troogs/FoodsharingOnboarding
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Password encryption, Claim groups

Browse Source
This commit is contained in:
Andre Beging
2022-04-11 13:05:15 +02:00
parent c553047369
commit 208ea99a42
12 changed files with 273 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
FoodsharingSiegen.Contracts/Entity/User.cs
View File

@@ -1,5 +1,5 @@
using System.ComponentModel.DataAnnotations.Schema;
using FoodsharingSiegen.Shared.Helper;
using FoodsharingSiegen.Contracts.Helper;
namespace FoodsharingSiegen.Contracts.Entity
{
@@ -33,8 +33,8 @@ namespace FoodsharingSiegen.Contracts.Entity
[NotMapped]
public string Password
{
get => AuthHelper.TryDecrypt(EncryptedPassword, out var password) ? password : string.Empty;
set => EncryptedPassword = AuthHelper.Encrypt(value);
get => Cryptor.TryDecrypt(EncryptedPassword, out var password) ? password : string.Empty;
set => EncryptedPassword = Cryptor.Encrypt(value);
}
#endregion

2
FoodsharingSiegen.Contracts/FoodsharingSiegen.Contracts.csproj
View File

@@ -7,7 +7,7 @@
</PropertyGroup>
<ItemGroup>
<ProjectReference Include="..\FoodsharingSiegen.Shared\FoodsharingSiegen.Shared.csproj" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.16.0" />
</ItemGroup>
</Project>

105
FoodsharingSiegen.Contracts/Helper/Cryptor.cs Normal file
View File

@@ -0,0 +1,105 @@
using System.Security.Cryptography;
using System.Text;
using Microsoft.IdentityModel.Tokens;
namespace FoodsharingSiegen.Contracts.Helper
{
public static class Cryptor
{
/// <summary>
/// The signing key
/// </summary>
private const string SigningKey = "2uasw2§$%1nd47n9s43&%Zs3529s23&/%AW";
#region Public Method TryDecrypt
/// <summary>
/// Decrypts the crypted text (a. beging, 04.04.2022)
/// </summary>
/// <param name="cryptedText">The crypted text</param>
/// <param name="plainText"></param>
/// <returns>The string</returns>
public static bool TryDecrypt(string cryptedText, out string plainText)
{
plainText = string.Empty;
try
{
CreateAlgorithm(out var tripleDes);
var toEncryptArray = Convert.FromBase64String(cryptedText);
var cTransform = tripleDes.CreateDecryptor();
var resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
tripleDes.Clear();
plainText = Encoding.UTF8.GetString(resultArray);
return true;
}
catch (Exception e)
{
return false;
}
}
#endregion
#region Public Method Encrypt
/// <summary>
/// Encrypts the plain text (a. beging, 04.04.2022)
/// </summary>
/// <param name="plainText">The plain text</param>
/// <returns>The string</returns>
public static string Encrypt(string plainText)
{
CreateAlgorithm(out var tripleDes);
var toEncryptArray = Encoding.UTF8.GetBytes(plainText );
var cTransform = tripleDes.CreateEncryptor();
var resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
tripleDes.Clear();
return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
#endregion
#region Private Method GetSigningKey
/// <summary>
/// Gets the signing key (a. beging, 04.04.2022)
/// </summary>
/// <returns>The security key</returns>
public static SecurityKey GetSigningKey() => new SymmetricSecurityKey(Encoding.ASCII.GetBytes(SigningKey));
#endregion
#region Private Method CreateAlgorithm
/// <summary>
/// Creates the algorithm using the specified triple des (a. beging, 04.04.2022)
/// </summary>
/// <param name="tripleDes">The triple des</param>
private static void CreateAlgorithm(out TripleDES tripleDes)
{
var md5 = MD5.Create();
var keyArray = md5.ComputeHash(Encoding.UTF8.GetBytes(SigningKey));
md5.Clear();
tripleDes = TripleDES.Create();
tripleDes.Key = keyArray;
tripleDes.Mode = CipherMode.ECB;
tripleDes.Padding = PaddingMode.PKCS7;
}
#endregion
}
}

