From d0303f74fdcb535cd91319e49f95087e152c132e Mon Sep 17 00:00:00 2001
From: Ronald Barendse <ronald@panoramastudios.nl>
Date: Wed, 23 Oct 2019 17:19:49 +0200
Subject: [PATCH] Allow hash type on GenerateHash and remove obsoleted ToMd5
 and ToSHA1 methods (#6679)

---
 src/Umbraco.Core/MainDom.cs                   |  4 +-
 src/Umbraco.Core/Models/UserExtensions.cs     |  2 +-
 .../Implement/RedirectUrlRepository.cs        |  7 +-
 src/Umbraco.Core/StringExtensions.cs          | 67 ++++++++-----------
 src/Umbraco.Web/Editors/UsersController.cs    |  3 +-
 5 files changed, 37 insertions(+), 46 deletions(-)

diff --git a/src/Umbraco.Core/MainDom.cs b/src/Umbraco.Core/MainDom.cs
index d1012fb669..5da1062275 100644
--- a/src/Umbraco.Core/MainDom.cs
+++ b/src/Umbraco.Core/MainDom.cs
@@ -1,7 +1,7 @@
 using System;
 using System.Collections.Generic;
-using System.Diagnostics;
 using System.Linq;
+using System.Security.Cryptography;
 using System.Threading;
 using System.Web.Hosting;
 using Umbraco.Core.Logging;
@@ -65,7 +65,7 @@ namespace Umbraco.Core
             // a new process for the same application path
 
             var appPath = HostingEnvironment.ApplicationPhysicalPath;
-            var hash = (appId + ":::" + appPath).ToSHA1();
+            var hash = (appId + ":::" + appPath).GenerateHash<SHA1>();
 
             var lockName = "UMBRACO-" + hash + "-MAINDOM-LCK";
             _asyncLock = new AsyncLock(lockName);
diff --git a/src/Umbraco.Core/Models/UserExtensions.cs b/src/Umbraco.Core/Models/UserExtensions.cs
index cf7df4fb86..e00ac4ba15 100644
--- a/src/Umbraco.Core/Models/UserExtensions.cs
+++ b/src/Umbraco.Core/Models/UserExtensions.cs
@@ -67,7 +67,7 @@ namespace Umbraco.Core.Models
 
             if (user.Avatar.IsNullOrWhiteSpace())
             {
-                var gravatarHash = user.Email.ToMd5();
+                var gravatarHash = user.Email.GenerateHash<MD5>();
                 var gravatarUrl = "https://www.gravatar.com/avatar/" + gravatarHash + "?d=404";
 
                 //try Gravatar
diff --git a/src/Umbraco.Core/Persistence/Repositories/Implement/RedirectUrlRepository.cs b/src/Umbraco.Core/Persistence/Repositories/Implement/RedirectUrlRepository.cs
index baac02b6bf..acf6bb7df2 100644
--- a/src/Umbraco.Core/Persistence/Repositories/Implement/RedirectUrlRepository.cs
+++ b/src/Umbraco.Core/Persistence/Repositories/Implement/RedirectUrlRepository.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Security.Cryptography;
 using NPoco;
 using Umbraco.Core.Cache;
 using Umbraco.Core.Logging;
@@ -105,7 +106,7 @@ JOIN umbracoNode ON umbracoRedirectUrl.contentKey=umbracoNode.uniqueID");
                 CreateDateUtc = redirectUrl.CreateDateUtc,
                 Url = redirectUrl.Url,
                 Culture = redirectUrl.Culture,
-                UrlHash = redirectUrl.Url.ToSHA1()
+                UrlHash = redirectUrl.Url.GenerateHash<SHA1>()
             };
         }
 
@@ -134,7 +135,7 @@ JOIN umbracoNode ON umbracoRedirectUrl.contentKey=umbracoNode.uniqueID");
 
         public IRedirectUrl Get(string url, Guid contentKey, string culture)
         {
-            var urlHash = url.ToSHA1();
+            var urlHash = url.GenerateHash<SHA1>();
             var sql = GetBaseQuery(false).Where<RedirectUrlDto>(x => x.Url == url && x.UrlHash == urlHash && x.ContentKey == contentKey && x.Culture == culture);
             var dto = Database.Fetch<RedirectUrlDto>(sql).FirstOrDefault();
             return dto == null ? null : Map(dto);
@@ -157,7 +158,7 @@ JOIN umbracoNode ON umbracoRedirectUrl.contentKey=umbracoNode.uniqueID");
 
         public IRedirectUrl GetMostRecentUrl(string url)
         {
-            var urlHash = url.ToSHA1();
+            var urlHash = url.GenerateHash<SHA1>();
             var sql = GetBaseQuery(false)
                 .Where<RedirectUrlDto>(x => x.Url == url && x.UrlHash == urlHash)
                 .OrderByDescending<RedirectUrlDto>(x => x.CreateDateUtc);
diff --git a/src/Umbraco.Core/StringExtensions.cs b/src/Umbraco.Core/StringExtensions.cs
index 4df1105bf7..9bb61c7f2e 100644
--- a/src/Umbraco.Core/StringExtensions.cs
+++ b/src/Umbraco.Core/StringExtensions.cs
@@ -724,67 +724,56 @@ namespace Umbraco.Core
         /// <summary>
         /// Generates a hash of a string based on the FIPS compliance setting.
         /// </summary>
-        /// <param name="str">Refers to itself</param>
-        /// <returns>The hashed string</returns>
+        /// <param name="str">The <see cref="string" /> to hash.</param>
+        /// <returns>
+        /// The hashed string.
+        /// </returns>
         public static string GenerateHash(this string str)
         {
-            return CryptoConfig.AllowOnlyFipsAlgorithms
-                ? str.ToSHA1()
-                : str.ToMd5();
+            return str.GenerateHash(CryptoConfig.AllowOnlyFipsAlgorithms ? "SHA1" : "MD5");
         }
 
