Browse Source

Added option to convert existing users to the new hashing scheme.

tags/2.0.3
Teknikode 4 years ago
parent
commit
f7c356140b

+ 23
- 8
Teknik/Areas/Profile/Controllers/ProfileController.cs View File

@@ -121,21 +121,36 @@ namespace Teknik.Areas.Profile.Controllers
{
string username = model.Username;
string password = SHA384.Hash(model.Username, model.Password);
bool userValid = db.Users.Any(b => b.Username == username && b.HashedPassword == password);
if (userValid)
User user = db.Users.Where(b => b.Username == username).FirstOrDefault();
if (user != null)
{
FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);
if (string.IsNullOrEmpty(model.ReturnUrl))
if (user.TransferAccount)
{
return Json(new { result = "true" });
password = SHA256.Hash(model.Password, Config.Salt1, Config.Salt2);
}
else
bool userValid = db.Users.Any(b => b.Username == username && b.HashedPassword == password);
if (userValid)
{
return Redirect(model.ReturnUrl);
if (user.TransferAccount)
{
user.HashedPassword = SHA384.Hash(model.Username, model.Password);
user.TransferAccount = false;
db.Entry(user).State = EntityState.Modified;
db.SaveChanges();
}
FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);
if (string.IsNullOrEmpty(model.ReturnUrl))
{
return Json(new { result = "true" });
}
else
{
return Redirect(model.ReturnUrl);
}
}
}
}
return Json(new { error = "Invalid User name or Password." });
return Json(new { error = "Invalid Username or Password." });
}

public ActionResult Logout()

+ 2
- 0
Teknik/Areas/Profile/Models/User.cs View File

@@ -14,6 +14,8 @@ namespace Teknik.Areas.Profile.Models

public string HashedPassword { get; set; }

public bool TransferAccount { get; set; }

public DateTime JoinDate { get; set; }

public DateTime LastSeen { get; set; }

+ 10
- 4
Teknik/Configuration/Config.cs View File

@@ -17,6 +17,10 @@ namespace Teknik.Configuration
private string _Description;
private string _Author;
private string _Host;
private string _SupportEmail;
private string _BitcoinAddress;
private string _Salt1;
private string _Salt2;
private UserConfig _UserConfig;
private ContactConfig _ContactConfig;
private EmailConfig _EmailConfig;
@@ -26,8 +30,6 @@ namespace Teknik.Configuration
private BlogConfig _BlogConfig;
private ApiConfig _ApiConfig;
private PodcastConfig _PodcastConfig;
private string _SupportEmail;
private string _BitcoinAddress;

public bool DevEnvironment { get { return _DevEnvironment; } set { _DevEnvironment = value; } }

@@ -38,6 +40,8 @@ namespace Teknik.Configuration
public string Host { get { return _Host; } set { _Host = value; } }
public string SupportEmail { get { return _SupportEmail; } set { _SupportEmail = value; } }
public string BitcoinAddress { get { return _BitcoinAddress; } set { _BitcoinAddress = value; } }
public string Salt1 { get { return _Salt1; } set { _Salt1 = value; } }
public string Salt2 { get { return _Salt2; } set { _Salt2 = value; } }

// User Configuration
public UserConfig UserConfig { get { return _UserConfig; } set { _UserConfig = value; } }
@@ -83,6 +87,10 @@ namespace Teknik.Configuration
Description = string.Empty;
Author = string.Empty;
Host = string.Empty;
SupportEmail = string.Empty;
BitcoinAddress = string.Empty;
Salt1 = string.Empty;
Salt2 = string.Empty;
UserConfig = new UserConfig();
EmailConfig = new EmailConfig();
ContactConfig = new ContactConfig();
@@ -92,8 +100,6 @@ namespace Teknik.Configuration
PasteConfig = new PasteConfig();
ApiConfig = new ApiConfig();
PodcastConfig = new PodcastConfig();
SupportEmail = string.Empty;
BitcoinAddress = string.Empty;
}

public static Config Deserialize(string text)

+ 14
- 0
Teknik/Helpers/Crypto.cs View File

@@ -28,6 +28,20 @@ namespace Teknik.Helpers
}
}

public class SHA256
{
public static string Hash(string value, string salt1, string salt2)
{
string dataStr = salt1 + value + salt2;
byte[] dataStrBytes = Encoding.ASCII.GetBytes(dataStr);
SHA1 sha = new SHA1CryptoServiceProvider();
byte[] valueBytes = sha.ComputeHash(dataStrBytes);
byte[] result = new HMAC2(HashFactories.SHA256).ComputeHash(valueBytes);

return Encoding.ASCII.GetString(result);
}
}

public class AES
{
public static byte[] Decrypt(byte[] data, string key, string iv)

Loading…
Cancel
Save