Merge pull request #1688 from qdraw/feature/202409_iterationcount

Feature/202409 iterationcount
qdraw · Sep 2, 2024 · a7e8832 · a7e8832
2 parents c546e7d + 9884c31
commit a7e8832
Show file tree

Hide file tree

Showing 22 changed files with 4,685 additions and 12,991 deletions.
diff --git a/starsky/starsky.feature.geolookup/Services/GeoFileDownload.cs b/starsky/starsky.feature.geolookup/Services/GeoFileDownload.cs
@@ -39,7 +39,7 @@ public async Task DownloadAsync()
 			RemoveFailedDownload();
 			CreateDependenciesFolder();
 			const string https = "https://";
-			const string admin1codesasciiTxt = "admin1CodesASCII.txt";
+			const string admin1CodesasciiTxt = "admin1CodesASCII.txt";
 
 			if ( !_hostStorage.ExistFile(
 				    Path.Combine(_appSettings.DependenciesFolder, CountryName + ".txt")) )
@@ -59,18 +59,18 @@ await _httpClientHelper.Download(https + MirrorUrl + CountryName + ".zip",
 			}
 
 			if ( !_hostStorage.ExistFile(
-				    Path.Combine(_appSettings.DependenciesFolder, admin1codesasciiTxt)) )
+				    Path.Combine(_appSettings.DependenciesFolder, admin1CodesasciiTxt)) )
 			{
 				// code for the second administrative division,
 				// a county in the US, see file admin2Codes.txt; varchar(80)
 				var outputFile = Path.Combine(_appSettings.DependenciesFolder,
-					admin1codesasciiTxt);
+					admin1CodesasciiTxt);
 				var baseResult = await _httpClientHelper.Download(https +
-					BaseUrl + admin1codesasciiTxt, outputFile);
+					BaseUrl + admin1CodesasciiTxt, outputFile);
 				if ( !baseResult )
 				{
 					await _httpClientHelper.Download(https +
-					                                 MirrorUrl + admin1codesasciiTxt, outputFile);
+					                                 MirrorUrl + admin1CodesasciiTxt, outputFile);
 				}
 			}
 		}

diff --git a/starsky/starsky.foundation.accountmanagement/Helpers/Pbkdf2Hasher.cs b/starsky/starsky.foundation.accountmanagement/Helpers/Pbkdf2Hasher.cs
@@ -5,41 +5,46 @@
 using System.Security.Cryptography;
 using Microsoft.AspNetCore.Cryptography.KeyDerivation;
 
-namespace starsky.foundation.accountmanagement.Helpers
+namespace starsky.foundation.accountmanagement.Helpers;
+
+public static class Pbkdf2Hasher
 {
-	public static class Pbkdf2Hasher
+	/// <summary>
+	/// Get secured hash passwords based on a salt
+	/// </summary>
+	/// <param name="password">password</param>
+	/// <param name="salt">to decrypt</param>
+	/// <param name="iteration100K">more secure password</param>
+	/// <param name="useSha256">more secure password</param>
+	/// <returns>hashed password</returns>
+	public static string ComputeHash(string password, byte[] salt, bool iteration100K = true, bool useSha256 = true)
 	{
-		/// <summary>
-		/// Get secured hash passwords based on a salt
-		/// </summary>
-		/// <param name="password">password</param>
-		/// <param name="salt">to decrypt</param>
-		/// <returns>hased password</returns>
-		public static string ComputeHash(string password, byte[] salt)
-		{
-			return Convert.ToBase64String(
-				KeyDerivation.Pbkdf2(
-					password: password,
-					salt: salt,
-					prf: KeyDerivationPrf.HMACSHA1,
-					iterationCount: 100_000,
-					numBytesRequested: 256 / 8
-				)
-			);
-		}
+		// Use 100K iterations for new passwords, and 10K iterations for older stored hashes
+		var iterationCount = iteration100K ? 100_000 : 10000;
+		var hashType = useSha256 ? KeyDerivationPrf.HMACSHA256 : KeyDerivationPrf.HMACSHA1;
+
+		return Convert.ToBase64String(
+			KeyDerivation.Pbkdf2(
+				password: password,
+				salt: salt,
+				prf: hashType,
+				iterationCount: iterationCount,
+				numBytesRequested: 256 / 8
+			)
+		);
+	}
 
-		/// <summary>
-		/// Generate a random salt
-		/// </summary>
-		/// <returns>random salt</returns>
-		public static byte[] GenerateRandomSalt()
-		{
-			byte[] salt = new byte[128 / 8];
+	/// <summary>
+	/// Generate a random salt
+	/// </summary>
+	/// <returns>random salt</returns>
+	public static byte[] GenerateRandomSalt()
+	{
+		var salt = new byte[128 / 8];
 
-			using ( var rng = RandomNumberGenerator.Create() )
-				rng.GetBytes(salt);
+		using var rng = RandomNumberGenerator.Create();
+		rng.GetBytes(salt);
 
-			return salt;
-		}
+		return salt;
 	}
 }
diff --git a/starsky/starsky.foundation.accountmanagement/Interfaces/IUserManager.cs b/starsky/starsky.foundation.accountmanagement/Interfaces/IUserManager.cs
@@ -3,101 +3,101 @@
 using starsky.foundation.accountmanagement.Models;
 using starsky.foundation.database.Models.Account;
 
-namespace starsky.foundation.accountmanagement.Interfaces
-{
-	public enum SignUpResultError
-	{
-		CredentialTypeNotFound,
-		NullString
-	}
-
-	public class SignUpResult
-	{
-		public User? User { get; }
-		public bool Success { get; private set; }
-		public SignUpResultError? Error { get; }
-
-		public SignUpResult(User? user = null, bool success = false,
-			SignUpResultError? error = null)
-		{
-			User = user;
-			Success = success;
-			Error = error;
-		}
-	}
+namespace starsky.foundation.accountmanagement.Interfaces;
 
