public static byte[] Encode(Message msg) { var first4Bytes = new byte[4]; first4Bytes[0] = msg.Reserved1; first4Bytes[1] = msg.Reserved2; first4Bytes[2] = msg.Reserved3; first4Bytes[3] = (byte)msg.MessageType; var bodyLength = 0;//最后再赋值 var requestId = msg.RequestId; var routeDatas = System.Text.Encoding.UTF8.GetBytes(msg.Route ?? string.Empty); //8(固定header长度)+4(requestId长度)+4(routeDatas长度)+routeDatas.Length+msg.Data.Length bodyLength = 4 + 4 + routeDatas.Length + msg.Data.Length; var datas = new byte[bodyLength + 8]; int offset = 0; Write(first4Bytes, datas, ref offset); Write(EncoderUtils.EncodeInt32(bodyLength), datas, ref offset); Write(EncoderUtils.EncodeInt32(msg.RequestId), datas, ref offset); Write(EncoderUtils.EncodeInt32(routeDatas.Length), datas, ref offset); Write(routeDatas, datas, ref offset); Write(msg.Data, datas, ref offset); return(datas); }
public virtual async Task <bool> Register(UserModel registrationModel) { if (registrationModel == null || string.IsNullOrEmpty(registrationModel.UserName) || string.IsNullOrEmpty(registrationModel.Password)) { return(false); } bool registerUserResult = _userDAO.RegisterUser(registrationModel); if (!registerUserResult) { return(false); } bool addWelcomeBonusResult = AddwelcomeBonus(registrationModel.UserName); string token = EncoderUtils.Base64Encode(registrationModel.UserName); string registrationMailSubject = "Confirm email"; string registrationMailBody = $@" Hi! <br/> To confirm your email please follow the <a href='{GetCurrentDomain()}/Auth/ConfirmRegistration?token={token}'>link</a> <br/><br/><br/> Best regards!"; if (_appSettings.IgnoreEmails) { return(await ConfirmRegistration(token)); } await _emailSender.SendEmailAsync(registrationModel.UserName, registrationMailSubject, registrationMailBody); return(true); }
public virtual async Task <bool> PasswordRecovery(UserModel passwordRecoveryModel) { if (passwordRecoveryModel == null || string.IsNullOrEmpty(passwordRecoveryModel.UserName)) { return(false); } if (!_userDAO.Exist(passwordRecoveryModel.UserName)) { return(false); } string token = new Guid().ToString(); _userDAO.UpdatePasswordToken(passwordRecoveryModel.UserName, token); string passwordRecoverySubject = "Password recovery email"; string passwordRecoveryBody = $@" Hi! <br/> You requested password recovery to complete request follow <a href='{_appSettings.BaseUrl}/Auth/recover?token={EncoderUtils.Base64Encode(token)}'>link</a> <br/><br/><br/> Best regards!"; await _emailSender.SendEmailAsync(passwordRecoveryModel.UserName, passwordRecoverySubject, passwordRecoveryBody); return(true); }
private void ValidateBrokenAuthSensitivedataExposure(string userName) { string sessionId = _httpContextAccessor.HttpContext.Request.Cookies["SessionId"]; string logedInUser = null; CtfChallangeModel missingAuthChallange = _ctfOptions.CtfChallanges .Where(x => x.Type == CtfChallengeTypes.MissingAuthentication) .Single(); if (string.IsNullOrEmpty(sessionId)) { _httpContextAccessor.HttpContext.Response.Headers.Add(missingAuthChallange.FlagKey, missingAuthChallange.Flag); } else { if (!_userDAO.ValidateSession(sessionId.Split("-")[1])) { _httpContextAccessor.HttpContext.Response.Headers.Add(missingAuthChallange.FlagKey, missingAuthChallange.Flag); } logedInUser = EncoderUtils.Base64Decode(sessionId.Split("-")[0]); } if (logedInUser != userName) { CtfChallangeModel sensitiveDataExposureChallenge = _ctfOptions.CtfChallanges .Where(x => x.Type == CtfChallengeTypes.SensitiveDataExposure) .Single(); _httpContextAccessor.HttpContext.Response.Headers.Add(sensitiveDataExposureChallenge.FlagKey, sensitiveDataExposureChallenge.Flag); } }
