added salt and stuff
This commit is contained in:
Kim
parent
9d19c0fca9
commit
8c2c6f1641
|
|
@ -2,5 +2,6 @@
|
|||
<project version="4">
|
||||
<component name="VcsDirectoryMappings">
|
||||
<mapping directory="$PROJECT_DIR$/../.." vcs="Git" />
|
||||
<mapping directory="$PROJECT_DIR$/.." vcs="Git" />
|
||||
</component>
|
||||
</project>
|
||||
|
|
@ -15,7 +15,25 @@
|
|||
<projectFile>app/Trumpf/Trumpf.Client.csproj</projectFile>
|
||||
</component>
|
||||
<component name="ChangeListManager">
|
||||
<list default="true" id="6c592741-41e1-4ea7-be7b-2610d55779c1" name="Changes" comment="" />
|
||||
<list default="true" id="6c592741-41e1-4ea7-be7b-2610d55779c1" name="Changes" comment="">
|
||||
<change beforePath="$PROJECT_DIR$/.idea/.idea.InnovEnergy/.idea/vcs.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/.idea.InnovEnergy/.idea/vcs.xml" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/.idea/.idea.InnovEnergy/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/.idea.InnovEnergy/.idea/workspace.xml" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/Controllers/Controller.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Controllers/Controller.cs" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/Database/Folder.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Database/Folder.cs" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/Database/Installation.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Database/Installation.cs" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/Database/User.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Database/User.cs" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/Model/User.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Model/User.cs" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/Utils/Crypto.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Utils/Crypto.cs" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/Backend.dll" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/Backend.dll" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/Backend.pdb" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/Backend.pdb" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/ref/Backend.dll" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/ref/Backend.dll" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/db.sqlite" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/db.sqlite" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.csproj.CoreCompileInputs.cache" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.csproj.CoreCompileInputs.cache" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.dll" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.dll" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.pdb" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.pdb" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/ref/Backend.dll" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/ref/Backend.dll" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/app/Backend/obj/staticwebassets.pack.sentinel" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/obj/staticwebassets.pack.sentinel" afterDir="false" />
|
||||
</list>
|
||||
<option name="SHOW_DIALOG" value="false" />
|
||||
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
||||
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
|
||||
|
|
@ -112,6 +130,7 @@
|
|||
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/c2586f96ec8d4558a1a474ec6e6e8f8034600/a3/5c365c05/RequestDelegate.cs" root0="SKIP_HIGHLIGHTING" />
|
||||
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/c2586f96ec8d4558a1a474ec6e6e8f8034600/cd/200bb0d7/HttpContext.cs" root0="SKIP_HIGHLIGHTING" />
|
||||
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/d1edc9ef2b6545bfaca5143dd43a36de9c200/4a/d807cfea/JObject.cs" root0="SKIP_HIGHLIGHTING" />
|
||||
