Browse Source

Added option to convert existing users to the new hashing scheme.

master
Teknikode 7 years ago
parent
commit
f7c356140b
  1. 31
      Teknik/Areas/Profile/Controllers/ProfileController.cs
  2. 2
      Teknik/Areas/Profile/Models/User.cs
  3. 14
      Teknik/Configuration/Config.cs
  4. 14
      Teknik/Helpers/Crypto.cs

31
Teknik/Areas/Profile/Controllers/ProfileController.cs

@ -121,21 +121,36 @@ namespace Teknik.Areas.Profile.Controllers @@ -121,21 +121,36 @@ namespace Teknik.Areas.Profile.Controllers
{
string username = model.Username;
string password = SHA384.Hash(model.Username, model.Password);
bool userValid = db.Users.Any(b => b.Username == username && b.HashedPassword == password);
if (userValid)
User user = db.Users.Where(b => b.Username == username).FirstOrDefault();
if (user != null)
{
FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);
if (string.IsNullOrEmpty(model.ReturnUrl))
if (user.TransferAccount)
{
return Json(new { result = "true" });
password = SHA256.Hash(model.Password, Config.Salt1, Config.Salt2);
}
else
bool userValid = db.Users.Any(b => b.Username == username && b.HashedPassword == password);
if (userValid)
{
return Redirect(model.ReturnUrl);
if (user.TransferAccount)
{
user.HashedPassword = SHA384.Hash(model.Username, model.Password);
user.TransferAccount = false;
db.Entry(user).State = EntityState.Modified;
db.SaveChanges();
}
FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);
if (string.IsNullOrEmpty(model.ReturnUrl))
{
return Json(new { result = "true" });
}
else
{
return Redirect(model.ReturnUrl);
}
}
}
}
return Json(new { error = "Invalid User name or Password." });
return Json(new { error = "Invalid Username or Password." });
}
public ActionResult Logout()

2
Teknik/Areas/Profile/Models/User.cs

@ -14,6 +14,8 @@ namespace Teknik.Areas.Profile.Models @@ -14,6 +14,8 @@ namespace Teknik.Areas.Profile.Models
public string HashedPassword { get; set; }
public bool TransferAccount { get; set; }
public DateTime JoinDate { get; set; }
public DateTime LastSeen { get; set; }

14
Teknik/Configuration/Config.cs

@ -17,6 +17,10 @@ namespace Teknik.Configuration @@ -17,6 +17,10 @@ namespace Teknik.Configuration
private string _Description;
private string _Author;
private string _Host;
private string _SupportEmail;
private string _BitcoinAddress;
private string _Salt1;
private string _Salt2;
private UserConfig _UserConfig;
private ContactConfig _ContactConfig;
private EmailConfig _EmailConfig;
@ -26,8 +30,6 @@ namespace Teknik.Configuration @@ -26,8 +30,6 @@ namespace Teknik.Configuration
private BlogConfig _BlogConfig;
private ApiConfig _ApiConfig;
private PodcastConfig _PodcastConfig;
private string _SupportEmail;
private string _BitcoinAddress;
public bool DevEnvironment { get { return _DevEnvironment; } set { _DevEnvironment = value; } }
@ -38,6 +40,8 @@ namespace Teknik.Configuration @@ -38,6 +40,8 @@ namespace Teknik.Configuration
public string Host { get { return _Host; } set { _Host = value; } }
public string SupportEmail { get { return _SupportEmail; } set { _SupportEmail = value; } }
public string BitcoinAddress { get { return _BitcoinAddress; } set { _BitcoinAddress = value; } }
public string Salt1 { get { return _Salt1; } set { _Salt1 = value; } }
public string Salt2 { get { return _Salt2; } set { _Salt2 = value; } }
// User Configuration
public UserConfig UserConfig { get { return _UserConfig; } set { _UserConfig = value; } }
@ -83,6 +87,10 @@ namespace Teknik.Configuration @@ -83,6 +87,10 @@ namespace Teknik.Configuration
Description = string.Empty;
Author = string.Empty;
Host = string.Empty;
SupportEmail = string.Empty;
BitcoinAddress = string.Empty;
Salt1 = string.Empty;
Salt2 = string.Empty;
UserConfig = new UserConfig();
EmailConfig = new EmailConfig();
ContactConfig = new ContactConfig();
@ -92,8 +100,6 @@ namespace Teknik.Configuration @@ -92,8 +100,6 @@ namespace Teknik.Configuration
PasteConfig = new PasteConfig();
ApiConfig = new ApiConfig();
PodcastConfig = new PodcastConfig();
SupportEmail = string.Empty;
BitcoinAddress = string.Empty;
}
public static Config Deserialize(string text)

14
Teknik/Helpers/Crypto.cs

@ -28,6 +28,20 @@ namespace Teknik.Helpers @@ -28,6 +28,20 @@ namespace Teknik.Helpers
}
}
public class SHA256
{
public static string Hash(string value, string salt1, string salt2)
{
string dataStr = salt1 + value + salt2;
byte[] dataStrBytes = Encoding.ASCII.GetBytes(dataStr);
SHA1 sha = new SHA1CryptoServiceProvider();
byte[] valueBytes = sha.ComputeHash(dataStrBytes);
byte[] result = new HMAC2(HashFactories.SHA256).ComputeHash(valueBytes);
return Encoding.ASCII.GetString(result);
}
}
public class AES
{
public static byte[] Decrypt(byte[] data, string key, string iv)

Loading…
Cancel
Save