxObservableCollection <Folder>)); var xml = string.Empty; using (var sww = new StringWriter()) using (XmlWriter writer = XmlWriter.Create(sww)) { xsSubmit.Serialize(writer, FolderList); xml = sww.ToString(); // Serialized XML } // Unprotect the key and encrypt data Data = cu.Encrypt(Encoding.UTF8.GetBytes(xml), cu.UnprotectEncryptionKey(password, EncryptionInfo.EncryptionKey, EncryptionInfo.Salt, EncryptionInfo.IV), EncryptionInfo.IV); // Serialize vault and save to file xsSubmit = new XmlSerializer(typeof(Vault)); xml = string.Empty; using (var sww = new StringWriter()) using (XmlWriter writer = XmlWriter.Create(sww)) { xsSubmit.Serialize(writer, GetInstance()); xml = sww.ToString(); // Serialized XML } File.WriteAllText(filepath, xml); } } catch (Exception) { throw; } }
public async Task TestDefaultBehaviorAsync() { // arrange var obj = new { username = "******", password = "******" }; var repository = new Mock <IRepository>(); var settings = new ApplicationSettings(); var validationService = new Mock <ValidationService>(repository.Object, settings); var validationBundles = new Mock <ValidationBundles>(validationService.Object); var administrationService = new Mock <AdministrationService>(repository.Object, validationService.Object); var mailService = new Mock <MailService>(repository.Object); validationService .SetupGet(x => x.Bundles) .Returns(validationBundles.Object); var user = new User { Username = obj.username }; var request = new UserRequest { Id = 1, Username = obj.username, RequestType = UserRequestType.ResetPassword }; var userSet = TestUtilities.CreateDbSetMock(new List <User> { user }); repository .Setup(x => x.AsQueryable <User>()) .Returns(userSet.Object); repository .Setup(x => x.GetAsync <User>(1)) .ReturnsAsync(user); repository .Setup(x => x.GetAsync <UserRequest>(1)) .ReturnsAsync(request); var password = Guid.NewGuid().ToString(); var credentials = JObject.FromObject(new { obj.username, password }); string q; using (var algorithm = TripleDES.Create()) { request.Key = algorithm.Key; request.IV = algorithm.IV; request.Password = CryptoUtilities.CreateHash(password); var ciphertext = CryptoUtilities.Encrypt(credentials.ToString(), algorithm.Key, algorithm.IV); q = 1 + ":" + ciphertext; } dynamic model = JObject.FromObject(new { obj.password, q }); var accountService = new AccountService(repository.Object, validationService.Object, administrationService.Object, mailService.Object); // act await TestUtilities.DoesNotThrowAsync(async() => await accountService.ResetPasswordAsync(model)); // assert Assert.True(CryptoUtilities.ValidatePassword(obj.password, user.Password)); validationBundles.Verify(x => x.ValidateNewPassword(It.IsAny <object>()), Times.Once); repository.Verify(x => x.GetAsync <UserRequest>(It.IsAny <int>()), Times.Once); repository.Verify(x => x.AsQueryable <User>(), Times.Once); repository.Verify(x => x.UpdateAsync(user), Times.Once()); repository.Verify(x => x.UpdateAsync(request), Times.Once()); }