UserAndLimitationManagement fix

17bdfa7d · Vaclav Svaton · c10f565c · 17bdfa7d · 17bdfa7d · 17bdfa7d
Commit 17bdfa7d authored 6 years ago by Vaclav Svaton
--- a/BusinessLogicTier/Logic/UserAndLimitationManagement/UserAndLimitationManagementLogic.cs
+++ b/BusinessLogicTier/Logic/UserAndLimitationManagement/UserAndLimitationManagementLogic.cs
@@ -18,8 +18,10 @@ namespace HaaSMiddleware.BusinessLogicTier.Logic.UserAndLimitationManagement {
 	internal class UserAndLimitationManagementLogic : IUserAndLimitationManagementLogic {
 		private static readonly ILog log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
 		private readonly IUnitOfWork unitOfWork;
+        private const int cSaltBytes = 12;
+        private const int cHashBytes = 20;

-		internal UserAndLimitationManagementLogic(IUnitOfWork unitOfWork) {
+        internal UserAndLimitationManagementLogic(IUnitOfWork unitOfWork) {
 			this.unitOfWork = unitOfWork;
 		}

@@ -90,10 +92,24 @@ namespace HaaSMiddleware.BusinessLogicTier.Logic.UserAndLimitationManagement {
 		}

 		private string AuthenticateUserWithPassword(AdaptorUser user, PasswordCredentials credentials) {
-			if ( user.Password == credentials.Password )
-				return CreateSessionCode(user).UniqueCode;
-			log.Error("Authentication of user " + user.Username + " was not successful due to wrong credentials.");
-			throw new InvalidAuthenticationCredentialsException("Authentication of user " + user.Username + " was not successful due to wrong credentials.");
+            //get the bytes
+            byte[] hashBytes = Convert.FromBase64String(user.Password);
+            //extract salt
+            byte[] salt = new byte[cSaltBytes];
+            Array.Copy(hashBytes, 0, salt, 0, cSaltBytes);
+            //create password hash
+            var pbkdf2 = new Rfc2898DeriveBytes(credentials.Password, salt);
+            byte[] hash = pbkdf2.GetBytes(cHashBytes);
+            //verify password
+            for (int i = 0; i < cHashBytes; i++)
+            {
+                if (hashBytes[i + cSaltBytes] != hash[i])
+                {
+                    log.Error("Authentication of user " + user.Username + " was not successful due to wrong credentials.");
+                    throw new InvalidAuthenticationCredentialsException("Authentication of user " + user.Username + " was not successful due to wrong credentials.");
+                }
+            }
+            return CreateSessionCode(user).UniqueCode;
 		}

 		public IList<ResourceUsage> GetCurrentUsageAndLimitationsForUser(AdaptorUser loggedUser) {

--- a/DomainObjects/UserAndLimitationManagement/AdaptorUser.cs
+++ b/DomainObjects/UserAndLimitationManagement/AdaptorUser.cs
@@ -12,7 +12,7 @@ namespace HaaSMiddleware.DomainObjects.UserAndLimitationManagement {
 		[StringLength(50)]
 		public string Username { get; set; }

-		[StringLength(30)]
+		[StringLength(50)]
 		public string Password { get; set; }

 		[Column(TypeName = "text")]

--- a/WebServices/WebServices.csproj.user
+++ b/WebServices/WebServices.csproj.user
@@ -2,7 +2,7 @@
 <Project ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <PropertyGroup>
    <NameOfLastUsedPublishProfile>Local</NameOfLastUsedPublishProfile>
-    <LastActiveSolutionConfig>Release|Any CPU</LastActiveSolutionConfig>
+    <LastActiveSolutionConfig>Debug|Any CPU</LastActiveSolutionConfig>
  </PropertyGroup>
  <ProjectExtensions>
    <VisualStudio>