public IActionResult Add() { if (ModelState.IsValid) { Passwd.UserId = Functions.getUser(_cache).Id; // get logged user var masterPassword = _cache.Get(CacheNames.masterPassword).ToString(); // get current user masterpassword var encrypted = AESHelper.EncryptString(Passwd.Password, masterPassword); // encrypt with masterpassword Passwd.Password = Convert.ToBase64String(encrypted); // add encypted password as a string to variable _db.Passwds.Add(Passwd); // add var to database ActionType actionType = new ActionType() { Action = "Add password to database", UserId = Passwd.UserId, Time = DateTime.Now }; Functions.AddActionToDatabase(_db, actionType); _db.SaveChanges(); // save database return(RedirectToAction("Index")); } return(View(Passwd)); }
public IActionResult Decrypt(int id) { if (_cache.Get(CacheNames.getMasterPassword).ToString() != "1") // ask user for masterpassword first time { return(RedirectToAction("MasterPassword")); } Passwd toDecrypt = _db.Passwds.Where(a => a.Id == id).FirstOrDefault(); // get password to decrypt by id User usr = Functions.getUser(_cache); if (toDecrypt.UserId != usr.Id) { var sharedPass = _db.SharedPasswds.Where(a => a.UserSharedId == usr.Id).ToList(); List <int> ids = new List <int>(); foreach (SharedPasswd sPass in sharedPass) { ids.Add(sPass.PasswdId); } if (!ids.Contains(toDecrypt.Id)) { return(RedirectToAction("Index")); } } ActionType actionType = new ActionType() { Action = "Decrypt password id=" + id, UserId = usr.Id, Time = DateTime.Now }; Functions.AddActionToDatabase(_db, actionType); var decrypt = Convert.FromBase64String(toDecrypt.Password); // covnvert string into byte[] to decrypt var passwordOwner = _db.Users.Where(a => a.Id == toDecrypt.UserId).FirstOrDefault(); toDecrypt.Password = AESHelper.DecryptToString(decrypt, passwordOwner.Password); // decrypting password AppViewModel appViewModel = new AppViewModel { User = Functions.getUser(_cache), Logged = Functions.getLogged(_cache), Passwd = toDecrypt }; return(View(appViewModel)); }
public IActionResult Logout() { ActionType actionType = new ActionType() { Action = "Log out", UserId = Functions.getUser(_cache).Id, Time = DateTime.Now }; Functions.AddActionToDatabase(_db, actionType); _cache.Remove(CacheNames.readMode); _cache.Remove(CacheNames.user); _cache.Remove(CacheNames.logged); _cache.Remove(CacheNames.masterPassword); _cache.Remove(CacheNames.getMasterPassword); return(RedirectToAction("Login")); }
public IActionResult Edit() { var password = _db.Passwds.Where(a => a.Id == Passwd.Id).FirstOrDefault(); if (password.UserId == Functions.getUser(_cache).Id) { if (ModelState.IsValid) { var oldPassword = password.Password; var masterPassword = _cache.Get(CacheNames.masterPassword).ToString(); // get current user masterpassword var encrypted = AESHelper.EncryptString(Passwd.Password, masterPassword); // encrypt with masterpassword password.Password = Convert.ToBase64String(encrypted); // add encypted password as a string to variable password.WebAddress = Passwd.WebAddress; password.Login = Passwd.Login; ActionType actionType = new ActionType() { Action = "Edit password id=" + password.Id, UserId = password.UserId, Time = DateTime.Now }; Functions.AddActionToDatabase(_db, actionType); PasswdHistory passwdHistory = new PasswdHistory() { NewPasswd = password.Password, OldPasswd = oldPassword, Time = DateTime.Now, UserId = password.UserId, PasswdId = password.Id }; Functions.AddHistoryToDatabase(_db, passwdHistory); _db.SaveChanges(); // save database return(RedirectToAction("Index")); } return(View(Passwd)); } _cache.Set(CacheNames.error4, "You are not the owner"); return(RedirectToAction("Index")); }
public IActionResult Signin() { var ip = HttpContext.Connection.RemoteIpAddress.ToString(); AddressIP address = _db.AddressIPs.Where(a => a.Address == ip).FirstOrDefault(); if (address == null) { address = new AddressIP() { Address = ip, Correct = 0, Incorrect = 1 }; _db.AddressIPs.Add(address); } if (Functions.IsIpBlocked(address)) { if (_db.Users.Where(a => a.Nickname == App.User.Nickname).FirstOrDefault <User>() is User user) { var lastAttempt = _db.LoginAttempts.Where(a => a.AddressIp == ip && a.UserId == user.Id) .OrderByDescending(a => a.Date).FirstOrDefault(); if (lastAttempt == null) { lastAttempt = new LoginAttempt() { Attempt = 0 }; } if (Functions.IsUserBlocked(user)) { user = Functions.UnblockUser(user); } if (Functions.Login(user, App.User.Password)) { LoginAttempt loginAttempt = new LoginAttempt() { UserId = user.Id, AddressIp = ip, Attempt = 0, Date = DateTime.Now, Successful = true }; address.Correct = 1; address.Incorrect = 0; _db.LoginAttempts.Add(loginAttempt); ActionType actionType = new ActionType() { Action = "Log in", UserId = user.Id, Time = DateTime.Now }; Functions.AddActionToDatabase(_db, actionType); _db.SaveChanges(); _cache.Set(CacheNames.readMode, "0"); // set cache variables _cache.Set(CacheNames.user, user); _cache.Set(CacheNames.logged, "1"); _cache.Set(CacheNames.masterPassword, user.Password); _cache.Set(CacheNames.getMasterPassword, "0"); return(RedirectToAction("Index", "Home")); } else if (Functions.IsUserBlocked(user)) { error = "\n\nKonto jest zablokowane do " + user.AccountBlockDate; } else { LoginAttempt failedLoginAttempt = new LoginAttempt() { UserId = user.Id, AddressIp = ip, Attempt = lastAttempt.Attempt + 1, Date = DateTime.Now, Successful = false }; switch (failedLoginAttempt.Attempt) { case 1: break; case 2: user.AccountBlockDate = DateTime.Now.AddSeconds(15); user.IsAccountBlocked = true; break; case 3: user.AccountBlockDate = DateTime.Now.AddSeconds(30); user.IsAccountBlocked = true; break; case 4: user.AccountBlockDate = DateTime.Now.AddMinutes(2); user.IsAccountBlocked = true; break; default: user.AccountBlockDate = DateTime.Now.AddYears(30); user.IsAccountBlocked = true; break; } address.Incorrect++; switch (address.Incorrect) { case 1: break; case 2: break; case 3: break; case 4: break; case 5: address.IpBlockDate = DateTime.Now.AddSeconds(15); break; case 6: address.IpBlockDate = DateTime.Now.AddSeconds(30); break; default: address.IpBlockDate = DateTime.Now.AddMinutes(1); break; } _db.LoginAttempts.Add(failedLoginAttempt); _db.SaveChanges(); if (Functions.IsUserBlocked(user)) { error = "Konto jest zablokowane do " + user.AccountBlockDate; } } } } if (address.IpBlockDate > DateTime.Now) { error2 = "Twoje IP jest zablokowane do " + address.IpBlockDate; } AppViewModel appViewModel = new AppViewModel { User = App.User, Logged = Functions.getLogged(_cache), Error = error, Error2 = error2 }; return(View("Login", appViewModel)); }