added salt and stuff

This commit is contained in:
Kim 2023-02-16 15:08:50 +01:00
parent 9d19c0fca9
commit 8c2c6f1641
17 changed files with 114 additions and 45 deletions

View File

@ -2,5 +2,6 @@
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$/../.." vcs="Git" />
<mapping directory="$PROJECT_DIR$/.." vcs="Git" />
</component>
</project>

View File

@ -15,7 +15,25 @@
<projectFile>app/Trumpf/Trumpf.Client.csproj</projectFile>
</component>
<component name="ChangeListManager">
<list default="true" id="6c592741-41e1-4ea7-be7b-2610d55779c1" name="Changes" comment="" />
<list default="true" id="6c592741-41e1-4ea7-be7b-2610d55779c1" name="Changes" comment="">
<change beforePath="$PROJECT_DIR$/.idea/.idea.InnovEnergy/.idea/vcs.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/.idea.InnovEnergy/.idea/vcs.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/.idea.InnovEnergy/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/.idea.InnovEnergy/.idea/workspace.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/Controllers/Controller.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Controllers/Controller.cs" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/Database/Folder.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Database/Folder.cs" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/Database/Installation.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Database/Installation.cs" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/Database/User.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Database/User.cs" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/Model/User.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Model/User.cs" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/Utils/Crypto.cs" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/Utils/Crypto.cs" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/Backend.dll" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/Backend.dll" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/Backend.pdb" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/Backend.pdb" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/ref/Backend.dll" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/bin/Debug/net6.0/ref/Backend.dll" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/db.sqlite" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/db.sqlite" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.csproj.CoreCompileInputs.cache" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.csproj.CoreCompileInputs.cache" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.dll" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.dll" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.pdb" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/Backend.pdb" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/ref/Backend.dll" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/obj/Debug/net6.0/ref/Backend.dll" afterDir="false" />
<change beforePath="$PROJECT_DIR$/app/Backend/obj/staticwebassets.pack.sentinel" beforeDir="false" afterPath="$PROJECT_DIR$/app/Backend/obj/staticwebassets.pack.sentinel" afterDir="false" />
</list>
<option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" />
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
@ -112,6 +130,7 @@
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/c2586f96ec8d4558a1a474ec6e6e8f8034600/a3/5c365c05/RequestDelegate.cs" root0="SKIP_HIGHLIGHTING" />
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/c2586f96ec8d4558a1a474ec6e6e8f8034600/cd/200bb0d7/HttpContext.cs" root0="SKIP_HIGHLIGHTING" />
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/d1edc9ef2b6545bfaca5143dd43a36de9c200/4a/d807cfea/JObject.cs" root0="SKIP_HIGHLIGHTING" />
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/d4c4f0b60b764690aa2a79788c63477bb4600/b9/5997c314/RandomNumberGenerator.cs" root0="SKIP_HIGHLIGHTING" />
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/db53ae57c8bf4a54b9178b6941e53ac288c00/3d/798f3797/SocketPal.cs" root0="SKIP_HIGHLIGHTING" />
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/db53ae57c8bf4a54b9178b6941e53ac288c00/ac/4b4abb9e/Socket.cs" root0="SKIP_HIGHLIGHTING" />
<setting file="file://$APPLICATION_CONFIG_DIR$/resharper-host/DecompilerCache/decompiler/e91256da152d4e849ea796b0997ae1868a000/76/42ef60e8/ImmutableDictionary`2.cs" root0="SKIP_HIGHLIGHTING" />
@ -179,6 +198,7 @@
<setting file="file://$PROJECT_DIR$/app/VenusLogger/Program.cs" root0="FORCE_HIGHLIGHTING" />
<setting file="file://$PROJECT_DIR$/app/VenusLogger/VeService.cs" root0="FORCE_HIGHLIGHTING" />
<setting file="file://$PROJECT_DIR$/lib/Wireformat/package-lock.json" root0="SKIP_HIGHLIGHTING" />
<setting file="file://$PROJECT_DIR$/../../new_trunk/BmsTunnel/bin/Release/net6.0/linux-arm/BmsTunnel.deps.json" root0="SKIP_HIGHLIGHTING" />
<setting file="file://$PROJECT_DIR$/../../server/DBus/Bus.cs" root0="SKIP_HIGHLIGHTING" />
<setting file="file://$PROJECT_DIR$/../../server/DBus/DBusMessageStream.cs" root0="SKIP_HIGHLIGHTING" />
<setting file="file://$PROJECT_DIR$/../../server/DBus/DBusService.cs" root0="SKIP_HIGHLIGHTING" />
@ -190,6 +210,7 @@
<component name="MarkdownSettingsMigration">
<option name="stateVersion" value="1" />
</component>
<component name="MetaFilesCheckinStateConfiguration" checkMetaFiles="true" />
<component name="ProblemsViewState">
<option name="selectedTabId" value="Toolset" />
</component>
@ -694,13 +715,14 @@
<workItem from="1675752455072" duration="53000" />
<workItem from="1675752613714" duration="146000" />
<workItem from="1675752778847" duration="21000" />
<workItem from="1675752808118" duration="98753000" />
<workItem from="1675752808118" duration="102915000" />
</task>
<servers />
</component>
<component name="TypeScriptGeneratedFilesManager">
<option name="version" value="3" />
</component>
<component name="UnityCheckinConfiguration" checkUnsavedScenes="true" />
<component name="UnityUnitTestConfiguration" currentTestLauncher="NUnit" />
<component name="VcsManagerConfiguration">
<option name="CLEAR_INITIAL_COMMIT_MESSAGE" value="true" />
@ -912,32 +934,6 @@
</properties>
<option name="timeStamp" value="249" />
</line-breakpoint>
<line-breakpoint enabled="true" type="DotNet Breakpoints">
<url>file://$PROJECT_DIR$/app/Backend/Database/User.cs</url>
<line>39</line>
<properties documentPath="$PROJECT_DIR$/app/Backend/Database/User.cs" initialLine="39" containingFunctionPresentation="method 'CreateUser'">
<startOffsets>
<option value="949" />
</startOffsets>
<endOffsets>
<option value="992" />
</endOffsets>
</properties>
<option name="timeStamp" value="256" />
</line-breakpoint>
<line-breakpoint enabled="true" type="DotNet Breakpoints">
<url>file://$PROJECT_DIR$/app/Backend/Database/User.cs</url>
<line>48</line>
<properties documentPath="$PROJECT_DIR$/app/Backend/Database/User.cs" initialLine="48" containingFunctionPresentation="method 'UpdateUser'">
<startOffsets>
<option value="1212" />
</startOffsets>
<endOffsets>
<option value="1232" />
</endOffsets>
</properties>
<option name="timeStamp" value="258" />
</line-breakpoint>
<breakpoint type="DotNet Exception Breakpoints">
<properties exception="System.Net.Sockets.SocketException" isInternal="false" displayValue="SocketException" namespaceName="System.Net.Sockets">
<option name="internal" value="false" />

