private User_Sec SetPassword(User user, string email, string pass = null, string subject = null) { string passResult = string.IsNullOrEmpty(pass) ? Password.Generate(Password.minPasswordLength) : pass; User_Sec user_sec = new User_Sec() { Id = user.Id, Pass = Password.ComputeHash(passResult) }; ExecQuery((query) => { query.ExecuteNonQuery(@"user\sec\[set]", new SqlParameter[] { new SqlParameter("@id", value: user_sec.Id), new SqlParameter("@pass", value: user_sec.Pass) }); }); //if (!string.IsNullOrEmpty(user.phone)) //{ // string body = string.Concat("Ваш пароль для входа: ", user_sec.pass); // var resultSMS = SMS.SendSMS("https://sms.ru/sms/send?api_id=112D81F5-A8AD-6687-4914-0DD89D0528A0&to=7", user.phone, body); //} if (!string.IsNullOrEmpty(email) && !string.IsNullOrEmpty(subject)) { string body = string.Concat("Ваш пароль для входа: ", passResult); Core.Net.EMail.SendEMail(AppSettings.Smtp.Host, AppSettings.Smtp.Port, AppSettings.Smtp.EnableSsl, AppSettings.Mail.Address, AppSettings.Mail.Password, email, subject, body); } return(user_sec); }
public HttpMessage <UserWithRole> Login(LoginUser login) { return(TryCatchResponse(() => { if (login == null || string.IsNullOrEmpty(login.Email) || string.IsNullOrEmpty(login.Pass)) { throw new Exception("Неверные параметры для входа."); } List <User> users = GetUsers(login.Email); if (users == null || users.Count == 0) { throw new Exception("Пользователь не найден."); } User user = GetUserByPass(Password.ComputeHash(login.Pass), users); if (user == null || user.D != 0) { throw new Exception("Пользователь не найден."); } UserWithRole result = new UserWithRole() { Id = user.Id, Email = user.Email }; result.Roles = GetUserRoles(user.Id); return CreateResponseOk(result); })); }
public ActionResult UpdatePassword(string password) { if (ValidationUtility.IsValidPassword(password)) { var salt = Password.GenerateSalt(); var hash = Password.ComputeHash(password, salt); Database.Instance.UpdatePassword(hash, salt); } return(RedirectToAction(nameof(Settings))); }
public ActionResult ChangePassword(PreferenceChangePasswordModel data) { SelectCustomerModel customerData = new SelectCustomerModel() { Email = data.email }; CustomerResultModel customerResult = customerTable.SelectRecord(customerData); if (customerResult.CustomerUUID == null) { return(Json(new { result = "Fail", reason = "Invalid Customer" })); } bool verifyPassword = Password.VerifyHash(data.oldPassword, customerResult.Hash); if (!verifyPassword) { return(Json(new { result = "Fail", reason = "Invalid Password" })); } //Generate Password's Salt and Hash byte[] salt = Password.ComputeSaltBytes(); string hashString = Password.ComputeHash(data.newPassword, salt); string saltString = Convert.ToBase64String(salt); customerResult.Hash = hashString; customerResult.Salt = saltString; UpdateCustomerModel customerUpdate = new UpdateCustomerModel() { CustomerUUID = customerResult.CustomerUUID, Email = customerResult.Email, FirstName = customerResult.FirstName, LastName = customerResult.LastName, Hash = customerResult.Hash, Salt = customerResult.Salt, Phone = customerResult.Phone }; NonQueryResultModel updateResult = customerTable.UpdateRecord(customerUpdate); if (updateResult.Success) { return(Json(new { result = "Success" })); } else { return(Json(new { result = "Fail", reason = "Password was not updated" })); } }
public HttpMessage <string> ChangePass(ProfileUser profile_user) { return(TryCatchResponse(() => { if (profile_user == null || string.IsNullOrEmpty(profile_user.Email)) { throw new Exception("Неверные параметры для изменения пароля."); } List <User> users = GetUsers(profile_user.Email); if (users == null || users.Count == 0) { throw new Exception("Пользователь не найден."); } User user = GetUserByPass(Password.ComputeHash(profile_user.Pass), users); if (user == null) { throw new Exception("Неверно указан пароль."); } if (string.IsNullOrEmpty(profile_user.ChangePass)) { throw new Exception("Не указан новый пароль."); } switch (Password.Check(profile_user.ChangePass)) { case 1: throw new Exception("Пароль слишком короткий."); case 2: throw new Exception("Не указан хотя бы один заглавный символ."); case 3: throw new Exception("Не указан хотя бы один прописной символ."); case 4: throw new Exception("Не указана хотя бы одна цифра."); default: break; } SetPassword(users[0], users[0].Email, profile_user.ChangePass, "Изменение пароля в Auto Parts Site"); return CreateResponseOk("Ok"); })); }
