public void Different_salt_produces_different_hash() { var salt1 = PasswordHasher.GenerateSalt(); var salt2 = PasswordHasher.GenerateSalt(); using (var sha256 = new SHA256CryptoServiceProvider()) { var passwordHasher = new PasswordHasher(sha256); string hash1 = passwordHasher.ComputeHash("foobar", salt1); string hash2 = passwordHasher.ComputeHash("foobar", salt2); Assert.AreNotEqual(hash1, hash2); } }
public IActionResult Register([FromBody] RegisterViewModel model) { if (model == null) { return(BadRequest("No parameters given.")); } if (userService.GetByEmail(model.Email) != null) { return(BadRequest("Email already exists.")); } var role = roleService.GetByName("ROLE_USER"); var user = mapper.Map(model, new User()); user.RoleId = role.Id; user.Password = PasswordHasher.ComputeHash(model.Password, null); if (!userService.Create(user)) { return(Conflict("An error has occured! Could not register the user!")); } return(Ok()); }
public bool UpdatePassword(string username, string oldPassword, string newPassword) { var users = Repo.GetAll(); var userToChange = users.FirstOrDefault(x => x.UserName == username); if (userToChange == null) { return(false); } var passwordMatch = PasswordHasher.VerifyPassword(oldPassword, userToChange.Salt, userToChange.Hash); if (!passwordMatch) { throw new SecurityException("Incorrect password."); } var newSalt = PasswordHasher.GenerateSalt(); var newHash = PasswordHasher.ComputeHash(newPassword, newSalt); userToChange.Hash = newHash; userToChange.Salt = newSalt; return(Repo.Update(userToChange)); }
public User AddUser(string username, string password) { IPasswordHasher passwordHasher = new PasswordHasher(); PasswordHash hash = passwordHasher.ComputeHash(password); try { using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); SqlCommand cmd = new SqlCommand("INSERT INTO users (username, password_hash, salt) VALUES (@username, @password_hash, @salt)", conn); cmd.Parameters.AddWithValue("@username", username); cmd.Parameters.AddWithValue("@password_hash", hash.Password); cmd.Parameters.AddWithValue("@salt", hash.Salt); cmd.ExecuteNonQuery(); cmd = new SqlCommand("SELECT @@IDENTITY", conn); int userId = Convert.ToInt32(cmd.ExecuteScalar()); cmd = new SqlCommand("INSERT INTO accounts (user_id, balance) VALUES (@userid, @startBalance)", conn); cmd.Parameters.AddWithValue("@userid", userId); cmd.Parameters.AddWithValue("@startBalance", startingBalance); cmd.ExecuteNonQuery(); } } catch (SqlException) { throw; } return(GetUser(username)); }
private void SeedEmployees(SoftCinemaContext context) { User employee1 = new User() { Username = "******", PasswordHash = PasswordHasher.ComputeHash("123", PasswordHasher.Supported_HA.SHA512, null), Email = "*****@*****.**", Role = Role.Employee }; User employee2 = new User() { Username = "******", PasswordHash = PasswordHasher.ComputeHash("123", PasswordHasher.Supported_HA.SHA512, null), Email = "*****@*****.**", Role = Role.Employee }; User employee3 = new User() { Username = "******", PasswordHash = PasswordHasher.ComputeHash("123", PasswordHasher.Supported_HA.SHA512, null), Email = "*****@*****.**", Role = Role.Employee }; context.Users.AddOrUpdate(u => u.Username, employee1, employee2, employee3); context.SaveChanges(); }
public static bool UpdatePassword(string username, string oldPassword, string newPassword) { var repo = new UserRepository <UsersModel>(Db); var users = repo.GetAll(); var userToChange = users.FirstOrDefault(x => x.UserName == username); if (userToChange == null) { return(false); } var passwordMatch = PasswordHasher.VerifyPassword(oldPassword, userToChange.Salt, userToChange.Hash); if (!passwordMatch) { throw new SecurityException("Password does not match"); } var newSalt = PasswordHasher.GenerateSalt(); var newHash = PasswordHasher.ComputeHash(newPassword, newSalt); userToChange.Hash = newHash; userToChange.Salt = newSalt; return(repo.Update(userToChange)); }