View File

@ -1,8 +1,10 @@
using System.Net;
using System.Text;
using System.Text.Json;
using Backend.Database;
using Backend.Model;
using Backend.Model.Relations;
using Backend.Utils;
using Microsoft.AspNetCore.Mvc;
namespace Backend.Controllers;
@ -28,9 +30,11 @@ public class Controller
using var db = Db.Connect();
var user = db.GetUserByEmail(username);
//Todo needs salt
var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(password),
Encoding.UTF8.GetBytes(user.Salt + "innovEnergy"));
//Same error as to not communicate if a user exists or not
if (user is null || user.Password != password)
if (user is null || user.Password != hashedPassword)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
var ses = new Session(user);
@ -38,6 +42,63 @@ public class Controller
return ses.Token;
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetUserById)}")]
public Object GetUserById(Int64 id)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var viewedUser = db.GetUserById(id);
//using the same error to prevent fishing for ids
if (currentUser == null || viewedUser == null || !db.IsParentOfChild(currentUser, viewedUser))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
return viewedUser;
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetInstallationById)}")]
public Object GetInstallationById(Int64 id)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var installation = db.GetInstallationById(id);
if(currentUser==null
|| db.GetAllAccessibleInstallationIds(currentUser).ToList().Contains(id))
return installation == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
: installation;
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetFolderById)}")]
public Object GetFolderById(Int64 id)
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var currentUser = (User)ctx.Items["User"];
var folder = db.GetFolderById(id);
if(currentUser==null
|| db.GetAllAccessibleFolderIds(currentUser).ToList().Contains(id))
return folder == null ? new HttpResponseMessage(HttpStatusCode.NotFound)
: folder;
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
[ProducesResponseType(200)]
[ProducesResponseType(401)]
[HttpGet($"{nameof(GetAllInstallations)}/")]
@ -59,7 +120,7 @@ public class Controller
public Object GetAllFolders()
{
var ctxAccessor = new HttpContextAccessor();
var ctx = ctxAccessor.HttpContext;
var ctx = ctxAccessor.HttpContext;
using var db = Db.Connect();
var user = (User)ctx.Items["User"];

