Changeset 1737

Timestamp:

05/04/09 19:42:18 (15 years ago)

Author:

svonolfe

Message:

Passwords are now stored in MD5 in the database (#532)

Location:

trunk/sources

Files:

• HeuristicLab.Security.ADODataAccess/3.2/HLUserAdapter.cs (modified) (1 diff)
• HeuristicLab.Security.Contracts/3.2/BusinessObjects/User.cs (modified) (2 diffs)
• HeuristicLab.Security.Contracts/3.2/Interfaces/IPermissionManager.cs (modified) (1 diff)
• HeuristicLab.Security.Contracts/3.2/Interfaces/ITestServer.cs (deleted)
• HeuristicLab.Security.Core/3.2/PermissionManager.cs (modified) (4 diffs)
• HeuristicLab.Security.Server/3.2/SecurityServer.cs (modified) (1 diff)
• HeuristicLab.Security.Server/3.2/SecurityServerApplication.cs (modified) (4 diffs)

trunk/sources/HeuristicLab.Security.ADODataAccess/3.2/HLUserAdapter.cs

@@ -55 +55 @@
 
         if (!row.IsPasswordNull())
-          user.Password = row.Password;
+          user.SetPlainPassword(row.Password);
         else
-          user.Password = String.Empty;
+          user.SetPlainPassword(String.Empty);
 
         if (!row.IsMailAddressNull())

trunk/sources/HeuristicLab.Security.Contracts/3.2/BusinessObjects/User.cs

@@ -24 +24 @@
 using System.Text;
 using System.Runtime.Serialization;
+using System.Security.Cryptography;
 
 namespace HeuristicLab.Security.Contracts.BusinessObjects {
@@ -29 +30 @@
   [DataContract]
   public class User : PermissionOwner {
+    private static string getMd5Hash(string input) {
+      // Create a new instance of the MD5CryptoServiceProvider object.
+      MD5 md5Hasher = MD5.Create();
+
+      // Convert the input string to a byte array and compute the hash.
+      byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
+
+      // Create a new Stringbuilder to collect the bytes
+      // and create a string.
+      StringBuilder sBuilder = new StringBuilder();
+
+      // Loop through each byte of the hashed data 
+      // and format each one as a hexadecimal string.
+      for (int i = 0; i < data.Length; i++) {
+        sBuilder.Append(data[i].ToString("x2"));
+      }
+
+      // Return the hexadecimal string.
+      return sBuilder.ToString();
+    }
+
+
     [DataMember]
     public String Login { get; set; }
+
+    private String password;
+    
     [DataMember]
-    public String Password { get; set; }
+    public String Password {
+      get {
+        return this.password;
+      }
+      set {
+        this.password = getMd5Hash(value);
+      }
+    }
+
+    public void SetPlainPassword(String password) {
+      this.password = password;
+    }
+
     [DataMember]
     public String MailAddress { get; set; }

trunk/sources/HeuristicLab.Security.Contracts/3.2/Interfaces/IPermissionManager.cs

@@ -19 +19 @@
     void EndSession(Guid sessionId);
 
-    [OperationContract]
-    [FaultContractAttribute(typeof(CommunicationException))]
-    void TestServer();
   }
 }

trunk/sources/HeuristicLab.Security.Core/3.2/PermissionManager.cs

@@ -8 +8 @@
 using HeuristicLab.DataAccess.Interfaces;
 using HeuristicLab.PluginInfrastructure;
+using System.Security.Cryptography;
 
 namespace HeuristicLab.Security.Core {
@@ -19 +20 @@
     Object locker = new Object();
 