/// <summary> /// Добавить пользователя. /// </summary> /// <param name="userModel">Данные о пользователе</param> /// <returns>Идентификатор пользователя или -100, если пользователь уже существует</returns> public long InsertUser(UserModel userModel) { // Преобразуем адрес электронной почты к строчным буквам userModel.Email = userModel.Email.ToLower(); // Получаем данные о пользователе по адресу электронной почты var user = GetUserByEmail(userModel.Email); if (user != null) // Если пользователь найден { return(-100); // Возвращаем код -100 } var now = DateTime.Now; // Берём текущуие дату и время var salt = PasswordHasher.GenerateSalt(); // Генерируем модификатор пароля // Вычисляем хэш-код пароля var pwdHash = Convert.ToBase64String(PasswordHasher.ComputeHash(userModel.Password, salt)); userModel.CreationDate = now; // Задаём дату и время создания userModel.ModificationDate = now; // Задаём дату и время изменения // генерируем жетон проверки пользователя userModel.ValidationToken = Guid.NewGuid().ToString(); // Преобразуем модификатор пароля в текстовый вид userModel.PasswordSalt = Convert.ToBase64String(salt); // Устанавливаем хэш пароля userModel.Password = pwdHash; // Добавляем пользователя в хранилище пользователей var modelId = usersRepository.Insert(userModel); // Подтверждаем Единицу работы UnitOfWork.Commit(); // Возвращаем идентификатор созданного пользователя return(modelId); }
public User AddUser(string username, string password, string role) { IPasswordHasher passwordHasher = new PasswordHasher(); PasswordHash hash = passwordHasher.ComputeHash(password); try { using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); SqlCommand cmd = new SqlCommand("INSERT INTO users (username, password_hash, salt, user_role) VALUES (@username, @password_hash, @salt, @user_role)", conn); cmd.Parameters.AddWithValue("@username", username); cmd.Parameters.AddWithValue("@password_hash", hash.Password); cmd.Parameters.AddWithValue("@salt", hash.Salt); cmd.Parameters.AddWithValue("@user_role", role); cmd.ExecuteNonQuery(); } } catch (SqlException) { throw; } return(GetUser(username)); }
public User AddUser(RegisterUser user) { IPasswordHasher passwordHasher = new PasswordHasher(); PasswordHash hash = passwordHasher.ComputeHash(user.Password); try { using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); SqlCommand cmd = new SqlCommand("INSERT INTO users (username, name, address, phone_number, contact_times, password_hash, salt, user_role) VALUES (@username, @name, @address, @phone_number, @contact_times, @password_hash, @salt, @user_role)", conn); cmd.Parameters.AddWithValue("@username", user.Username); cmd.Parameters.AddWithValue("@name", user.Name); cmd.Parameters.AddWithValue("@address", user.Address); cmd.Parameters.AddWithValue("@phone_number", user.Phone_Number); cmd.Parameters.AddWithValue("@contact_times", user.Contact_Times); cmd.Parameters.AddWithValue("@password_hash", hash.Password); cmd.Parameters.AddWithValue("@salt", hash.Salt); cmd.Parameters.AddWithValue("@user_role", user.Role); cmd.ExecuteNonQuery(); } } catch (SqlException) { throw; } return(GetUser(user.Username)); }
public async Task <IActionResult> UpdateProfile(int id, [FromBody] UpdateUserProfileModel model) { if (id <= 0 || model is null) { return(BadRequest(new { Message = "Invalid client request" })); } if (!ModelState.IsValid) { return(BadRequest(new { Message = ModelState.Values.SelectMany(x => x.Errors) })); } try { var user = await this._userService.Get(id); if (user == null) { return(NotFound(new { Message = "User not found" })); } user.Culture = model.Culture; user.Firstname = model.Firstname; user.Surname = model.Surname; user.Timezone = model.Timezone; if (!string.IsNullOrEmpty(model.Password) & !string.IsNullOrEmpty(model.NewPassword)) { if (!PasswordHasher.VerifyHash(model.Password, user.Salt, user.PasswordHash)) { return(BadRequest(new { Message = "Wrong current password" })); } var hash = PasswordHasher.ComputeHash(model.NewPassword); user.PasswordHash = hash.Hash; user.Salt = hash.Salt; await _userService.Update(user); return(Ok(new { Message = "User was updated" })); } await _userService.Update(user); var links = HypermediaHelper.PutUserHypermediaLinks(this, id); return(Ok(new { Message = "User updated", Links = links })); } catch (UserException exception) { return(BadRequest(new { exception.Message })); } catch (Exception) { return(StatusCode(500)); } }
public User AddUser(string username, string password) { IPasswordHasher passwordHasher = new PasswordHasher(); PasswordHash hash = passwordHasher.ComputeHash(password); try { using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); SqlCommand cmd = new SqlCommand(sql_addUser, conn); cmd.Parameters.AddWithValue("@username", username); cmd.Parameters.AddWithValue("@password_hash", hash.Password); cmd.Parameters.AddWithValue("@salt", hash.Salt); cmd.ExecuteNonQuery(); } } catch (SqlException ex) { throw; } return(GetUser(username)); }