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/d4c4f0b60b764690aa2a79788c63477bb4600/b9/5997c314/RandomNumberGenerator.cs" root0="SKIP_HIGHLIGHTING" />
|
||||
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/db53ae57c8bf4a54b9178b6941e53ac288c00/3d/798f3797/SocketPal.cs" root0="SKIP_HIGHLIGHTING" />
|
||||
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/db53ae57c8bf4a54b9178b6941e53ac288c00/ac/4b4abb9e/Socket.cs" root0="SKIP_HIGHLIGHTING" />
|
||||
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/e91256da152d4e849ea796b0997ae1868a000/76/42ef60e8/ImmutableDictionary`2.cs" root0="SKIP_HIGHLIGHTING" />
|
||||
|
|
@ -179,6 +198,7 @@
|
|||
<setting file="file://$PROJECT_DIR$/app/VenusLogger/Program.cs" root0="FORCE_HIGHLIGHTING" />
|
||||
<setting file="file://$PROJECT_DIR$/app/VenusLogger/VeService.cs" root0="FORCE_HIGHLIGHTING" />
|
||||
<setting file="file://$PROJECT_DIR$/lib/Wireformat/package-lock.json" root0="SKIP_HIGHLIGHTING" />
|
||||
<setting file="file://$PROJECT_DIR$/../../new_trunk/BmsTunnel/bin/Release/net6.0/linux-arm/BmsTunnel.deps.json" root0="SKIP_HIGHLIGHTING" />
|
||||
<setting file="file://$PROJECT_DIR$/../../server/DBus/Bus.cs" root0="SKIP_HIGHLIGHTING" />
|
||||
<setting file="file://$PROJECT_DIR$/../../server/DBus/DBusMessageStream.cs" root0="SKIP_HIGHLIGHTING" />
|
||||
<setting file="file://$PROJECT_DIR$/../../server/DBus/DBusService.cs" root0="SKIP_HIGHLIGHTING" />
|
||||
|
|
@ -190,6 +210,7 @@
|
|||
<component name="MarkdownSettingsMigration">
|
||||
<option name="stateVersion" value="1" />
|
||||
</component>
|
||||
<component name="MetaFilesCheckinStateConfiguration" checkMetaFiles="true" />
|
||||
<component name="ProblemsViewState">
|
||||
<option name="selectedTabId" value="Toolset" />
|
||||
</component>
|
||||
|
|
@ -694,13 +715,14 @@
|
|||
<workItem from="1675752455072" duration="53000" />
|
||||
<workItem from="1675752613714" duration="146000" />
|
||||
<workItem from="1675752778847" duration="21000" />
|
||||
<workItem from="1675752808118" duration="98753000" />
|
||||
<workItem from="1675752808118" duration="102915000" />
|
||||
</task>
|
||||
<servers />
|
||||
</component>
|
||||
<component name="TypeScriptGeneratedFilesManager">
|
||||
<option name="version" value="3" />
|
||||
</component>
|
||||
<component name="UnityCheckinConfiguration" checkUnsavedScenes="true" />
|
||||
<component name="UnityUnitTestConfiguration" currentTestLauncher="NUnit" />
|
||||
<component name="VcsManagerConfiguration">
|
||||
<option name="CLEAR_INITIAL_COMMIT_MESSAGE" value="true" />
|
||||
|
|
@ -912,32 +934,6 @@
|
|||
</properties>
|
||||
<option name="timeStamp" value="249" />
|
||||
</line-breakpoint>
|
||||
<line-breakpoint enabled="true" type="DotNet Breakpoints">
|
||||
<url>file://$PROJECT_DIR$/app/Backend/Database/User.cs</url>
|
||||
<line>39</line>
|
||||
<properties documentPath="$PROJECT_DIR$/app/Backend/Database/User.cs" initialLine="39" containingFunctionPresentation="method 'CreateUser'">
|
||||
<startOffsets>
|
||||
<option value="949" />
|
||||
</startOffsets>
|
||||
<endOffsets>
|
||||
<option value="992" />
|
||||
</endOffsets>
|
||||
</properties>
|
||||
<option name="timeStamp" value="256" />
|
||||
</line-breakpoint>
|
||||
<line-breakpoint enabled="true" type="DotNet Breakpoints">
|
||||
<url>file://$PROJECT_DIR$/app/Backend/Database/User.cs</url>
|
||||
<line>48</line>
|
||||
<properties documentPath="$PROJECT_DIR$/app/Backend/Database/User.cs" initialLine="48" containingFunctionPresentation="method 'UpdateUser'">
|
||||
<startOffsets>
|
||||
<option value="1212" />
|
||||
</startOffsets>
|
||||
<endOffsets>
|
||||
<option value="1232" />
|
||||
</endOffsets>
|
||||
</properties>
|
||||
<option name="timeStamp" value="258" />
|
||||
</line-breakpoint>
|
||||
<breakpoint type="DotNet Exception Breakpoints">
|
||||
