diff --git a/csharp/.idea/.idea.InnovEnergy/.idea/vcs.xml b/csharp/.idea/.idea.InnovEnergy/.idea/vcs.xml
index b2bdec2d7..64713b81f 100644
--- a/csharp/.idea/.idea.InnovEnergy/.idea/vcs.xml
+++ b/csharp/.idea/.idea.InnovEnergy/.idea/vcs.xml
@@ -2,5 +2,6 @@
+
\ No newline at end of file
diff --git a/csharp/.idea/.idea.InnovEnergy/.idea/workspace.xml b/csharp/.idea/.idea.InnovEnergy/.idea/workspace.xml
index 728326a12..b206c2a1e 100644
--- a/csharp/.idea/.idea.InnovEnergy/.idea/workspace.xml
+++ b/csharp/.idea/.idea.InnovEnergy/.idea/workspace.xml
@@ -15,7 +15,25 @@
app/Trumpf/Trumpf.Client.csproj
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -112,6 +130,7 @@
+
@@ -179,6 +198,7 @@
+
@@ -190,6 +210,7 @@
+
@@ -694,13 +715,14 @@
-
+
+
@@ -912,32 +934,6 @@
-
- file://$PROJECT_DIR$/app/Backend/Database/User.cs
- 39
-
-
-
-
-
-
-
-
-
-
-
- file://$PROJECT_DIR$/app/Backend/Database/User.cs
- 48
-
-
-
-
-
-
-
-
-
-
diff --git a/csharp/app/Backend/Controllers/Controller.cs b/csharp/app/Backend/Controllers/Controller.cs
index eb710d201..4d6998b7a 100644
--- a/csharp/app/Backend/Controllers/Controller.cs
+++ b/csharp/app/Backend/Controllers/Controller.cs
@@ -1,8 +1,10 @@
using System.Net;
+using System.Text;
using System.Text.Json;
using Backend.Database;
using Backend.Model;
using Backend.Model.Relations;
+using Backend.Utils;
using Microsoft.AspNetCore.Mvc;
namespace Backend.Controllers;
@@ -24,13 +26,15 @@ public class Controller
if (username is null || password is null)
return new HttpResponseMessage(HttpStatusCode.BadRequest);
-
+
using var db = Db.Connect();
var user = db.GetUserByEmail(username);
- //Todo needs salt
+ var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(password),
+ Encoding.UTF8.GetBytes(user.Salt + "innovEnergy"));
+
//Same error as to not communicate if a user exists or not
- if (user is null || user.Password != password)
+ if (user is null || user.Password != hashedPassword)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
var ses = new Session(user);
@@ -38,6 +42,63 @@ public class Controller
return ses.Token;
}
+
+ [ProducesResponseType(200)]
+ [ProducesResponseType(401)]
+ [HttpGet($"{nameof(GetUserById)}")]
+ public Object GetUserById(Int64 id)
+ {
+ var ctxAccessor = new HttpContextAccessor();
+ var ctx = ctxAccessor.HttpContext;
+ using var db = Db.Connect();
+ var currentUser = (User)ctx.Items["User"];
+ var viewedUser = db.GetUserById(id);
+
+ //using the same error to prevent fishing for ids
+ if (currentUser == null || viewedUser == null || !db.IsParentOfChild(currentUser, viewedUser))
+ return new HttpResponseMessage(HttpStatusCode.Unauthorized);
+
+ return viewedUser;
+ }
+
+ [ProducesResponseType(200)]
+ [ProducesResponseType(401)]
+ [HttpGet($"{nameof(GetInstallationById)}")]
+ public Object GetInstallationById(Int64 id)
+ {
+ var ctxAccessor = new HttpContextAccessor();
+ var ctx = ctxAccessor.HttpContext;
+ using var db = Db.Connect();
+ var currentUser = (User)ctx.Items["User"];
+ var installation = db.GetInstallationById(id);
+
+ if(currentUser==null
+ || db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(id))
+ return installation == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
+ : installation;
+
+ return new HttpResponseMessage(HttpStatusCode.Unauthorized);
+ }
+
+ [ProducesResponseType(200)]
+ [ProducesResponseType(401)]
+ [HttpGet($"{nameof(GetFolderById)}")]
+ public Object GetFolderById(Int64 id)
+ {
+ var ctxAccessor = new HttpContextAccessor();