public long InsertUser(UserModel userModel) { userModel.Email = userModel.Email.ToLower(); var user = GetUserByEmail(userModel.Email); if (user != null) { return(-100); } var now = DateTime.Now; var salt = PasswordHasher.GenerateSalt(); var pwdHash = Convert.ToBase64String(PasswordHasher.ComputeHash(userModel.Password, salt)); userModel.CreationDate = now; userModel.ModificationDate = now; userModel.ValidationToken = Guid.NewGuid().ToString(); userModel.PasswordSalt = Convert.ToBase64String(salt); userModel.Password = pwdHash; var modelId = usersRepository.Insert(userModel); UnitOfWork.Commit(); return(modelId); }
public void HashProvider_ReturnsHashedPassword() { PasswordHasher hashProvider = new PasswordHasher(); var hashedPassword = hashProvider.ComputeHash("password123"); Assert.IsNotNull(hashedPassword.Salt); Assert.AreNotEqual(hashedPassword.Password, "password123"); }
public static AccountModel ToAccountModel(this RegisterFormViewModel ViewModel) { AccountModel Model = new AccountModel(); Model = Mapper.Map <RegisterFormViewModel, AccountModel>(ViewModel); Model.Salt = PasswordHasher.GenerateSalt(); Model.Password = PasswordHasher.ComputeHash(ViewModel.Password, Model.Salt); return(Model); }
public void ComputeHash_ShouldThrowWhenInvalidPassword(string password) { // Arrange var sut = new PasswordHasher(); // Act Func <string> act = () => sut.ComputeHash(password); // Assert act.Should().Throw <ArgumentException>(); }
private async void RegisterMethod() { string errors = null; if (IsValid(ValidatesProperties, out errors)) { Errors = errors; var salt = PasswordHasher.GenerateSalt(); var hashedPassword = PasswordHasher.ComputeHash(Password, salt); if (Password != ConfirmPassword) { Errors += "Password and Confirm password fields must match.\r\n"; return; } if (!_database.Users.Any(u => u.Login == Login)) { var user = _database.Users.Add(new User { Login = Login, Password = Convert.ToBase64String(hashedPassword), Salt = Convert.ToBase64String(salt), Name = FirstName, Surname = LastName, Birthday = DateTime.Parse(Birthday), PositionId = Position.Id, IsActive = true }); await _database.SaveChangesAsync(); user.UserRoles.Add(new UserRole { RoleId = Constants.UserRole, UserId = user.Id }); await _database.SaveChangesAsync(); GoToLoginPageMethod(); } else { Errors += "User with same login is already exists.\r\n"; } } else { Errors = errors; } Errors = Errors?.Trim(); }
/// <summary> /// Saves the entity. /// </summary> /// <param name="entity">The entity.</param> public override void SaveEntity(User entity) { if (entity.IsNew || string.IsNullOrEmpty(entity.Password) || !entity.Password.IsBase64()) { AssertSpecification(entity, new UserHasValidPasswordSpec()); entity.Salt = PasswordHasher.GenerateSalt(); entity.Password = PasswordHasher.ComputeHash(entity.Password, entity.Salt); } base.SaveEntity(entity); }
public void ComputeHash_ShouldComputeHash() { // Arrange var sut = new PasswordHasher(); // Act string hash = sut.ComputeHash("12345"); // Assert hash.Should().NotBeNullOrEmpty(); }
public void TestHash() { var password = "******"; var salt = PasswordHasher.GenerateSalt(); var hash = PasswordHasher.ComputeHash(password, salt); Assert.That(hash, Is.Not.EqualTo(password)); var match = PasswordHasher.VerifyPassword(password, salt, hash); Assert.That(match, Is.True); }
public HttpResponseMessage RegisterUser(AppUser user) { if (user == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } user.HashedPassword = PasswordHasher.ComputeHash(user.password); _appUserService.Create(user); return(new HttpResponseMessage { Content = new StringContent("User registered success"), StatusCode = HttpStatusCode.OK }); }
private async void RegisterMethod() { string errors = null; if (IsValid(ValidatesProperties, out errors)) { Errors = errors; var salt = PasswordHasher.GenerateSalt(); var password = RandomStringGenerator.GenerateRandomString(20, false); var hashedPassword = PasswordHasher.ComputeHash(password, salt); if (!_database.Users.Any(u => u.Login == Login)) { var user = _database.Users.Add(new User { Login = Login, Password = Convert.ToBase64String(hashedPassword), Salt = Convert.ToBase64String(salt), Name = FirstName, Surname = LastName, Birthday = DateTime.Parse(Birthday), PositionId = Position.Id, IsInitial = true, DefaultPassword = password, IsActive = true }); await _database.SaveChangesAsync(); user.UserRoles.Add(new UserRole { RoleId = Role.Id, UserId = user.Id }); await _database.SaveChangesAsync(); } else { Errors = "User with same login is already exists.\r\n"; } await GetUsersMethod(); _eventAggregator.GetEvent <UpdateUserEvent>().Publish(); } else { Errors = errors; } Errors = Errors?.Trim(); }