<properties exception="System.Net.Sockets.SocketException" isInternal="false" displayValue="SocketException" namespaceName="System.Net.Sockets">
|
||||
<option name="internal" value="false" />
|
||||
|
|
|
|||
|
|
@ -1,8 +1,10 @@
|
|||
using System.Net;
|
||||
using System.Text;
|
||||
using System.Text.Json;
|
||||
using Backend.Database;
|
||||
using Backend.Model;
|
||||
using Backend.Model.Relations;
|
||||
using Backend.Utils;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Backend.Controllers;
|
||||
|
|
@ -28,9 +30,11 @@ public class Controller
|
|||
using var db = Db.Connect();
|
||||
var user = db.GetUserByEmail(username);
|
||||
|
||||
//Todo needs salt
|
||||
var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(password),
|
||||
Encoding.UTF8.GetBytes(user.Salt + "innovEnergy"));
|
||||
|
||||
//Same error as to not communicate if a user exists or not
|
||||
if (user is null || user.Password != password)
|
||||
if (user is null || user.Password != hashedPassword)
|
||||
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
||||
|
||||
var ses = new Session(user);
|
||||
|
|
@ -38,6 +42,63 @@ public class Controller
|
|||
return ses.Token;
|
||||
}
|
||||
|
||||
|
||||
[ProducesResponseType(200)]
|
||||
[ProducesResponseType(401)]
|
||||
[HttpGet($"{nameof(GetUserById)}")]
|
||||
public Object GetUserById(Int64 id)
|
||||
{
|
||||
var ctxAccessor = new HttpContextAccessor();
|
||||
var ctx = ctxAccessor.HttpContext;
|
||||
using var db = Db.Connect();
|
||||
var currentUser = (User)ctx.Items["User"];
|
||||
var viewedUser = db.GetUserById(id);
|
||||
|
||||
//using the same error to prevent fishing for ids
|
||||
if (currentUser == null || viewedUser == null || !db.IsParentOfChild(currentUser, viewedUser))
|
||||
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
||||
|
||||
return viewedUser;
|
||||
}
|
||||
|
||||
[ProducesResponseType(200)]
|
||||
[ProducesResponseType(401)]
|
||||
[HttpGet($"{nameof(GetInstallationById)}")]
|
||||
public Object GetInstallationById(Int64 id)
|
||||
{
|
||||
var ctxAccessor = new HttpContextAccessor();
|
||||
var ctx = ctxAccessor.HttpContext;
|
||||
using var db = Db.Connect();
|
||||
var currentUser = (User)ctx.Items["User"];
|
||||
var installation = db.GetInstallationById(id);
|
||||
|
||||
if(currentUser==null
|
||||
|| db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(id))
|
||||
return installation == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
|
||||
: installation;
|
||||
|
||||
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
||||
}
|
||||
|
||||
[ProducesResponseType(200)]
|
||||
[ProducesResponseType(401)]
|
||||
[HttpGet($"{nameof(GetFolderById)}")]
|
||||
public Object GetFolderById(Int64 id)
|
||||
{
|
||||
var ctxAccessor = new HttpContextAccessor();
|
||||
var ctx = ctxAccessor.HttpContext;
|
||||
using var db = Db.Connect();
|
||||
var currentUser = (User)ctx.Items["User"];
|
||||
var folder = db.GetFolderById(id);
|
||||
|
||||
if(currentUser==null
|
||||
|| db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(id))
|
||||
return folder == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
|
||||
: folder;
|
||||
|
||||
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
|
||||
}
|
||||
|
||||
[ProducesResponseType(200)]
|
||||
[ProducesResponseType(401)]
|
||||
[HttpGet($"{nameof(GetAllInstallations)}/")]
|
||||
|
|
|
|||
|
|
@ -39,12 +39,11 @@ public partial class Db
|
|||
|
||||
public Result CreateFolder(Folder folder)
|
||||
{
|
||||
return Create(folder); // TODO
|
||||
return Create(folder);
|
||||
}
|
||||
|
||||
public Result UpdateFolder(Folder folder)
|
||||
{
|
||||
// TODO
|
||||
// TODO: no circles in path
|
||||
|
||||
return Update(folder);
|
||||
|
|
@ -69,7 +68,7 @@ public partial class Db
|
|||
.Where(f => f.FolderId == folder.Id)
|
||||
.Delete();
|
||||
|
||||
// TODO: delete descendants?
