yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adds notes

Browse Source
This commit is contained in:
Shannon
2017-08-02 17:06:57 +10:00
parent 150e2b12e8
commit 31ea03a7cc
1 changed files with 19 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/Umbraco.Core/Security/MembershipProviderBase.cs
View File

@@ -674,7 +674,7 @@ namespace Umbraco.Core.Security
if (PasswordFormat == MembershipPasswordFormat.Clear)
return pass;
var bytes = Encoding.Unicode.GetBytes(pass);
var numArray1 = Convert.FromBase64String(salt);
var saltBytes = Convert.FromBase64String(salt);
byte[] inArray;
if (PasswordFormat == MembershipPasswordFormat.Hashed)
@@ -684,22 +684,27 @@ namespace Umbraco.Core.Security
if (algorithm != null)
{
var keyedHashAlgorithm = algorithm;
if (keyedHashAlgorithm.Key.Length == numArray1.Length)
keyedHashAlgorithm.Key = numArray1;
else if (keyedHashAlgorithm.Key.Length < numArray1.Length)
{
if (keyedHashAlgorithm.Key.Length == saltBytes.Length)
{
//if the salt bytes is the required key length for the algorithm, use it as-is
keyedHashAlgorithm.Key = saltBytes;
}
else if (keyedHashAlgorithm.Key.Length < saltBytes.Length)
{
//if the salt bytes is too long for the required key length for the algorithm, reduce it
var numArray2 = new byte[keyedHashAlgorithm.Key.Length];
Buffer.BlockCopy(numArray1, 0, numArray2, 0, numArray2.Length);
Buffer.BlockCopy(saltBytes, 0, numArray2, 0, numArray2.Length);
keyedHashAlgorithm.Key = numArray2;
}
else
{
//if the salt bytes is too long for the required key length for the algorithm, extend it
var numArray2 = new byte[keyedHashAlgorithm.Key.Length];
var dstOffset = 0;
while (dstOffset < numArray2.Length)
{
var count = Math.Min(numArray1.Length, numArray2.Length - dstOffset);
Buffer.BlockCopy(numArray1, 0, numArray2, dstOffset, count);
var count = Math.Min(saltBytes.Length, numArray2.Length - dstOffset);
Buffer.BlockCopy(saltBytes, 0, numArray2, dstOffset, count);
dstOffset += count;
}
keyedHashAlgorithm.Key = numArray2;
@@ -708,9 +713,9 @@ namespace Umbraco.Core.Security
}
else
{
var buffer = new byte[numArray1.Length + bytes.Length];
Buffer.BlockCopy(numArray1, 0, buffer, 0, numArray1.Length);
Buffer.BlockCopy(bytes, 0, buffer, numArray1.Length, bytes.Length);
var buffer = new byte[saltBytes.Length + bytes.Length];
Buffer.BlockCopy(saltBytes, 0, buffer, 0, saltBytes.Length);
Buffer.BlockCopy(bytes, 0, buffer, saltBytes.Length, bytes.Length);
inArray = hashAlgorithm.ComputeHash(buffer);
}
}
@@ -718,9 +723,9 @@ namespace Umbraco.Core.Security
{
//this code is copied from the sql membership provider - pretty sure this could be nicely re-written to completely
// ignore the salt stuff since we are not salting the password when encrypting.
var password = new byte[numArray1.Length + bytes.Length];
Buffer.BlockCopy(numArray1, 0, password, 0, numArray1.Length);
Buffer.BlockCopy(bytes, 0, password, numArray1.Length, bytes.Length);
var password = new byte[saltBytes.Length + bytes.Length];
Buffer.BlockCopy(saltBytes, 0, password, 0, saltBytes.Length);
Buffer.BlockCopy(bytes, 0, password, saltBytes.Length, bytes.Length);
inArray = EncryptPassword(password, MembershipPasswordCompatibilityMode.Framework40);
}
return Convert.ToBase64String(inArray);