private bool ValidatePasswordHashed(UserPart userPart, string password)
{
var saltBytes = Convert.FromBase64String(userPart.PasswordSalt);
bool isValid;
if (userPart.HashAlgorithm == PBKDF2)
{
// We can't reuse ComputeHashBase64 as the internally generated salt repeated calls to Crypto.HashPassword() return different results.
isValid = Crypto.VerifyHashedPassword(userPart.Password, Encoding.Unicode.GetString(CombineSaltAndPassword(saltBytes, password)));
}
else
{
isValid = SecureStringEquality(userPart.Password, ComputeHashBase64(userPart.HashAlgorithm, saltBytes, password));
}
// Migrating older password hashes to Default algorithm if necessary and enabled.
if (isValid && userPart.HashAlgorithm != DefaultHashAlgorithm)
{
var keepOldConfiguration = _appConfigurationAccessor.GetConfiguration("Orchard.Users.KeepOldPasswordHash");
if (String.IsNullOrEmpty(keepOldConfiguration) || keepOldConfiguration.Equals("false", StringComparison.OrdinalIgnoreCase))
{
userPart.HashAlgorithm = DefaultHashAlgorithm;
userPart.Password = ComputeHashBase64(userPart.HashAlgorithm, saltBytes, password);
}
}
return(isValid);
}
/// <summary>
/// Get list of comma separated paths from web.config appSettings
/// Also return the default path
/// </summary>
static string[] GetConfigPaths(IAppConfigurationAccessor appConfigurationAccessor, string key, string defaultPath)
{
char[] delim = { ',' };
string configuration = appConfigurationAccessor.GetConfiguration(key) ?? "";
return(configuration.Split(delim, StringSplitOptions.RemoveEmptyEntries).Concat(new string[] { defaultPath }).Select(s => s.Trim()).Distinct(StringComparer.OrdinalIgnoreCase).ToArray());
}
private bool PasswordIsValid(string password)
{
var configuredPassword = _appConfigurationAccessor.GetConfiguration(AppConfigurationKeys.ApiPassword);
Argument.ThrowIfNullOrEmpty(configuredPassword, AppConfigurationKeys.ApiPassword);
return(password == configuredPassword);
}
public ApiResult GetLastVersion(string softKey)
{
int totalCount;
var last = _currencyService.GetListPaged <SoftRelease>(1, 1, sr => sr.SoftKey.Equals(softKey, StringComparison.OrdinalIgnoreCase), out totalCount, new OrderModelField {
IsDesc = true, PropertyName = "CreateTime"
});
var result = new ApiResult();
if (last.Count > 0)
{
var item = last.FirstOrDefault();
if (item != null)
{
var fileHttpUrl = _appConfigurationAccessor.GetConfiguration("FileHttpUrl");
item.DownloadUrl = fileHttpUrl + item.DownloadUrl;
result.SetData(item);
}
}
return(result);
}
public bool IsValueEqual(HashedStringField field, string value)
{
// Preliminary checks.
if (string.IsNullOrWhiteSpace(field.Salt))
{
return(false);
}
if (string.IsNullOrWhiteSpace(field.HashAlgorithm))
{
return(false);
}
bool isValid;
var saltBytes = Convert.FromBase64String(field.Salt);
if (field.HashAlgorithm == PBKDF2)
{
// We can't reuse ComputeHashBase64 as the internally generated salt repeated calls to Crypto.HashPassword() return different results.
isValid = Crypto.VerifyHashedPassword(field.Value, Encoding.Unicode.GetString(CombineSaltAndPassword(saltBytes, value)));
}
else
{
isValid = SecureStringEquality(field.Value, ComputeHashBase64(field.HashAlgorithm, saltBytes, value));
}
// Migrating older hashes to Default algorithm if necessary and enabled.
if (isValid && field.HashAlgorithm != DefaultHashAlgorithm)
{
var keepOldConfiguration = _appConfigurationAccessor.GetConfiguration("Orchard.Users.KeepOldPasswordHash");
if (String.IsNullOrEmpty(keepOldConfiguration) || keepOldConfiguration.Equals("false", StringComparison.OrdinalIgnoreCase))
{
field.HashAlgorithm = DefaultHashAlgorithm;
field.Value = ComputeHashBase64(field.HashAlgorithm, saltBytes, value);
}
}
return(isValid);
}
/// <summary>
/// Get list of comma separated paths from web.config appSettings
/// Also return the default path
/// </summary>
static string[] GetConfigPaths(IAppConfigurationAccessor appConfigurationAccessor, string key, string defaultPath) {
char[] delim = { ',' };
string configuration = appConfigurationAccessor.GetConfiguration(key) ?? "";
return configuration.Split(delim, StringSplitOptions.RemoveEmptyEntries).Concat(new string[] { defaultPath }).Select(s => s.Trim()).Distinct(StringComparer.OrdinalIgnoreCase).ToArray();
}