38
FoodsharingSiegen.Contracts/Helper/EntityExtensions.cs Normal file
View File

@@ -0,0 +1,38 @@
using FoodsharingSiegen.Contracts.Entity;
namespace FoodsharingSiegen.Contracts.Helper
{
/// <summary>
/// The entity extensions class (a. beging, 08.04.2022)
/// </summary>
public static class EntityExtensions
{
#region Public Method IsAdmin
/// <summary>
/// Describes whether is admin
/// </summary>
/// <param name="user">The user</param>
/// <returns>The bool</returns>
public static bool IsAdmin(this User user) => user.Type == UserType.Admin;
#endregion
#region Public Method IsInGroup
/// <summary>
/// Describes whether is in group
/// </summary>
/// <param name="user">The user</param>
/// <param name="groups">The groups</param>
/// <returns>The bool</returns>
public static bool IsInGroup(this User user, params UserGroup[] groups)
{
if (user.Type == UserType.Admin) return true;
if (groups.Any(x => user.GroupsList.Contains(x))) return true;
return false;
}
#endregion
}
}

42
FoodsharingSiegen.Server/Auth/AuthService.cs
View File

@@ -1,14 +1,12 @@
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using FoodsharingSiegen.Contracts;
using FoodsharingSiegen.Contracts.Entity;
using FoodsharingSiegen.Contracts.Helper;
using FoodsharingSiegen.Server.Data;
using FoodsharingSiegen.Server.Data.Service;
using FoodsharingSiegen.Server.Service;
using FoodsharingSiegen.Shared.Helper;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.EntityFrameworkCore;
using Microsoft.IdentityModel.Tokens;
namespace FoodsharingSiegen.Server.Auth
{
@@ -23,7 +21,7 @@ namespace FoodsharingSiegen.Server.Auth
/// <summary>
/// Gets or sets the value of the user (ab)
/// </summary>
public User? User { get; set; }
public User? User => _user;
#endregion
@@ -39,6 +37,11 @@ namespace FoodsharingSiegen.Server.Auth
/// </summary>
private readonly LocalStorageService _localStorageService;
/// <summary>
/// The user
/// </summary>
private User? _user;
#endregion
#region Setup/Teardown
@@ -49,7 +52,10 @@ namespace FoodsharingSiegen.Server.Auth
/// <param name="context">The context</param>
/// <param name="localStorageService">The local storage service</param>
/// <param name="authenticationStateProvider">The authentication state provider</param>
public AuthService(FsContext context, LocalStorageService localStorageService, AuthenticationStateProvider authenticationStateProvider) : base(context)
public AuthService(
FsContext context,
LocalStorageService localStorageService,
AuthenticationStateProvider authenticationStateProvider) : base(context)
{
_localStorageService = localStorageService;
_authenticationStateProvider = authenticationStateProvider;
@@ -57,6 +63,22 @@ namespace FoodsharingSiegen.Server.Auth
#endregion
#region Public Method Initialize
/// <summary>
/// Initializes this instance (a. beging, 11.04.2022)
/// </summary>
public async Task Initialize()
{
if (_user != null) return;
var token = await _localStorageService.GetItem<string>(StorageKeys.TokenKey);
if (AuthHelper.ValidateToken(token, out var user) && user != null)
_user = user;
}
#endregion
#region Public Method Login
/// <summary>
@@ -87,13 +109,13 @@ namespace FoodsharingSiegen.Server.Auth
#endregion Ensure Admin
var encryptedPassword = AuthHelper.Encrypt(password);
var encryptedPassword = Cryptor.Encrypt(password);
User = await Context.Users.FirstOrDefaultAsync(x => x.Mail.ToLower() == mailAddress.ToLower() && x.EncryptedPassword == encryptedPassword);
_user = await Context.Users.FirstOrDefaultAsync(x => x.Mail.ToLower() == mailAddress.ToLower() && x.EncryptedPassword == encryptedPassword);
if (User != null)
if (_user != null)
{
var serializedToken = AuthHelper.CreateToken(User.Id);
var serializedToken = AuthHelper.CreateToken(_user);
await _localStorageService.SetItem(StorageKeys.TokenKey, serializedToken);
return new OperationResult();
@@ -115,7 +137,7 @@ namespace FoodsharingSiegen.Server.Auth
try
{
await _localStorageService.RemoveItem(StorageKeys.TokenKey);
User = null;
_user = null;
((TokenAuthStateProvider) _authenticationStateProvider).MarkUserAsLoggedOut();
return new OperationResult();
}

2
FoodsharingSiegen.Server/Auth/TokenAuthStateProvider.cs
View File

@@ -38,7 +38,7 @@ namespace FoodsharingSiegen.Server.Service
public override async Task<AuthenticationState> GetAuthenticationStateAsync()
{
var token = await _localStorageService.GetItem<string>(StorageKeys.TokenKey);
var tokenValid = await AuthHelper.ValidateToken(token);
var tokenValid = AuthHelper.ValidateToken(token, out _);
var identity = new ClaimsIdentity();
if (tokenValid)