+ var ctx = ctxAccessor.HttpContext;
+ using var db = Db.Connect();
+ var currentUser = (User)ctx.Items["User"];
+ var folder = db.GetFolderById(id);
+
+ if(currentUser==null
+ || db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(id))
+ return folder == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
+ : folder;
+
+ return new HttpResponseMessage(HttpStatusCode.Unauthorized);
+ }
+
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetAllInstallations)}/")]
@@ -59,7 +120,7 @@ public class Controller
public Object GetAllFolders()
{
var ctxAccessor = new HttpContextAccessor();
- var ctx = ctxAccessor.HttpContext;
+ var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var user = (User)ctx.Items["User"];
diff --git a/csharp/app/Backend/Database/Folder.cs b/csharp/app/Backend/Database/Folder.cs
index 1eaf04866..e14404fe2 100644
--- a/csharp/app/Backend/Database/Folder.cs
+++ b/csharp/app/Backend/Database/Folder.cs
@@ -39,12 +39,11 @@ public partial class Db
public Result CreateFolder(Folder folder)
{
- return Create(folder); // TODO
+ return Create(folder);
}
public Result UpdateFolder(Folder folder)
{
- // TODO
// TODO: no circles in path
return Update(folder);
@@ -69,7 +68,7 @@ public partial class Db
.Where(f => f.FolderId == folder.Id)
.Delete();
- // TODO: delete descendants?
+ // TODO: delete descendants? Here they are just reassiged one level up
foreach (var l in Installations
.Where(i => i.ParentId == folder.Id))
{
diff --git a/csharp/app/Backend/Database/Installation.cs b/csharp/app/Backend/Database/Installation.cs
index 8bf2b6b47..0e6fdf2db 100644
--- a/csharp/app/Backend/Database/Installation.cs
+++ b/csharp/app/Backend/Database/Installation.cs
@@ -21,7 +21,7 @@ public partial class Db
public Result UpdateInstallation(Installation installation)
{
- return Update(installation); // TODO
+ return Update(installation);
}
public Result DeleteInstallation(Installation installation)
diff --git a/csharp/app/Backend/Database/User.cs b/csharp/app/Backend/Database/User.cs
index 2eab6a66a..67062f390 100644
--- a/csharp/app/Backend/Database/User.cs
+++ b/csharp/app/Backend/Database/User.cs
@@ -1,4 +1,5 @@
using System.Net.Mail;
+using System.Text;
using Backend.Model;
using Backend.Utils;
using SQLite;
@@ -39,8 +40,16 @@ public partial class Db
{
if (GetUserByEmail(user.Email) is not null)
return Result.Error("User with that email already exists");
+
+ //Salting and Hashing password
+ var salt = Crypto.GenerateSalt();
+ var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(user.Password),
+ Encoding.UTF8.GetBytes(salt + "innovEnergy"));
- return Create(user); // TODO
+ user.Salt = salt;
+ user.Password = hashedPassword;
+
+ return Create(user);
}
public Result UpdateUser(User user)
@@ -66,7 +75,7 @@ public partial class Db
.Where(u => u.UserId == user.Id)
.Delete();
- //Todo check for orphan Installations/Folders
+ //Todo check for orphaned Installations/Folders
return Delete(user);
}
diff --git a/csharp/app/Backend/Model/User.cs b/csharp/app/Backend/Model/User.cs
index 124374083..cc4a85019 100644
--- a/csharp/app/Backend/Model/User.cs
+++ b/csharp/app/Backend/Model/User.cs
@@ -7,8 +7,8 @@ public class User : TreeNode
[Indexed]
public String Email { get; set; } = "";
public Boolean HasWriteAccess { get; set; }
+ public String Salt { get; set; }
- // TODO: Hash and Salt
public String Password { get; set; }
// TODO: must reset pwd