-	public enum ValidateResultError
-	{
-		CredentialTypeNotFound,
-		CredentialNotFound,
-		SecretNotValid,
-		Lockout,
-		UserNotFound
-	}
+public enum SignUpResultError
+{
+	CredentialTypeNotFound,
+	NullString
+}
 
-	public enum ChangeSecretResultError
+public class SignUpResult
+{
+	public SignUpResult(User? user = null, bool success = false,
+		SignUpResultError? error = null)
 	{
-		CredentialTypeNotFound,
-		CredentialNotFound
+		User = user;
+		Success = success;
+		Error = error;
 	}
 
-	public class ChangeSecretResult
-	{
-		public bool Success { get; set; }
+	public User? User { get; }
+	public bool Success { get; private set; }
+	public SignUpResultError? Error { get; }
+}
 
-		public ChangeSecretResultError? Error { get; set; }
+public enum ValidateResultError
+{
+	CredentialTypeNotFound,
+	CredentialNotFound,
+	SecretNotValid,
+	Lockout,
+	UserNotFound
+}
 
-		public ChangeSecretResult(bool success = false, ChangeSecretResultError? error = null)
-		{
-			Success = success;
-			Error = error;
-		}
-	}
+public enum ChangeSecretResultError
+{
+	CredentialTypeNotFound,
+	CredentialNotFound
+}
 
-	public interface IUserManager
+public class ChangeSecretResult
+{
+	public ChangeSecretResult(bool success = false, ChangeSecretResultError? error = null)
 	{
-		Task<UserOverviewModel> AllUsersAsync();
-
-		/// <summary>
-		/// Add a new user, including Roles and UserRoles
-		/// </summary>
-		/// <param name="name">Nice Name, default string.Empty</param>
-		/// <param name="credentialTypeCode">default is: Email</param>
-		/// <param name="identifier">an email address, e.g. [email protected]</param>
-		/// <param name="secret">Password</param>
-		/// <returns>result object</returns>
-		Task<SignUpResult> SignUpAsync(string name, string credentialTypeCode,
-			string? identifier, string? secret);
-
-		void AddToRole(User user, string roleCode);
-		void AddToRole(User user, Role role);
-		void RemoveFromRole(User user, string roleCode);
-		void RemoveFromRole(User user, Role role);
-
-		ChangeSecretResult ChangeSecret(string credentialTypeCode, string? identifier,
-			string secret);
-
-		Task<ValidateResult> ValidateAsync(string credentialTypeCode,
-			string? identifier, string secret);
-
-		Task<bool> SignIn(HttpContext httpContext, User? user,
-			bool isPersistent = false);
-
-		void SignOut(HttpContext httpContext);
-		int GetCurrentUserId(HttpContext httpContext);
-		User? GetCurrentUser(HttpContext httpContext);
-		User? GetUser(string credentialTypeCode, string identifier);
-		Credential? GetCredentialsByUserId(int userId);
-
-		Task<ValidateResult> RemoveUser(string credentialTypeCode,
-			string identifier);
+		Success = success;
+		Error = error;
+	}
 
-		User? Exist(string identifier);
+	public bool Success { get; set; }
 
-		Task<User?> ExistAsync(int userTableId);
-		Role? GetRole(string credentialTypeCode, string identifier);
+	public ChangeSecretResultError? Error { get; set; }
+}
 
-		Task<Role?> GetRoleAsync(int userId);
-		bool PreflightValidate(string userName, string password, string confirmPassword);
-	}
+public interface IUserManager
+{
+	Task<UserOverviewModel> AllUsersAsync();
+
+	/// <summary>
+	///     Add a new user, including Roles and UserRoles
+	/// </summary>
+	/// <param name="name">Nice Name, default string.Empty</param>
+	/// <param name="credentialTypeCode">default is: Email</param>
+	/// <param name="identifier">an email address, e.g. [email protected]</param>
+	/// <param name="secret">Password</param>
+	/// <returns>result object</returns>
+	Task<SignUpResult> SignUpAsync(string name, string credentialTypeCode,
+		string? identifier, string? secret);
+
+	void AddToRole(User user, string roleCode);
+	void AddToRole(User user, Role role);
+	void RemoveFromRole(User user, string roleCode);
+	void RemoveFromRole(User user, Role role);
+
+	ChangeSecretResult ChangeSecret(string credentialTypeCode, string? identifier,
+		string secret);
+
+	Task<ValidateResult> ValidateAsync(string credentialTypeCode,
+		string? identifier, string secret);
+
+	Task<bool> SignIn(HttpContext httpContext, User? user,
+		bool isPersistent = false);
+
+	void SignOut(HttpContext httpContext);
+	int GetCurrentUserId(HttpContext httpContext);
+	User? GetCurrentUser(HttpContext httpContext);
+	User? GetUser(string credentialTypeCode, string identifier);
+	Credential? GetCredentialsByUserId(int userId);
+
+	Task<ValidateResult> RemoveUser(string credentialTypeCode,
+		string identifier);
+
+	User? Exist(string identifier);
+
+	Task<User?> ExistAsync(int userTableId);
+	Role? GetRole(string credentialTypeCode, string identifier);
+
+	Task<Role?> GetRoleAsync(int userId);
+	bool PreflightValidate(string userName, string password, string confirmPassword);
+	CredentialType? GetCachedCredentialType(string credentialTypeCode);
 }