1
FoodsharingSiegen.Server/FoodsharingSiegen.Server.csproj
View File

@@ -8,6 +8,7 @@
<ItemGroup>
<ProjectReference Include="..\FoodsharingSiegen.Contracts\FoodsharingSiegen.Contracts.csproj" />
<ProjectReference Include="..\FoodsharingSiegen.Shared\FoodsharingSiegen.Shared.csproj" />
</ItemGroup>
<ItemGroup>

41
FoodsharingSiegen.Server/Pages/FsBase.cs Normal file
View File

@@ -0,0 +1,41 @@
using FoodsharingSiegen.Contracts.Entity;
using FoodsharingSiegen.Server.Auth;
using Microsoft.AspNetCore.Components;
namespace FoodsharingSiegen.Server.Pages
{
/// <summary>
/// The fs base class (a. beging, 08.04.2022)
/// </summary>
/// <seealso cref="ComponentBase"/>
public class FsBase : ComponentBase
{
#region Dependencies (Injected)
/// <summary>
/// Gets or sets the value of the auth service (ab)
/// </summary>
[Inject] private AuthService? AuthService { get; set; }
#endregion
#region Override OnInitializedAsync
/// <summary>
/// Ons the initialized (a. beging, 11.04.2022)
/// </summary>
protected override async Task OnInitializedAsync()
{
await AuthService!.Initialize();
await base.OnInitializedAsync();
}
#endregion
/// <summary>
/// Gets the value of the current user (ab)
/// </summary>
protected User CurrentUser => AuthService?.User ?? new User();
}
}

9
FoodsharingSiegen.Server/Pages/Prospects.razor
View File

@@ -4,12 +4,19 @@
@using FoodsharingSiegen.Server.Dialogs
@using FoodsharingSiegen.Server.Controls
@using FoodsharingSiegen.Contracts.Entity
@using FoodsharingSiegen.Contracts.Helper
@inherits FsBase
<PageTitle>Einarbeitungen</PageTitle>
<h4>Aktuelle Einarbeitungen</h4>
<Button Color="Color.Primary" Clicked="() => ProspectModal.Show()">Hinzufügen</Button>
<Button
Color="Color.Primary"
Clicked="() => ProspectModal.Show()"
Visibility="@(CurrentUser.IsInGroup(UserGroup.WelcomeTeam, UserGroup.Ambassador) ? Visibility.Default : Visibility.Invisible)"
>Hinzufügen</Button>
@{
var activeProspects = ProspectList?.Where(x => x.Interactions.All(i => i.Type != InteractionType.Complete));

6
FoodsharingSiegen.Server/Pages/Users.razor
View File

@@ -2,6 +2,8 @@
@page "/users"
@using FoodsharingSiegen.Contracts.Entity
@inherits FsBase
@code {
private RenderFragment PopupTitleTemplate(PopupTitleContext<User> value)
@@ -24,7 +26,7 @@
<h2>Benutzerverwaltung <span style="font-size: .5em; line-height: 0;">Admin</span></h2>
<div class="my-2">
<Button Color="Color.Primary" Disabled="@(SelectedUser == null)">Passwort setzen</Button>
<Button Color="Color.Primary" Disabled="@(SelectedUser == null)"><i class="fa-solid fa-key"></i>&nbsp;setzen</Button>
</div>
<DataGrid TItem="User"
@@ -35,7 +37,7 @@
PopupTitleTemplate="PopupTitleTemplate"
RowInserted="RowInserted"
RowUpdated="RowUpdated"
SelectedRow="SelectedUser"
@bind-SelectedRow="SelectedUser"
RowDoubleClicked="arg => UserDataGrid.Edit(arg.Item)"
Editable
Responsive>

4
FoodsharingSiegen.Shared/FoodsharingSiegen.Shared.csproj
View File

@@ -10,4 +10,8 @@
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.16.0" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\FoodsharingSiegen.Contracts\FoodsharingSiegen.Contracts.csproj" />
</ItemGroup>
</Project>