View File

@ -39,12 +39,11 @@ public partial class Db
public Result CreateFolder(Folder folder)
{
return Create(folder); // TODO
return Create(folder);
}
public Result UpdateFolder(Folder folder)
{
// TODO
// TODO: no circles in path
return Update(folder);
@ -69,7 +68,7 @@ public partial class Db
.Where(f => f.FolderId == folder.Id)
.Delete();
// TODO: delete descendants?
// TODO: delete descendants? Here they are just reassiged one level up
foreach (var l in Installations
.Where(i => i.ParentId == folder.Id))
{

View File

@ -21,7 +21,7 @@ public partial class Db
public Result UpdateInstallation(Installation installation)
{
return Update(installation); // TODO
return Update(installation);
}
public Result DeleteInstallation(Installation installation)

View File

@ -1,4 +1,5 @@
using System.Net.Mail;
using System.Text;
using Backend.Model;
using Backend.Utils;
using SQLite;
@ -40,7 +41,15 @@ public partial class Db
if (GetUserByEmail(user.Email) is not null)
return Result.Error("User with that email already exists");
return Create(user); // TODO
//Salting and Hashing password
var salt = Crypto.GenerateSalt();
var hashedPassword = Crypto.ComputeHash(Encoding.UTF8.GetBytes(user.Password),
Encoding.UTF8.GetBytes(salt + "innovEnergy"));
user.Salt = salt;
user.Password = hashedPassword;
return Create(user);
}
public Result UpdateUser(User user)
@ -66,7 +75,7 @@ public partial class Db
.Where(u => u.UserId == user.Id)
.Delete();
//Todo check for orphan Installations/Folders
//Todo check for orphaned Installations/Folders
return Delete(user);
}

View File

@ -7,8 +7,8 @@ public class User : TreeNode
[Indexed]
public String Email { get; set; } = "";
public Boolean HasWriteAccess { get; set; }
public String Salt { get; set; }
// TODO: Hash and Salt
public String Password { get; set; }
// TODO: must reset pwd

View File

@ -2,18 +2,18 @@ using System.Security.Cryptography;
namespace Backend.Utils;
public class Crypto
public static class Crypto
{
public String ComputeHash(Byte[] bytesToHash, Byte[] salt)
public static String ComputeHash(Byte[] bytesToHash, Byte[] salt)
{
var byteResult = new Rfc2898DeriveBytes(bytesToHash, salt, 10000);
return Convert.ToBase64String(byteResult.GetBytes(24));
}
public string GenerateSalt()
public static String GenerateSalt()
{
var bytes = new byte[128 / 8];
var rng = new RNGCryptoServiceProvider();
var bytes = new Byte[128 / 8];
var rng = RandomNumberGenerator.Create();
rng.GetBytes(bytes);
return Convert.ToBase64String(bytes);
}

Binary file not shown.

View File

@ -1 +1 @@
1032d29b806ca7fb1255cafb0b214185a9eaae29
b3504e7812bd1a87b219c2244d41209de3c42075

View File

@ -198,3 +198,6 @@
2.0
2.0
2.0
2.0
2.0
2.0