public override bool AuthorizeAdmin(AuthorizationFilterContext context) { bool result = base.AuthorizeAdmin(context); if (!result) { return(false); } string sessionId = context.HttpContext.Request.Cookies["SessionId"]; string userName = EncoderUtils.Base64Decode(sessionId.Split("-")[USER_NAME_INDEX]); IUserDAO userDAO = context.HttpContext.RequestServices.GetRequiredService <IUserDAO>(); UserDBModel user = userDAO.GetUser(userName); if (user.Role < ADMIN_ROLE) { CtfOptions ctfOptions = context.HttpContext.RequestServices.GetRequiredService <IOptions <CtfOptions> >().Value; CtfChallangeModel ctfChallange = ctfOptions.CtfChallanges .Where(x => x.Type == CtfChallengeTypes.ChangeRoleInCookie) .Single(); context.HttpContext.Response.Headers.Add(ctfChallange.FlagKey, ctfChallange.Flag); } return(true); }
public virtual Task <UserModel> Login(UserModel loginModel) { if (loginModel == null || string.IsNullOrEmpty(loginModel.UserName) || string.IsNullOrEmpty(loginModel.Password)) { return(Task.FromResult <UserModel>(null)); } var accessLogModel = new { Ip = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString(), Username = loginModel.UserName, Password = loginModel.Password }; _accessLogger.Info($"{Newtonsoft.Json.JsonConvert.SerializeObject(accessLogModel)}"); if (!_userDAO.ValidatePassword(loginModel.UserName, loginModel.Password)) { return(Task.FromResult <UserModel>(null)); } UserDBModel userModel = _userDAO.GetUser(loginModel.UserName); Random random = new Random(); var byteArray = new byte[256]; random.NextBytes(byteArray); string cookie = Sha256HashUtils.ComputeSha256Hash(byteArray); string inrole = userModel.Role > 0 ? "1" : "0"; if (userModel.Role > 50) { inrole = "100"; } string allCookie = $"{EncoderUtils.Base64Encode(loginModel.UserName)}-{cookie}-{inrole}"; if (!_userDAO.SaveSession(cookie, DateTime.UtcNow.AddDays(1))) { return(Task.FromResult <UserModel>(null)); } loginModel.Password = null; loginModel.Cookie = allCookie; loginModel.Status = "ok"; _httpContextAccessor.HttpContext.Response.Cookies.Append(AUTH_COOKIE, loginModel.Cookie, new CookieOptions { Expires = DateTime.Now.AddDays(3), HttpOnly = false }); return(Task.FromResult(loginModel)); }
public void save() { var result = new JiraAuth(); result.url = this.url; result.username = this.username; result.password = EncoderUtils.encode(this.password); FileUtils.WriteFile(AppSettings.JiraAuth, JsonConvert.SerializeObject(result)); }
protected virtual IEnumerable <Claim> GetClaims(string cookie) { Claim[] claims = new[] { new Claim(CookieConstants.AUTHENTICATED_CALIM_TYPE, "True"), new Claim(CookieConstants.USERNAME_CALIM_TYPE, EncoderUtils.Base64Decode(GetUserName(cookie))), new Claim(CookieConstants.ROLE_CALIM_TYPE, GetRole(cookie)), }; return(claims); }
public virtual bool AuthorizeNormal(AuthorizationFilterContext context) { string sessionId = context.HttpContext.Request.Cookies["SessionId"]; if (string.IsNullOrEmpty(sessionId)) { return(false); } string[] sessionParts = sessionId.Split('-'); if (sessionParts.Length != COOKIE_PARTS) { return(false); } bool parseRoleResult = int.TryParse(sessionParts[ROLDE_INDEX], out int role); if (!parseRoleResult) { return(false); } IUserDAO userDAO = context.HttpContext.RequestServices.GetRequiredService <IUserDAO>(); if (userDAO.ValidateSession(sessionParts[TOKEN_INDEX]) == false) { return(false); } string roleString = NORMAL_ROLE_STRING; if (role >= ADMIN_ROLE) { roleString = ADMIN_ROLE_STRING; } Claim[] claims = new[] { new Claim("authenticated", "true"), new Claim("userName", EncoderUtils.Base64Decode(sessionParts[USER_NAME_INDEX])), new Claim("role", roleString), }; GenericPrincipal tmpUser = new GenericPrincipal(new ClaimsIdentity(claims), Array.Empty <string>()); context.HttpContext.User = tmpUser; return(true); }