142
FoodsharingSiegen.Shared/Helper/AuthHelper.cs
View File

@@ -1,7 +1,8 @@
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using FoodsharingSiegen.Contracts.Entity;
using FoodsharingSiegen.Contracts.Helper;
using Microsoft.IdentityModel.Tokens;
namespace FoodsharingSiegen.Shared.Helper
@@ -16,22 +17,23 @@ namespace FoodsharingSiegen.Shared.Helper
/// <summary>
/// Creates the token using the specified user id (a. beging, 04.04.2022)
/// </summary>
/// <param name="userId">The user id</param>
/// <returns>The string</returns>
public static string CreateToken(Guid userId)
public static string CreateToken(User user)
{
user.Password = "";
var serializedUser = JsonSerializer.Serialize(user);
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.NameIdentifier, userId.ToString()),
new Claim("CanDoShit","yes")
new Claim(ClaimTypes.UserData, serializedUser)
}),
Expires = DateTime.UtcNow.AddDays(30),
Issuer = Issuer,
Audience = Audience,
SigningCredentials = new SigningCredentials(GetSigningKey(), SecurityAlgorithms.HmacSha256Signature)
SigningCredentials = new SigningCredentials(Cryptor.GetSigningKey(), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
@@ -39,92 +41,52 @@ namespace FoodsharingSiegen.Shared.Helper
}
#endregion
#region Public Method Decrypt
/// <summary>
/// Decrypts the crypted text (a. beging, 04.04.2022)
/// </summary>
/// <param name="cryptedText">The crypted text</param>
/// <param name="plainText"></param>
/// <returns>The string</returns>
public static bool TryDecrypt(string cryptedText, out string plainText)
{
plainText = string.Empty;
try
{
CreateAlgorithm(out var tripleDes);
var toEncryptArray = Convert.FromBase64String(cryptedText);
var cTransform = tripleDes.CreateDecryptor();
var resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
tripleDes.Clear();
plainText = Encoding.UTF8.GetString(resultArray);
return true;
}
catch (Exception e)
{
return false;
}
}
#endregion
#region Public Method Encrypt
/// <summary>
/// Encrypts the plain text (a. beging, 04.04.2022)
/// </summary>
/// <param name="plainText">The plain text</param>
/// <returns>The string</returns>
public static string Encrypt(string plainText)
{
CreateAlgorithm(out var tripleDes);
var toEncryptArray = Encoding.UTF8.GetBytes(plainText );
var cTransform = tripleDes.CreateEncryptor();
var resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
tripleDes.Clear();
return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
#endregion
#region Public Method ValidateToken
/// <summary>
/// Validates the token using the specified token (a. beging, 04.04.2022)
/// </summary>
/// <param name="token">The token</param>
/// <param name="user"></param>
/// <returns>A task containing the bool</returns>
public static async Task<bool> ValidateToken(string? token)
public static bool ValidateToken(string? token, out User? user)
{
user = null;
try
{
var tokenHandler = new JwtSecurityTokenHandler();
var result = await tokenHandler.ValidateTokenAsync(token, new TokenValidationParameters
tokenHandler.ValidateToken(token, new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = GetSigningKey(),
IssuerSigningKey = Cryptor.GetSigningKey(),
ValidateAudience = true,
ValidAudience = Audience,
ValidateIssuer = true,
ValidIssuer = Issuer
});
}, out var stuff);
var result = tokenHandler.ValidateTokenAsync(token, new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = Cryptor.GetSigningKey(),
ValidateAudience = true,
ValidAudience = Audience,
ValidateIssuer = true,
ValidIssuer = Issuer
}).Result;
if (result.Claims.TryGetValue(ClaimTypes.UserData, out var jsonObj))
{
user = JsonSerializer.Deserialize<User>(jsonObj.ToString());
if (user != null) user.Password = string.Empty;
}
return result.IsValid;
}
catch (Exception e)
@@ -135,40 +97,6 @@ namespace FoodsharingSiegen.Shared.Helper
#endregion
#region Private Method CreateAlgorithm
/// <summary>
/// Creates the algorithm using the specified triple des (a. beging, 04.04.2022)
/// </summary>
/// <param name="tripleDes">The triple des</param>
private static void CreateAlgorithm(out TripleDES tripleDes)
{
var md5 = MD5.Create();
var keyArray = md5.ComputeHash(Encoding.UTF8.GetBytes(SigningKey));
md5.Clear();
tripleDes = TripleDES.Create();
tripleDes.Key = keyArray;
tripleDes.Mode = CipherMode.ECB;
tripleDes.Padding = PaddingMode.PKCS7;
}
#endregion
#region Private Method GetSigningKey
/// <summary>
/// Gets the signing key (a. beging, 04.04.2022)
/// </summary>
/// <returns>The security key</returns>
private static SecurityKey GetSigningKey() => new SymmetricSecurityKey(Encoding.ASCII.GetBytes(SigningKey));
#endregion
/// <summary>
/// The signing key
/// </summary>
private const string SigningKey = "2uasw2§$%1nd47n9s43&%Zs3529s23&/%AW";
/// <summary>
/// The audience