diff --git a/csharp/app/Backend/Utils/Crypto.cs b/csharp/app/Backend/Utils/Crypto.cs
index f2a236367..2f30cfc3a 100644
--- a/csharp/app/Backend/Utils/Crypto.cs
+++ b/csharp/app/Backend/Utils/Crypto.cs
@@ -2,18 +2,18 @@ using System.Security.Cryptography;
namespace Backend.Utils;
-public class Crypto
+public static class Crypto
{
- public String ComputeHash(Byte[] bytesToHash, Byte[] salt)
+ public static String ComputeHash(Byte[] bytesToHash, Byte[] salt)
{
var byteResult = new Rfc2898DeriveBytes(bytesToHash, salt, 10000);
return Convert.ToBase64String(byteResult.GetBytes(24));
}
- public string GenerateSalt()
+ public static String GenerateSalt()
{
- var bytes = new byte[128 / 8];
- var rng = new RNGCryptoServiceProvider();
+ var bytes = new Byte[128 / 8];
+ var rng = RandomNumberGenerator.Create();
rng.GetBytes(bytes);
return Convert.ToBase64String(bytes);
}
diff --git a/csharp/app/Backend/bin/Debug/net6.0/Backend.dll b/csharp/app/Backend/bin/Debug/net6.0/Backend.dll
index 5d79045be..7e0344d2c 100644
Binary files a/csharp/app/Backend/bin/Debug/net6.0/Backend.dll and b/csharp/app/Backend/bin/Debug/net6.0/Backend.dll differ
diff --git a/csharp/app/Backend/bin/Debug/net6.0/Backend.pdb b/csharp/app/Backend/bin/Debug/net6.0/Backend.pdb
index 94bb5f98f..026ddbc0c 100644
Binary files a/csharp/app/Backend/bin/Debug/net6.0/Backend.pdb and b/csharp/app/Backend/bin/Debug/net6.0/Backend.pdb differ
diff --git a/csharp/app/Backend/bin/Debug/net6.0/ref/Backend.dll b/csharp/app/Backend/bin/Debug/net6.0/ref/Backend.dll
index 29ea04e05..a274a9e44 100644
Binary files a/csharp/app/Backend/bin/Debug/net6.0/ref/Backend.dll and b/csharp/app/Backend/bin/Debug/net6.0/ref/Backend.dll differ
diff --git a/csharp/app/Backend/db.sqlite b/csharp/app/Backend/db.sqlite
index fc64254e7..f0a823cc2 100644
Binary files a/csharp/app/Backend/db.sqlite and b/csharp/app/Backend/db.sqlite differ
diff --git a/csharp/app/Backend/obj/Debug/net6.0/Backend.csproj.CoreCompileInputs.cache b/csharp/app/Backend/obj/Debug/net6.0/Backend.csproj.CoreCompileInputs.cache
index 5774bffc1..be95df72d 100644
--- a/csharp/app/Backend/obj/Debug/net6.0/Backend.csproj.CoreCompileInputs.cache
+++ b/csharp/app/Backend/obj/Debug/net6.0/Backend.csproj.CoreCompileInputs.cache
@@ -1 +1 @@
-1032d29b806ca7fb1255cafb0b214185a9eaae29
+b3504e7812bd1a87b219c2244d41209de3c42075
diff --git a/csharp/app/Backend/obj/Debug/net6.0/Backend.dll b/csharp/app/Backend/obj/Debug/net6.0/Backend.dll
index 5d79045be..7e0344d2c 100644
Binary files a/csharp/app/Backend/obj/Debug/net6.0/Backend.dll and b/csharp/app/Backend/obj/Debug/net6.0/Backend.dll differ
diff --git a/csharp/app/Backend/obj/Debug/net6.0/Backend.pdb b/csharp/app/Backend/obj/Debug/net6.0/Backend.pdb
index 94bb5f98f..026ddbc0c 100644
Binary files a/csharp/app/Backend/obj/Debug/net6.0/Backend.pdb and b/csharp/app/Backend/obj/Debug/net6.0/Backend.pdb differ
diff --git a/csharp/app/Backend/obj/Debug/net6.0/ref/Backend.dll b/csharp/app/Backend/obj/Debug/net6.0/ref/Backend.dll
index 29ea04e05..a274a9e44 100644
Binary files a/csharp/app/Backend/obj/Debug/net6.0/ref/Backend.dll and b/csharp/app/Backend/obj/Debug/net6.0/ref/Backend.dll differ
diff --git a/csharp/app/Backend/obj/staticwebassets.pack.sentinel b/csharp/app/Backend/obj/staticwebassets.pack.sentinel
index e9830c77b..ed902547d 100644
--- a/csharp/app/Backend/obj/staticwebassets.pack.sentinel
+++ b/csharp/app/Backend/obj/staticwebassets.pack.sentinel
@@ -198,3 +198,6 @@
2.0
2.0
2.0
+2.0
+2.0
+2.0