private async void ChangePasswordMethod() { if (IsValid(ValidatesProperties, out var errors)) { if (NewPassword == ConfirmNewPassword) { Errors = string.Empty; using (var _database = new ITManagerEntities()) { var user = ShellViewModel.CurrentUser; if (user != null) { var _user = _database.Users.Where(u => u.Id == user.Id).FirstOrDefault(); if (_user != null) { var salt = Convert.FromBase64String(user.Salt); _user.Salt = Convert.ToBase64String(salt); _user.IsInitial = false; _user.Password = Convert.ToBase64String(PasswordHasher.ComputeHash(NewPassword, salt)); _user.DefaultPassword = null; await _database.SaveChangesAsync(); if (user.UserRoles.Any(r => r.RoleId == Constants.AdministratorRole)) { _navigationService.NavigateTo(Constants.RolesManagementView); } else if (user.UserRoles.Any(r => r.RoleId == Constants.ManagerRole)) { _navigationService.NavigateTo(Constants.SearchView); } else if (user.UserRoles.Any(r => r.RoleId == Constants.UserRole)) { _navigationService.NavigateTo(Constants.MyPersonalPageView); } _eventAggregator.GetEvent <CloseMenuEvent>().Publish(false); } } } } else { Errors = "Passwords must match."; } } else { Errors = errors; } Errors = Errors.Trim(); }
public void Register(AppUser user) { bool isLoginAvailable = Repository.Any(x => x.AppUsername.Equals(user.AppUsername)) == false; if (isLoginAvailable == false) { throw new InvalidDataException("Cannot register user, the username already exists"); } user.Password = PasswordHasher.ComputeHash(user.Password); Repository.Add(user); _unitOfWork.Commit(); }
public void Verify_ShouldNotVerifyInvalidPassword() { // Arrange var sut = new PasswordHasher(); // Act string hash = sut.ComputeHash("12345"); bool verified = sut.Verify(hash, "54321"); // Assert verified.Should().BeFalse(); }
private void SeedAdmin(SoftCinemaContext context) { User admin = new User() { Username = "******", PasswordHash = PasswordHasher.ComputeHash("Admin13", PasswordHasher.Supported_HA.SHA512, null), Email = "*****@*****.**", Role = Role.Admin, PhoneNumber = "0878000000" }; context.Users.AddOrUpdate(u => u.Username, admin); context.SaveChanges(); }
public void Verify_ShouldVerifyComputedHash() { // Arrange string password = "******"; var sut = new PasswordHasher(); // Act string hash = sut.ComputeHash(password); bool verified = sut.Verify(hash, password); // Assert verified.Should().BeTrue(); }
public void ComputerHash_produces_expected_hash() { var salt = new byte[1] { 1 }; using (var sha256 = new SHA256CryptoServiceProvider()) { var passwordHasher = new PasswordHasher(sha256); string hash = passwordHasher.ComputeHash("foobar", salt); Assert.AreEqual("F0-39-42-EC-A4-82-7C-93-93-1F-EE-97-F1-17-47-9E-F4-74-C9-AA-A4-49-65-5D-DF-FB-48-88-6B-DE-58-AD", hash); } }
public bool IsUsernameAndPasswordValid(string userName, string password) { using (SqlConnection connection = new SqlConnection(connectionString)) { connection.Open(); SqlCommand command = connection.CreateCommand(); command.CommandText = sql_IsUsernameAndPasswordValid; command.Parameters.AddWithValue("@username", userName); SqlDataReader reader = command.ExecuteReader(); if (reader.Read()) { string storedPassword = (string)reader["password"]; string storedSalt = (string)reader["salt"]; string computedHash = passwordHasher.ComputeHash(password, Convert.FromBase64String(storedSalt)); return(computedHash.Equals(storedPassword)); } return(false); } }
public static UserDto CreateUpdateUserModelToUserDto(CreateUpdateUserModel from) { var hashed = PasswordHasher.ComputeHash(from.Password); return(new UserDto { Email = from.Email, Surname = from.Surname, Culture = from.Culture, Firstname = from.Firstname, Timezone = from.Timezone, PasswordHash = hashed?.Hash, UserName = from.UserName, Salt = hashed?.Salt }); }
public static Encrypted For(string PlainText) { var encrypted = new Encrypted(); try { encrypted.Salt = PasswordHasher.GenerateSalt(); encrypted.Hash = PasswordHasher.ComputeHash(PlainText, encrypted.Salt); } catch (Exception ex) { throw new EncryptedInvalidException(PlainText, ex); } return(encrypted); }