public async Task <HttpResponseMessage> UpdateActivities(Guid ID, string username, string password) { if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Username and password are required.")); } string hashedPassword = Password.ComputeHash(password); Guid? userID = await DataContext.Users.Where(u => u.UserName == username && u.PasswordHash == hashedPassword && u.Active && !u.Deleted).Select(u => (Guid?)u.ID).FirstOrDefaultAsync(); if (!userID.HasValue) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Invalid credentials.")); } string serviceUrl = System.Web.Configuration.WebConfigurationManager.AppSettings["Activities.Url"]; string serviceUser = (System.Web.Configuration.WebConfigurationManager.AppSettings["Activities.Import.User"] ?? string.Empty).DecryptString(); string servicePassword = (System.Web.Configuration.WebConfigurationManager.AppSettings["Activities.Import.Password"] ?? string.Empty).DecryptString(); if (string.IsNullOrEmpty(serviceUrl) || string.IsNullOrEmpty(serviceUser) || string.IsNullOrEmpty(servicePassword)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "External service configuration is incomplete, make sure the service url and credentials have been configured correctly.")); } var updater = new ProjectActivitiesUpdater(DataContext, serviceUrl, serviceUser, servicePassword); if (!await updater.CanUpdate(userID.Value, ID)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Unable to determine project, confirm that the specified project ID is correct for an Active project and that the user has permission to Update Activities for the project.")); } await updater.DoUpdate(ID); if (updater.StatusCode != HttpStatusCode.OK) { return(Request.CreateErrorResponse(updater.StatusCode, updater.StatusMessage)); } //return ok for status if update was successful. return(Request.CreateResponse(HttpStatusCode.OK)); }
public static bool TryToAuthenticate(string password) { var hash = string.Empty; var settings = Database.Instance.GetSettings(); try { hash = Password.ComputeHash(password, settings.PasswordSalt); } catch (Exception) { // Password validation failed } if (Password.AreEqual(settings.PasswordHash, hash)) { HttpContext.Current.Session[AUTHENTICATED] = true; return(true); } return(false); }
public void PasswordHashingTest() { var passwordLength = Password.PASSWORD_HASH_SIZE * 2; var salt = "73a7b6dc8d1d75a0352c3ba917266afa"; var password = "******"; var hash1 = Password.ComputeHash(password, salt); var hash2 = Password.ComputeHash(password, salt); var hash3 = Password.ComputeHash(password, salt); var hash4 = Password.ComputeHash(password + "5", salt); Assert.IsTrue(hash1.Length == passwordLength); Assert.IsTrue(hash2.Length == passwordLength); Assert.IsTrue(hash3.Length == passwordLength); Assert.IsTrue(hash4.Length == passwordLength); Assert.IsTrue(Password.AreEqual(hash1, hash2)); Assert.IsTrue(Password.AreEqual(hash1, hash3)); Assert.IsTrue(Password.AreEqual(hash2, hash3)); Assert.IsFalse(Password.AreEqual(hash1, hash4)); Assert.IsFalse(Password.AreEqual(hash2, hash4)); Assert.IsFalse(Password.AreEqual(hash3, hash4)); }
public ActionResult Register(LoginRegisterModel id) { //Check if we already have a user registered with the same email address if (customerTable.SelectRecord(new SelectCustomerModel() { Email = id.email }).CustomerUUID != null) { return(Json(new { result = "Fail", reason = "Email address is already registered" })); } //Generate Password's Salt and Hash byte[] salt = Password.ComputeSaltBytes(); string hashString = Password.ComputeHash(id.password, salt); string saltString = Convert.ToBase64String(salt); //Insert into Customer table InsertCustomerModel newCustomer = new InsertCustomerModel() { FirstName = id.firstName, LastName = id.lastName, Phone = id.phone, Email = id.email, Hash = hashString, Salt = saltString }; CustomerResultModel customerResult = customerTable.InsertRecord(newCustomer); //If it didn't insert, then we won't get a UUID back if (customerResult.CustomerUUID == null) { return(Json(new { result = "Fail", reason = "Insert into the database was not successful" })); } //Insert customer's address into the address table InsertAddressModel customerAddress = new InsertAddressModel() { CustomerUUID = customerResult.CustomerUUID, BillingAddress = id.address, BillingAddress2 = id.address2, BillingCity = id.city, BillingState = id.state, BillingZip = Int32.Parse(id.postalCode), ShippingAddress = id.address, ShippingAddress2 = id.address2, ShippingCity = id.city, ShippingState = id.state, ShippingZip = Int32.Parse(id.postalCode) }; NonQueryResultModel addressResult = addressTable.InsertRecord(customerAddress); //We have the option to 'do something' if the insert fails //Insert into Query table InsertQueryModel customerQuery = new InsertQueryModel() { CustomerUUID = customerResult.CustomerUUID, Category = "", CategoryID = "", Frequency = "", PriceLimit = "" }; NonQueryResultModel queryResult = queryTable.InsertRecord(customerQuery); //If this fails, we have the option of doing something //Aaaand we're done. return(Json(new { result = "Success" })); }