|
||||
// TODO: delete descendants? Here they are just reassiged one level up
|
||||
foreach (var l in Installations
|
||||
.Where(i => i.ParentId == folder.Id))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ public partial class Db
|
|||
|
||||
public Result UpdateInstallation(Installation installation)
|
||||
{
|
||||
return Update(installation); // TODO
|
||||
return Update(installation);
|
||||
}
|
||||
|
||||
public Result DeleteInstallation(Installation installation)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
using System.Net.Mail;
|
||||
using System.Text;
|
||||
using Backend.Model;
|
||||
using Backend.Utils;
|
||||
using SQLite;
|
||||
|
|
@ -40,7 +41,15 @@ public partial class Db
|
|||
if (GetUserByEmail(user.Email) is not null)
|
||||
return Result.Error("User with that email already exists");
|
||||
|
||||
return Create(user); // TODO
|
||||
//Salting and Hashing password
|
||||
var salt = Crypto.GenerateSalt();
|
||||
var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(user.Password),
|
||||
Encoding.UTF8.GetBytes(salt + "innovEnergy"));
|
||||
|
||||
user.Salt = salt;
|
||||
user.Password = hashedPassword;
|
||||
|
||||
return Create(user);
|
||||
}
|
||||
|
||||
public Result UpdateUser(User user)
|
||||
|
|
@ -66,7 +75,7 @@ public partial class Db
|
|||
.Where(u => u.UserId == user.Id)
|
||||
.Delete();
|
||||
|
||||
//Todo check for orphan Installations/Folders
|
||||
//Todo check for orphaned Installations/Folders
|
||||
|
||||
return Delete(user);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ public class User : TreeNode
|
|||
[Indexed]
|
||||
public String Email { get; set; } = "";
|
||||
public Boolean HasWriteAccess { get; set; }
|
||||
public String Salt { get; set; }
|
||||
|
||||
// TODO: Hash and Salt
|
||||
public String Password { get; set; }
|
||||
|
||||
// TODO: must reset pwd
|
||||
|
|
|
|||
|
|
@ -2,18 +2,18 @@ using System.Security.Cryptography;
|
|||
|
||||
namespace Backend.Utils;
|
||||
|
||||
public class Crypto
|
||||
public static class Crypto
|
||||
{
|
||||
public String ComputeHash(Byte[] bytesToHash, Byte[] salt)
|
||||
public static String ComputeHash(Byte[] bytesToHash, Byte[] salt)
|
||||
{
|
||||
var byteResult = new Rfc2898DeriveBytes(bytesToHash, salt, 10000);
|
||||
return Convert.ToBase64String(byteResult.GetBytes(24));
|
||||
}
|
||||
|
||||
public string GenerateSalt()
|
||||
public static String GenerateSalt()
|
||||
{
|
||||
var bytes = new byte[128 / 8];
|
||||
var rng = new RNGCryptoServiceProvider();
|
||||
var bytes = new Byte[128 / 8];
|
||||
var rng = RandomNumberGenerator.Create();
|
||||
rng.GetBytes(bytes);
|
||||
return Convert.ToBase64String(bytes);
|
||||
}
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -1 +1 @@
|
|||
1032d29b806ca7fb1255cafb0b214185a9eaae29
|
||||
b3504e7812bd1a87b219c2244d41209de3c42075
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -198,3 +198,6 @@
|
|||
2.0
|
||||
2.0
|
||||
2.0
|
||||
2.0
|
||||
2.0
|
||||
2.0
|
||||
|
|
|
|||
Loading…
Reference in New Issue