/// <inheritdoc cref="Owasp.Esapi.Interfaces.IAccessReferenceMap.AddDirectReference(object)"/>
public string AddDirectReference(object direct)
{
if (direct == null)
{
throw new ArgumentNullException("direct");
}
string indirect = random.GetRandomString(6, CharSetValues.Alphanumerics);
itod[indirect] = direct;
dtoi[direct] = indirect;
return(indirect);
}
/// <summary> Adds a direct reference and a new random indirect reference, overwriting any existing values.</summary>
/// <param name="direct">
/// The direct reference.
/// </param>
public void AddDirectReference(string direct)
{
string indirect = random.GetRandomString(6, Encoder.CHAR_ALPHANUMERICS);
itod[indirect] = direct;
dtoi[direct] = indirect;
}
public void Test_GetRandomString()
{
System.Console.Out.WriteLine("GetRandomString");
int length = 20;
IRandomizer randomizer = Esapi.Randomizer;
for (int i = 0; i < 100; i++)
{
string result = randomizer.GetRandomString(length, Owasp.Esapi.CharSetValues.Alphanumerics);
Assert.AreEqual(length, result.Length);
}
}
private string GenerateStrongPassword(string oldPassword)
{
IRandomizer randomizer = Owasp.Esapi.Esapi.Randomizer();
string newPassword = "";
int num = 10;
for (int index = 0; index < num; ++index)
{
try
{
newPassword = randomizer.GetRandomString(8, Encoder.CHAR_PASSWORD);
VerifyPasswordStrength(newPassword, oldPassword);
return(newPassword);
}
catch (AuthenticationException ex)
{
Authenticator.logger.LogDebug(ILogger_Fields.SECURITY, "Password generator created weak password: "******". Regenerating.", (Exception)ex);
}
}
Authenticator.logger.LogCritical(ILogger_Fields.SECURITY, "Strong password generation failed after " + (object)num + " attempts");
return((string)null);
}
/// <summary> Generates a strong password, different from the previous password.
///
/// </summary>
/// <param name="oldPassword">The old password for the user.
/// </param>
/// <returns> The cryptographically strong password.
/// </returns>
private string GenerateStrongPassword(string oldPassword)
{
IRandomizer r = Esapi.Randomizer();
string newPassword = "";
int limit = 10;
for (int i = 0; i < limit; i++)
{
try
{
newPassword = r.GetRandomString(8, Encoder.CHAR_PASSWORD);
VerifyPasswordStrength(newPassword, oldPassword);
return(newPassword);
}
catch (AuthenticationException e)
{
logger.LogDebug(ILogger_Fields.SECURITY, "Password generator created weak password: "******". Regenerating.", e);
}
}
logger.LogCritical(ILogger_Fields.SECURITY, "Strong password generation failed after " + limit + " attempts");
return(null);
}