Commit 17bdfa7d authored by Vaclav Svaton's avatar Vaclav Svaton

UserAndLimitationManagement fix

parent c10f565c
...@@ -18,8 +18,10 @@ namespace HaaSMiddleware.BusinessLogicTier.Logic.UserAndLimitationManagement { ...@@ -18,8 +18,10 @@ namespace HaaSMiddleware.BusinessLogicTier.Logic.UserAndLimitationManagement {
internal class UserAndLimitationManagementLogic : IUserAndLimitationManagementLogic { internal class UserAndLimitationManagementLogic : IUserAndLimitationManagementLogic {
private static readonly ILog log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); private static readonly ILog log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
private readonly IUnitOfWork unitOfWork; private readonly IUnitOfWork unitOfWork;
private const int cSaltBytes = 12;
private const int cHashBytes = 20;
internal UserAndLimitationManagementLogic(IUnitOfWork unitOfWork) { internal UserAndLimitationManagementLogic(IUnitOfWork unitOfWork) {
this.unitOfWork = unitOfWork; this.unitOfWork = unitOfWork;
} }
...@@ -90,10 +92,24 @@ namespace HaaSMiddleware.BusinessLogicTier.Logic.UserAndLimitationManagement { ...@@ -90,10 +92,24 @@ namespace HaaSMiddleware.BusinessLogicTier.Logic.UserAndLimitationManagement {
} }
private string AuthenticateUserWithPassword(AdaptorUser user, PasswordCredentials credentials) { private string AuthenticateUserWithPassword(AdaptorUser user, PasswordCredentials credentials) {
if ( user.Password == credentials.Password ) //get the bytes
return CreateSessionCode(user).UniqueCode; byte[] hashBytes = Convert.FromBase64String(user.Password);
log.Error("Authentication of user " + user.Username + " was not successful due to wrong credentials."); //extract salt
throw new InvalidAuthenticationCredentialsException("Authentication of user " + user.Username + " was not successful due to wrong credentials."); byte[] salt = new byte[cSaltBytes];
Array.Copy(hashBytes, 0, salt, 0, cSaltBytes);
//create password hash
var pbkdf2 = new Rfc2898DeriveBytes(credentials.Password, salt);
byte[] hash = pbkdf2.GetBytes(cHashBytes);
//verify password
for (int i = 0; i < cHashBytes; i++)
{
if (hashBytes[i + cSaltBytes] != hash[i])
{
log.Error("Authentication of user " + user.Username + " was not successful due to wrong credentials.");
throw new InvalidAuthenticationCredentialsException("Authentication of user " + user.Username + " was not successful due to wrong credentials.");
}
}
return CreateSessionCode(user).UniqueCode;
} }
public IList<ResourceUsage> GetCurrentUsageAndLimitationsForUser(AdaptorUser loggedUser) { public IList<ResourceUsage> GetCurrentUsageAndLimitationsForUser(AdaptorUser loggedUser) {
......
...@@ -12,7 +12,7 @@ namespace HaaSMiddleware.DomainObjects.UserAndLimitationManagement { ...@@ -12,7 +12,7 @@ namespace HaaSMiddleware.DomainObjects.UserAndLimitationManagement {
[StringLength(50)] [StringLength(50)]
public string Username { get; set; } public string Username { get; set; }
[StringLength(30)] [StringLength(50)]
public string Password { get; set; } public string Password { get; set; }
[Column(TypeName = "text")] [Column(TypeName = "text")]
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
<Project ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <Project ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup> <PropertyGroup>
<NameOfLastUsedPublishProfile>Local</NameOfLastUsedPublishProfile> <NameOfLastUsedPublishProfile>Local</NameOfLastUsedPublishProfile>
<LastActiveSolutionConfig>Release|Any CPU</LastActiveSolutionConfig> <LastActiveSolutionConfig>Debug|Any CPU</LastActiveSolutionConfig>
</PropertyGroup> </PropertyGroup>
<ProjectExtensions> <ProjectExtensions>
<VisualStudio> <VisualStudio>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment