public async Task <Account> ValidatePasswordAsync(string username, string password) { using (var sqlConnection = new MySqlConnection(_connectionString)) { sqlConnection.Open(); var accounts = await sqlConnection.QueryAsync <Account>("SELECT * FROM hm_accounts WHERE accountaddress = @accountaddress", new { accountaddress = username }); var account = accounts.SingleOrDefault(); if (account == null) { return(null); } // TODO: Support old hashing methods. var salter = new Salter(); if (salter.ValidateHash(password, account.Password)) { return(account); } return(null); } }
public UserAuthenticationService(IUserRepository userRepository, Hasher hasher, Salter salter, IOptions <Secrets> secrets) { _userRepository = userRepository; _hasher = hasher; _salter = salter; // TODO: Added by me, but should still be refactored. secretKey = secrets.Value != null && secrets.Value.SuperStrongPassword != null ? secrets.Value.SuperStrongPassword : Environment.GetEnvironmentVariable("SuperStrongPassword", EnvironmentVariableTarget.Machine); }
static void Main(string[] args) { Console.WriteLine("Hello World!"); Salter salter = new Salter(); var salt = salter.CreateRandomSalt(); Console.WriteLine(salt); Hasher hasher = new Hasher(); var hash = hasher.CreateHashOfPasswordAndSalt("ILoveNiels", salt); Console.WriteLine(hash); }
public void TestStringCypherWithSalt() { IStringCypherService service = new StringCypherService(); ISalter salter = new Salter(); var salt = salter.GenerateSalt(64); var cyphertext = service.Encrypt(_plaintext, _password, salt); var decrypted = service.Decrypt(cyphertext, _password, salt); Assert.AreEqual(_plaintext, decrypted); salt = salter.GenerateSalt(64); _ = service.Decrypt(cyphertext, _password, salt); }
public UserServiceTests() { _userRepository = Substitute.For <IUserRepository>(); _hasher = new Hasher(); _salter = new Salter(); _options = Substitute.For <IOptions <Secrets> >(); _secrets = new Secrets { SuperStrongPassword = "******" }; _options.Value.Returns(_secrets); _userAuthService = new UserAuthenticationService(_userRepository, _hasher, _salter, _options); }
public void hashAllPasswords() { Console.Write("hello"); using (var con = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18728;Integrated Security=True")) using (var com = new SqlCommand()) { com.Connection = con; com.CommandText = "SELECT IndexNumber, Password FROM Student "; con.Open(); var dr = com.ExecuteReader(); while (dr.Read()) { var salt = Salter.CreateSalt(); setSalt(dr["IndexNumber"].ToString(), salt); var pass = Salter.CreateHash(dr["Password"].ToString(), salt); setPassword(dr["IndexNumber"].ToString(), pass); } dr.Close(); } }
public IActionResult ChangePassword(ManageUsersViewModel vm, int id) { if (!_auth.Authorise(RolesEnum.Admin, _context)) // Check logged in as admin { return(Redirect("~/Project/Dashboard")); } var salt = Salter.Shake(); // Get a new salt var hashedPassword = Hasher.Hash(vm.NewPassword + salt); // Hash the salted password var rec = _context.Users.First(u => u.UserId == id); // Get the record and update the values rec.Salt = salt; rec.HashedPassword = hashedPassword; // Save the changes to the database _context.SaveChanges(); // Kick the users back to the user management view return(Redirect($"~/UserManagement/ManageUsers/{id}")); }
public IActionResult Login(LoginRequestDTO loginRequest) { if (loginRequest.Login.Equals("admin") && loginRequest.Password.Equals("admin")) { var claims = new[] { new Claim(ClaimTypes.NameIdentifier, loginRequest.Login), new Claim(ClaimTypes.Name, "admin"), new Claim(ClaimTypes.Role, "student"), new Claim(ClaimTypes.Role, "employee") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"])); var cred = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken ( issuer: "JakubSpZoo", audience: "students", claims: claims, expires: DateTime.Now.AddMinutes(10), signingCredentials: cred ); return(Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token), refreshToken = _dbService.setRefreshToken("admin", Guid.NewGuid().ToString()) })); } else { var ifStudentExists = _dbService.checkIfStudentExists(loginRequest.Login); if (!ifStudentExists) { return(Unauthorized()); } var student = _dbService.getStudent(loginRequest.Login); var