public void ShoudReturnHashOfSpecifiedLength(string word, int saltLen, int hashLen, int iter)
{
string res = SaltHash.GetSaltedHash(word, saltLen, hashLen, iter);
byte[] testBytes = Convert.FromBase64String(res);
Assert.Equal(saltLen + hashLen, testBytes.Length);
}
/// <summary>
/// Edita un usuario existente.
/// </summary>
/// <param name="usr">Datos del usuario.</param>
/// <param name="changePassword">Indica si se le cambió el password.</param>
public void Editar(Usuario usr, bool changePassword)
{
using (var modelo = new GESTOR_DOCUMENTAL())
{
Usuario usrEditar = modelo.Usuario.Where(o => o.IdUsuario == usr.IdUsuario).FirstOrDefault();
if (usrEditar != null)
{
usrEditar.Alias = usr.Alias;
usrEditar.Nombre = usr.Nombre;
usrEditar.IdGrupo = usr.IdGrupo;
usrEditar.IdDepartamento = usr.IdDepartamento;
usrEditar.IdArea = usr.IdArea;
usrEditar.IdGrupoLector = usr.IdGrupoLector;
usrEditar.FechaEdicion = DateTime.Now;
usrEditar.IdUsuarioEdicion = Util.Sesion.Current.IdUsuario;
if (changePassword)
{
SaltHash sh = Crypto.CrearHash(usr.Password);
usrEditar.Password = Convert.ToBase64String(sh.hash);
usrEditar.Salt = Convert.ToBase64String(sh.salt);
}
modelo.SaveChanges();
}
}
}
public async Task <UserModel> FindByUserNameAsync(string userName)
{
return(await Task.FromResult <UserModel>(new UserModel()
{
UserName = userName,
PasswordHash = SaltHash.HashPassword("abc123")
}));
}
public ActionResult Create([Bind(Include = "UserID,UserName,MobileNo,DOB,Address,Email,Password")] User user)
{
if (ModelState.IsValid)
{
SaltHash sh = new SaltHash();
user.Password = sh.ComputeHash(user.Password, null, null);
db.Users.Add(user);
db.SaveChanges();
return(RedirectToAction("Index"));
}
return(View(user));
}
/// <summary>
/// Inserta un nuevo usuario.
/// </summary>
/// <param name="usr"></param>
public void Insertar(Usuario usr)
{
using (var modelo = new GESTOR_DOCUMENTAL())
{
SaltHash sh = Crypto.CrearHash(usr.Password);
usr.Password = Convert.ToBase64String(sh.hash);
usr.Salt = Convert.ToBase64String(sh.salt);
usr.Activo = true;
usr.FechaCreacion = DateTime.Now;
usr.IdUsuarioCreacion = Util.Sesion.Current.IdUsuario;
modelo.Usuario.Add(usr);
modelo.SaveChanges();
}
}
/// <summary>
/// Retorna true si el usuario existe y coincide el password, de lo contrario false.
/// </summary>
/// <param name="usr"></param>
/// <returns></returns>
public bool Validar(Usuario usr)
{
using (var modelo = new GESTOR_DOCUMENTAL())
{
if (modelo.Usuario.Where(o => o.Alias == usr.Alias && o.Activo == true).Count() > 0)
{
var usrAutenticar = modelo.Usuario.Where(o => o.Alias == usr.Alias && o.Activo == true).FirstOrDefault();
var pass = Convert.FromBase64String(usrAutenticar.Password);
var salt = Convert.FromBase64String(usrAutenticar.Salt);
var sh = new SaltHash(salt, pass);
return(Crypto.VerificarPassword(sh, usr.Password));
}
return(false);
}
}
public async Task <IActionResult> Login([FromBody] LoginModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(new { error = "Bad State" }));
}
// TODO: Replace with actual lookup
UserModel user = await new UserManager().FindByUserNameAsync(model.UserName);
if (user == null)
{
return(BadRequest(new { error = "User does not exist" }));
}
if (!SaltHash.VerifyHash(user.PasswordHash, model.Password))
{
return(BadRequest(new { error = "Invalid password" }));
}
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim("UserId", user.UserName),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Tokens:Key"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
_config["Tokens:Issuer"],
_config["Tokens:Issuer"],
claims,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: creds
);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
expires = token.ValidTo
}));
}
public void ShouldReturnEmpty(string word, int saltLen, int hashLen, int iter)
{
string res = SaltHash.GetSaltedHash(word, saltLen, hashLen, iter);
Assert.Equal(0, res.Length);
}
