From 17bdfa7dc0db731c12b0f4ec93f1142f82714ff8 Mon Sep 17 00:00:00 2001
From: vsvaton <vaclav.svaton@vsb.cz>
Date: Tue, 5 Feb 2019 09:22:42 +0100
Subject: [PATCH] UserAndLimitationManagement fix
---
.../UserAndLimitationManagementLogic.cs | 26 +++++++++++++++----
.../AdaptorUser.cs | 2 +-
WebServices/WebServices.csproj.user | 2 +-
3 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/BusinessLogicTier/Logic/UserAndLimitationManagement/UserAndLimitationManagementLogic.cs b/BusinessLogicTier/Logic/UserAndLimitationManagement/UserAndLimitationManagementLogic.cs
index f14741d..abea4df 100644
--- a/BusinessLogicTier/Logic/UserAndLimitationManagement/UserAndLimitationManagementLogic.cs
+++ b/BusinessLogicTier/Logic/UserAndLimitationManagement/UserAndLimitationManagementLogic.cs
@@ -18,8 +18,10 @@ namespace HaaSMiddleware.BusinessLogicTier.Logic.UserAndLimitationManagement {
internal class UserAndLimitationManagementLogic : IUserAndLimitationManagementLogic {
private static readonly ILog log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
private readonly IUnitOfWork unitOfWork;
+ private const int cSaltBytes = 12;
+ private const int cHashBytes = 20;
- internal UserAndLimitationManagementLogic(IUnitOfWork unitOfWork) {
+ internal UserAndLimitationManagementLogic(IUnitOfWork unitOfWork) {
this.unitOfWork = unitOfWork;
}
@@ -90,10 +92,24 @@ namespace HaaSMiddleware.BusinessLogicTier.Logic.UserAndLimitationManagement {
}
private string AuthenticateUserWithPassword(AdaptorUser user, PasswordCredentials credentials) {
- if ( user.Password == credentials.Password )
- return CreateSessionCode(user).UniqueCode;
- log.Error("Authentication of user " + user.Username + " was not successful due to wrong credentials.");
- throw new InvalidAuthenticationCredentialsException("Authentication of user " + user.Username + " was not successful due to wrong credentials.");
+ //get the bytes
+ byte[] hashBytes = Convert.FromBase64String(user.Password);
+ //extract salt
+ byte[] salt = new byte[cSaltBytes];
+ Array.Copy(hashBytes, 0, salt, 0, cSaltBytes);
+ //create password hash
+ var pbkdf2 = new Rfc2898DeriveBytes(credentials.Password, salt);
+ byte[] hash = pbkdf2.GetBytes(cHashBytes);
+ //verify password
+ for (int i = 0; i < cHashBytes; i++)
+ {
+ if (hashBytes[i + cSaltBytes] != hash[i])
+ {
+ log.Error("Authentication of user " + user.Username + " was not successful due to wrong credentials.");
+ throw new InvalidAuthenticationCredentialsException("Authentication of user " + user.Username + " was not successful due to wrong credentials.");
+ }
+ }
+ return CreateSessionCode(user).UniqueCode;
}
public IList<ResourceUsage> GetCurrentUsageAndLimitationsForUser(AdaptorUser loggedUser) {
diff --git a/DomainObjects/UserAndLimitationManagement/AdaptorUser.cs b/DomainObjects/UserAndLimitationManagement/AdaptorUser.cs
index fae3a04..1d4c591 100644
--- a/DomainObjects/UserAndLimitationManagement/AdaptorUser.cs
+++ b/DomainObjects/UserAndLimitationManagement/AdaptorUser.cs
@@ -12,7 +12,7 @@ namespace HaaSMiddleware.DomainObjects.UserAndLimitationManagement {
[StringLength(50)]
public string Username { get; set; }
- [StringLength(30)]
+ [StringLength(50)]
public string Password { get; set; }
[Column(TypeName = "text")]
diff --git a/WebServices/WebServices.csproj.user b/WebServices/WebServices.csproj.user
index 0745b71..3aaab1c 100644
--- a/WebServices/WebServices.csproj.user
+++ b/WebServices/WebServices.csproj.user
@@ -2,7 +2,7 @@
<Project ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<NameOfLastUsedPublishProfile>Local</NameOfLastUsedPublishProfile>
- <LastActiveSolutionConfig>Release|Any CPU</LastActiveSolutionConfig>
+ <LastActiveSolutionConfig>Debug|Any CPU</LastActiveSolutionConfig>
</PropertyGroup>
<ProjectExtensions>
<VisualStudio>
--
GitLab