Fixing user password generation/validation - wip

2025-06-17 00:01:29 +02:00
parent 14d9b45413
commit 1877c29e68
9 changed files with 50 additions and 45 deletions
--- a/MainProject.Tests/JsonData/appsettings.json
+++ b/MainProject.Tests/JsonData/appsettings.json
@@ -35,8 +35,9 @@
            "ExpiredAfterMinsOfInactivity": 15
        },
        "EncryptionSettings": {
-            "Salt": "S7VIidfXQf1tOQYX",
-            "Pepper": ""
+            "Secret": "S7VIidfXQf1tOQYX",
+            "Salt": "",
+            "Iterations": 10
        }
    }

--- a/MainProject.Tests/JsonData/invalidCryptAppsettings.json
+++ b/MainProject.Tests/JsonData/invalidCryptAppsettings.json
@@ -35,8 +35,9 @@
            "ExpiredAfterMinsOfInactivity": 15
        },
        "EncryptionSettings": {
-            "Salt": "AAAAA",
-            "Pepper": ""
+            "Secret": "AAAAA",
+            "Salt": "",
+            "Iterations": 10
        }
    }

--- a/MainProject.Tests/TestsUtils/ModelsInit.cs
+++ b/MainProject.Tests/TestsUtils/ModelsInit.cs
@@ -13,8 +13,9 @@ public static class ModelsInit
            FirstName = "FirstName",
            LastName = "LastName",
            Email = "test-new@email.it",
-            PasswordHash = "PasswordHash",
+            PasswordPepper = "PasswordPepper",
            PasswordSalt = "PasswordSalt",
+            PasswordIterations = 0,
            Password = "Password",
            Role = CreateRole(),
            IsTestUser = true
--- a/MainProject.Tests/Utils/CryptoUtils_Tests.cs
+++ b/MainProject.Tests/Utils/CryptoUtils_Tests.cs
@@ -102,11 +102,11 @@ public class CryptoUtils_Tests
    }

    [TestMethod]
-    public void GenerateSalt()
+    public void GeneratePepper()
    {
        try
        {
-            var salt = CryptUtils.GenerateSalt();
+            var salt = CryptUtils.GeneratePepper();
            Assert.IsTrue(!String.IsNullOrEmpty(salt));
        }
        catch (Exception ex)
@@ -122,14 +122,14 @@ public class CryptoUtils_Tests
        try
        {
            var password = "P4ssw0rd@1!";
-            var salt = CryptUtils.GenerateSalt();
-            Assert.IsTrue(!String.IsNullOrEmpty(salt));
+            var pepper = CryptUtils.GeneratePepper();
+            Assert.IsTrue(!String.IsNullOrEmpty(pepper));

            WebApplicationBuilder builder = WebApplication.CreateBuilder(Array.Empty<string>());
            AppSettings appSettings = ProgramUtils.AddConfiguration(ref builder, System.AppDomain.CurrentDomain.BaseDirectory + "/JsonData");
-            CryptUtils cryptoUtils = new CryptUtils(appSettings);
-            var encryptedPassword = cryptoUtils.GeneratePassword(password, salt, 0);
-            Assert.IsTrue(password != encryptedPassword);
+            var salt = appSettings?.EncryptionSettings?.Salt ?? String.Empty;
+            var encryptedPassword = CryptUtils.GeneratePassword(password, salt, 0, pepper);
+            Assert.AreNotEqual(encryptedPassword, password);
        }
        catch (Exception ex)
        {
@@ -147,10 +147,7 @@ public class CryptoUtils_Tests
            var salt = "Afi7PQYgEL2sPbNyVzduvg==";
            var hashedPassword = "2lMeySZ9ciH1KtSg1Z7oSJRmJEjHMeDvdaNRcJcGutM=";

-            WebApplicationBuilder builder = WebApplication.CreateBuilder(Array.Empty<string>());
-            AppSettings appSettings = ProgramUtils.AddConfiguration(ref builder, System.AppDomain.CurrentDomain.BaseDirectory + "/JsonData");
-            CryptUtils cryptoUtils = new CryptUtils(appSettings);
-            var verified = cryptoUtils.VerifyPassword(password, salt, 0, hashedPassword);
+            var verified = CryptUtils.VerifyPassword(hashedPassword, password, salt, 0);
            Assert.IsTrue(verified);
        }
        catch (Exception ex)