salt = _dbService.getSalt(student.IndexNumber); if (!Salter.Validate(loginRequest.Password, salt, student.Password)) { return(Unauthorized()); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, loginRequest.Login), new Claim(ClaimTypes.Name, student.FirstName + " " + student.LastName), new Claim(ClaimTypes.Role, "student") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"])); var cred = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken ( issuer: "JakubSpZoo", audience: "students", claims: claims, expires: DateTime.Now.AddMinutes(10), signingCredentials: cred ); return(Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token), refreshToken = _dbService.setRefreshToken(student.IndexNumber, Guid.NewGuid().ToString()) })); } }
public IActionResult enrollStudent(Student student) { Enrollment enrollment = new Enrollment(); using (var con = new SqlConnection(sqlCon)) using (var com = new SqlCommand()) { SqlTransaction sqlT = null; try { com.Connection = con; con.Open(); sqlT = con.BeginTransaction(); com.Transaction = sqlT; com.Parameters.AddWithValue("studiesName", student.Studies); var wynik = UseProcedure("checkIfExistsStudies", com); if (wynik.Count == 0) { return(new BadRequestResult()); } com.CommandText = "SELECT 1 FROM Student WHERE Student.IndexNumber = @indexNumber"; com.Parameters.AddWithValue("indexNumber", student.IndexNumber); var dr = com.ExecuteReader(); if (dr.Read()) { return(new BadRequestResult()); } dr.Close(); com.CommandText = "DECLARE @datetmp date = PARSE(@bdate as date USING 'en-GB');" + " INSERT INTO Student(IndexNumber, FirstName, LastName, BirthDate, IdEnrollment, Password, Salt)" + " VALUES (@indexNumber, @name, @lname, @datetmp, '1', @pass, @salt)"; com.Parameters.Clear(); com.Parameters.AddWithValue("indexNumber", student.IndexNumber); var salt = Salter.CreateSalt(); var pass = Salter.CreateHash("pas" + student.IndexNumber, salt); com.Parameters.AddWithValue("pass", pass); com.Parameters.AddWithValue("salt", salt); com.Parameters.AddWithValue("name", student.FirstName); com.Parameters.AddWithValue("lname", student.LastName); com.Parameters.AddWithValue("bdate", student.BirthDate); com.ExecuteNonQuery(); com.Parameters.Clear(); com.Parameters.AddWithValue("studiesName", student.Studies); com.Parameters.AddWithValue("indexNumber", student.IndexNumber); wynik = UseProcedure("enrollStudent", com); enrollment.IdEnrollment = wynik[0][0]; enrollment.IdStudy = wynik[0][2]; enrollment.Semester = wynik[0][1]; enrollment.StartDate = wynik[0][3]; sqlT.Commit(); } catch (Exception e) { Console.WriteLine(e); sqlT.Rollback(); return(new BadRequestResult()); } } ObjectResult objectResult = new ObjectResult(enrollment); objectResult.StatusCode = 201; return(objectResult); }
public UserAuthenticationService(UserRepository userRepository, Hasher hasher, Salter salter) { _userRepository = userRepository; _hasher = hasher; _salter = salter; }
public IActionResult AddUser(AddUserViewModel vm) { if (!_auth.Authorise(RolesEnum.Admin, _context)) // Check logged in as admin { return(Redirect("~/Project/Dashboard")); } // Reset error message vm.ErrorMessage = ""; // Get roles from database and fill in field List <Roles> roles = _context.Roles.ToList(); vm.AllRoles = roles; // Create new user var newUser = new Users(); // If username exists var userTemp = _context.Users.Any(r => r.UserName == vm.UserName); if (userTemp) { vm.ErrorMessage += "Username already exists\n"; } //Validate Password if (vm.Password != vm.ConfirmPassword) { vm.ErrorMessage += "Passwords must be equal.\n"; } // If there's an error message if (vm.ErrorMessage != "") { return(View(vm)); } // Encrypt Password // Generate Salt var salt = Salter.Shake(); // Hash Password var hashedPass = Hasher.Hash(vm.Password + salt); // Fill in fields newUser.UserName = vm.UserName; newUser.HashedPassword = hashedPass; newUser.Salt = salt; newUser.RoleId = _context.Roles.First(r => r.RoleName == vm.RoleName).RoleId; // check if email is null if (vm.Email != null) { newUser.Email = vm.Email; // Only add email if one exists } // Add users to database _context.Users.Add(newUser); // Save the database _context.SaveChanges(); // Redirect to the login page return(Redirect("/Login/Index")); }