         /// <summary>
-        /// Converts the string to MD5
+        /// Generate a hash of a string based on the specified hash algorithm.
         /// </summary>
-        /// <param name="stringToConvert">Refers to itself</param>
-        /// <returns>The MD5 hashed string</returns>
-        [Obsolete("Please use the GenerateHash method instead. This may be removed in future versions")]
-        internal static string ToMd5(this string stringToConvert)
+        /// <typeparam name="T">The hash algorithm implementation to use.</typeparam>
+        /// <param name="str">The <see cref="string" /> to hash.</param>
+        /// <returns>
+        /// The hashed string.
+        /// </returns>
+        internal static string GenerateHash<T>(this string str)
+            where T : HashAlgorithm
         {
-            return stringToConvert.GenerateHash("MD5");
+            return str.GenerateHash(typeof(T).FullName);
         }
 
         /// <summary>
-        /// Converts the string to SHA1
+        /// Generate a hash of a string based on the specified <paramref name="hashType" />.
         /// </summary>
-        /// <param name="stringToConvert">refers to itself</param>
-        /// <returns>The SHA1 hashed string</returns>
-        [Obsolete("Please use the GenerateHash method instead. This may be removed in future versions")]
-        internal static string ToSHA1(this string stringToConvert)
+        /// <param name="str">The <see cref="string" /> to hash.</param>
+        /// <param name="hashType">The hash algorithm implementation to use.</param>
+        /// <returns>
+        /// The hashed string.
+        /// </returns>
+        /// <exception cref="System.InvalidOperationException">No hashing type found by name <paramref name="hashType" />.</exception>
+        /// <seealso cref="https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.hashalgorithm.create#System_Security_Cryptography_HashAlgorithm_Create_System_String_" />
+        internal static string GenerateHash(this string str, string hashType)
         {
-            return stringToConvert.GenerateHash("SHA1");
-        }
-
-        /// <summary>Generate a hash of a string based on the hashType passed in
-        /// </summary>
-        /// <param name="str">Refers to itself</param>
-        /// <param name="hashType">String with the hash type.  See remarks section of the CryptoConfig Class in MSDN docs for a list of possible values.</param>
-        /// <returns>The hashed string</returns>
-        private static string GenerateHash(this string str, string hashType)
-        {
-            //create an instance of the correct hashing provider based on the type passed in
             var hasher = HashAlgorithm.Create(hashType);
-            if (hasher == null) throw new InvalidOperationException("No hashing type found by name " + hashType);
+            if (hasher == null) throw new InvalidOperationException($"No hashing type found by name {hashType}.");
+
             using (hasher)
             {
-                //convert our string into byte array
                 var byteArray = Encoding.UTF8.GetBytes(str);
-
-                //get the hashed values created by our selected provider
                 var hashedByteArray = hasher.ComputeHash(byteArray);
 
-                //create a StringBuilder object
-                var stringBuilder = new StringBuilder();
-
-                //loop to each byte
+                var sb = new StringBuilder();
                 foreach (var b in hashedByteArray)
                 {
-                    //append it to our StringBuilder
-                    stringBuilder.Append(b.ToString("x2"));
+                    sb.Append(b.ToString("x2"));
                 }
 
-                //return the hashed value
-                return stringBuilder.ToString();
+                return sb.ToString();
             }
         }
 
diff --git a/src/Umbraco.Web/Editors/UsersController.cs b/src/Umbraco.Web/Editors/UsersController.cs
index a26bf4fe70..15e5b9404f 100644
--- a/src/Umbraco.Web/Editors/UsersController.cs
+++ b/src/Umbraco.Web/Editors/UsersController.cs
@@ -5,6 +5,7 @@ using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Runtime.Serialization;
+using System.Security.Cryptography;
 using System.Threading.Tasks;
 using System.Web;
 using System.Web.Http;
@@ -105,7 +106,7 @@ namespace Umbraco.Web.Editors
             if (Current.Configs.Settings().Content.DisallowedUploadFiles.Contains(ext) == false)
             {
                 //generate a path of known data, we don't want this path to be guessable
-                user.Avatar = "UserAvatars/" + (user.Id + safeFileName).ToSHA1() + "." + ext;
+                user.Avatar = "UserAvatars/" + (user.Id + safeFileName).GenerateHash<SHA1>() + "." + ext;
 
                 using (var fs = System.IO.File.OpenRead(file.LocalFileName))
                 {