private bool loadFromDB() { var data = FileUtils.ReadFile(AppSettings.JiraAuth); if (String.IsNullOrEmpty(data)) { // TODO put log here return(false); } var result = JsonConvert.DeserializeObject <JiraAuth>(data); this.url = result.url; this.username = result.username; this.password = EncoderUtils.decode(result.password); return(this.isValid()); }
public virtual Task <bool> RecoverPasswordValid(string token) { if (string.IsNullOrEmpty(token)) { return(Task.FromResult(false)); } string userName = EncoderUtils.Base64Decode(token); if (!_userDAO.PasswordTokenExists(userName)) { return(Task.FromResult(false)); } return(Task.FromResult(true)); }
public virtual Task <bool> ConfirmRegistration(string token) { if (string.IsNullOrEmpty(token)) { return(Task.FromResult(false)); } string userName = EncoderUtils.Base64Decode(token); bool result = _userDAO.ConfirmToken(userName); if (!result) { return(Task.FromResult(false)); } //_transactionDAO.MakeRandomTransactions(userName); return(Task.FromResult(true)); }
public virtual Task <bool> RecoverPassword(UserModel passwordRecoveryModel) { if (passwordRecoveryModel == null || string.IsNullOrEmpty(passwordRecoveryModel.Token) || string.IsNullOrEmpty(passwordRecoveryModel.Password)) { return(Task.FromResult(false)); } string userName = EncoderUtils.Base64Decode(passwordRecoveryModel.Token); if (!_userDAO.PasswordTokenExists(userName)) { return(Task.FromResult(false)); } if (!_userDAO.UpdatePassword(userName, passwordRecoveryModel.Password)) { return(Task.FromResult(false)); } return(Task.FromResult(true)); }
public override string CreateCookie(UserDBModel user, HttpContext context) { Random random = new Random(); var byteArray = new byte[256]; random.NextBytes(byteArray); string cookieHash = Sha256HashUtils.ComputeSha256Hash(byteArray); string inrole = user.Role.ToString(); if (user.Role > ADMIN_ROLE) { inrole = ADMIN_ROLE_COOKIE_VALUE; } IUserDAO userDAO = context.RequestServices.GetRequiredService <IUserDAO>(); bool saveSessionResult = userDAO.SaveSession(cookieHash, DateTime.UtcNow.Add(COOKIE_VALID_FOR)); if (!saveSessionResult) { return(null); } string allCookie = string.Format(COOKIE_FORMAT, EncoderUtils.Base64Encode(user.UserName), cookieHash, inrole); string encodedCookie = _protector.Protect(allCookie); CookieOptions cookieOptions = new CookieOptions { Expires = DateTime.UtcNow.AddDays(1) }; context.Response.Cookies.Append(COOKIE_KEY, encodedCookie, cookieOptions); return(encodedCookie); }
public virtual async Task <bool> PasswordRecovery(UserModel passwordRecoveryModel) { if (passwordRecoveryModel == null || string.IsNullOrEmpty(passwordRecoveryModel.UserName)) { return(false); } if (!_userDAO.Exist(passwordRecoveryModel.UserName)) { return(false); } string passwordRecoverySubject = "Password recovery email"; string passwordRecoveryBody = $@" Hi! <br/> You requested password recovery to complete request follow <a href='{GetCurrentDomain()}/Auth/recover?token={EncoderUtils.Base64Encode(passwordRecoveryModel.UserName)}'>link</a> <br/><br/><br/> Best regards!"; await _emailSender.SendEmailAsync(passwordRecoveryModel.UserName, passwordRecoverySubject, passwordRecoveryBody); return(true); }
public static string MD5(string s, Encoding encoding) { encoding = encoding ?? Encoding.UTF8; return(EncoderUtils.ToMD5String(s, encoding)); }