- 
+    private static string getMd5Hash(string input) {
+      // Create a new instance of the MD5CryptoServiceProvider object.
+      MD5 md5Hasher = MD5.Create();
+
+      // Convert the input string to a byte array and compute the hash.
+      byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
+
+      // Create a new Stringbuilder to collect the bytes
+      // and create a string.
+      StringBuilder sBuilder = new StringBuilder();
+
+      // Loop through each byte of the hashed data 
+      // and format each one as a hexadecimal string.
+      for (int i = 0; i < data.Length; i++) {
+        sBuilder.Append(data[i].ToString("x2"));
+      }
+
+      // Return the hexadecimal string.
+      return sBuilder.ToString();
+    }
+
    /// <summary>
    /// If a session exists for this userName then it is returned, otherwise the given password
@@ -34 +55 @@
         session = factory.GetSessionForCurrentThread();
 
+        password = getMd5Hash(password);
+
         IUserAdapter userAdapter = session.GetDataAdapter<User, IUserAdapter>();
         User user = userAdapter.GetByLogin(userName);
 
-        if (user.Password.CompareTo(password) == 0) {
+        if (user != null && 
+            user.Password.Equals(password)) {
           Guid newSessionId = Guid.NewGuid();
           lock (locker)
@@ -105 +129 @@
       return Guid.Empty;
     }
-
-    public void TestServer() {
-    }
   } 
 }

trunk/sources/HeuristicLab.Security.Server/3.2/SecurityServer.cs

@@ -10 +10 @@
 namespace HeuristicLab.Security.Server {
   public partial class SecurityServer : Form {
-    public SecurityServer(Dictionary<string, Uri> baseAddrDict) {
+    public SecurityServer(Dictionary<string, String> baseAddrDict) {
       InitializeComponent();
-      Uri uri;
+      String uri;
       baseAddrDict.TryGetValue(SecurityServerApplication.STR_PermissionManager, out uri);
       if (uri != null)

trunk/sources/HeuristicLab.Security.Server/3.2/SecurityServerApplication.cs

@@ -44 +44 @@
     }
 
-    private Uri StartService(Services svc, IPAddress ipAddress, int port) {
+    private String StartService(Services svc, IPAddress ipAddress, int port) {
       string curServiceHost = "";
       Uri uriTcp;
+      String result = "";
       ISecurityManager[] securityManagerInstances = discService.GetInstances<ISecurityManager>();
       IPermissionManager[] permissionManagerInstances = discService.GetInstances<IPermissionManager>();
@@ -53 +54 @@
         case Services.PermissionManager:
           if (securityManagerInstances.Length > 0) {
-            uriTcp = new Uri("net.tcp://" + ipAddress + ":" + port + "/PermissionManager/"); 
+            uriTcp = new Uri("net.tcp://" + ipAddress + ":" + port + "/SecurityServer/"); 
             serviceHost = new ServiceHost(permissionManagerInstances[0].GetType(), uriTcp);
             serviceHost.AddServiceEndpoint(typeof(IPermissionManager), binding, STR_PermissionManager);
             curServiceHost = STR_PermissionManager;
+            result = uriTcp.ToString() + STR_PermissionManager;
           }
           break;
         case Services.SecurityManager:
           if (securityManagerInstances.Length > 0) {
-            uriTcp = new Uri("net.tcp://" + ipAddress + ":" + port + "/SecurityManager/");
+            uriTcp = new Uri("net.tcp://" + ipAddress + ":" + port + "/SecurityServer/");
             serviceHost = new ServiceHost(securityManagerInstances[0].GetType(), uriTcp);
             serviceHost.AddServiceEndpoint(typeof(ISecurityManager), binding, STR_SecurityManager);
             curServiceHost = STR_SecurityManager;
+            result = uriTcp.ToString() + STR_SecurityManager;
           }
           break;
@@ -77 +80 @@
         serviceHost.Open();
         runningServices.Add(curServiceHost, serviceHost);
-        return serviceHost.BaseAddresses[0];
+        return result;
       } else
         return null;
@@ -111 +114 @@
       
       //Start services and record their base address
-      Dictionary<string, Uri> baseAddrDict = new Dictionary<string, Uri>();
+      Dictionary<string, String> baseAddrDict = new Dictionary<string, String>();
       baseAddrDict.Add(STR_PermissionManager,
         StartService(Services.PermissionManager, addresses[index], DEFAULT_PORT_PM));