diff --git a/Teknik/Areas/User/Utility/UserHelper.cs b/Teknik/Areas/User/Utility/UserHelper.cs index c6a06b0..1659cd4 100644 --- a/Teknik/Areas/User/Utility/UserHelper.cs +++ b/Teknik/Areas/User/Utility/UserHelper.cs @@ -1090,32 +1090,36 @@ If you recieved this email and you did not reset your password, you can ignore t // Create connection to the DB MysqlDatabase mySQL = new MysqlDatabase(config.GitConfig.Database.Server, config.GitConfig.Database.Database, config.GitConfig.Database.Username, config.GitConfig.Database.Password, config.GitConfig.Database.Port); + mySQL.MysqlErrorEvent += (sender, s) => + { + throw new Exception("Unable to edit git account two factor. Mysql Exception: " + s); + }; // Get the user's UID string email = GetUserEmailAddress(config, username); - string userSelect = @"SELECT id FROM gogs.user WHERE gogs.user.login_name = {0}"; + string userSelect = @"SELECT gogs.user.id FROM gogs.user WHERE gogs.user.login_name = {0}"; var uid = mySQL.ScalarQuery(userSelect, new object[] { email }); // See if they have Two Factor already - string sqlSelect = @"SELECT id - FROM gogs.two_factor - LEFT JOIN gogs.user ON gogs.user.id = gogs.gogs.two_factor.uid - WHERE gogs.user.login_name = {0}"; + string sqlSelect = @"SELECT tf.id + FROM gogs.two_factor tf + LEFT JOIN gogs.user u ON u.id = tf.uid + WHERE u.login_name = {0}"; var result = mySQL.ScalarQuery(sqlSelect, new object[] { email }); if (result != null) { // They have an entry! Let's update it - string insert = @"UPDATE gogs.two_factor SET uid = {1}, secret = {2}, scratch_token = {3}, updated_unix = {4} WHERE gogs.two_factor.id = {0}"; + string update = @"UPDATE gogs.two_factor tf SET tf.uid = {1}, tf.secret = {2}, tf.scratch_token = {3}, tf.updated_unix = {4} WHERE tf.id = {0}"; - mySQL.Execute(insert, new object[] { result, uid, finalSecret, token, unixTime }); + mySQL.Execute(update, new object[] { result, uid, finalSecret, token, unixTime }); } else { // They need a new entry - string update = @"INSERT INTO gogs.two_factor SET (uid, secret, scratch_token, created_unix, updated_unix) VALUES ({0}, {1}, {2}, {3}, {4})"; + string insert = @"INSERT INTO gogs.two_factor (uid, secret, scratch_token, created_unix, updated_unix) VALUES ({0}, {1}, {2}, {3}, {4})"; - mySQL.Execute(update, new object[] { uid, finalSecret, token, unixTime, 0 }); + mySQL.Execute(insert, new object[] { uid, finalSecret, token, unixTime, 0 }); } } } diff --git a/Utilities/Utilities/ByteHelper.cs b/Utilities/Utilities/ByteHelper.cs index 523a22a..01b40fb 100644 --- a/Utilities/Utilities/ByteHelper.cs +++ b/Utilities/Utilities/ByteHelper.cs @@ -22,5 +22,11 @@ namespace Teknik.Utilities } return byteArray; } + + public static void PadToMultipleOf(ref byte[] src, int pad) + { + int len = (src.Length + pad - 1) / pad * pad; + Array.Resize(ref src, len); + } } } diff --git a/Utilities/Utilities/Cryptography/Aes128CFB.cs b/Utilities/Utilities/Cryptography/Aes128CFB.cs index 386ea95..a9661e2 100644 --- a/Utilities/Utilities/Cryptography/Aes128CFB.cs +++ b/Utilities/Utilities/Cryptography/Aes128CFB.cs @@ -43,13 +43,20 @@ namespace Teknik.Utilities.Cryptography int keySize = 128; // Grab the IV and encrypted text from the original text - byte[] ivBytes = text.Take(blockSize / 8).ToArray(); - text = text.Skip(blockSize / 8).Take(text.Length - (blockSize / 8)).ToArray(); + byte[] ivBytes = new byte[blockSize / 8]; + byte[] encText = new byte[text.Length - (blockSize / 8)]; + byte[] output = new byte[text.Length - (blockSize / 8)]; + + text.Take(blockSize / 8).ToArray().CopyTo(ivBytes, 0); + text.Skip(blockSize / 8).ToArray().CopyTo(encText, 0); + + // Pad the text for decryption + ByteHelper.PadToMultipleOf(ref encText, 16); // Process the cipher - ProcessCipher(false, text, key, ivBytes, blockSize, keySize, ref text, 0); + ProcessCipher(false, encText, key, ivBytes, blockSize, keySize, ref output, 0); - string encodedText = Encoding.UTF8.GetString(text); + string encodedText = Encoding.UTF8.GetString(output); return Convert.FromBase64String(encodedText); } @@ -61,8 +68,8 @@ namespace Teknik.Utilities.Cryptography cipher.KeySize = keySize; cipher.Mode = CipherMode.CFB; - cipher.FeedbackSize = 8; - cipher.Padding = PaddingMode.None; + cipher.FeedbackSize = 128; + cipher.Padding = PaddingMode.Zeros; cipher.Key = key; cipher.IV = iv; @@ -75,7 +82,12 @@ namespace Teknik.Utilities.Cryptography bw.Write(text); bw.Close(); - ms.ToArray().CopyTo(output, offset); + byte[] textBytes = ms.ToArray(); + + for (int i = 0; i < output.Length - offset; i++) + { + output[i + offset] = textBytes[i]; + } } } } diff --git a/UtilitiesTests/Cryptography/Aes128Tests.cs b/UtilitiesTests/Cryptography/Aes128Tests.cs index 1be8561..ebfe653 100644 --- a/UtilitiesTests/Cryptography/Aes128Tests.cs +++ b/UtilitiesTests/Cryptography/Aes128Tests.cs @@ -14,8 +14,8 @@ namespace Teknik.Tests.UtilitiesTests.Cryptography [Fact] public void Aes128DataTest() { - string secret = "426KOBTS66KYLFLQ"; - string key = "8fj3Ff83nfQoe01"; + string secret = "WXEYUXXH7X6OUVPK"; + string key = "df9Nfjhq89KAwvs"; // Get the Encryption Key from the git secret key byte[] keyBytes = MD5.Hash(Encoding.UTF8.GetBytes(key)); @@ -27,7 +27,6 @@ namespace Teknik.Tests.UtilitiesTests.Cryptography byte[] encValue = Aes128CFB.Encrypt(secBytes, keyBytes); string finalSecret = Convert.ToBase64String(encValue); - // Decode it byte[] decodedSecret = Convert.FromBase64String(finalSecret); byte[] val = Aes128CFB.Decrypt(decodedSecret, keyBytes); string verify = Encoding.UTF8.GetString(val);