yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow hash type on GenerateHash and remove obsoleted ToMd5 and ToSHA1 methods (#6679)

Browse Source
This commit is contained in:
Ronald Barendse
2019-10-23 17:19:49 +02:00
committed by Sebastiaan Janssen
parent e3bc30c4ca
commit d0303f74fd
5 changed files with 37 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Umbraco.Core/MainDom.cs
View File

@@ -1,7 +1,7 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Diagnostics;
using System.Linq; using System.Linq;
using System.Security.Cryptography;
using System.Threading; using System.Threading;
using System.Web.Hosting; using System.Web.Hosting;
using Umbraco.Core.Logging; using Umbraco.Core.Logging;
@@ -65,7 +65,7 @@ namespace Umbraco.Core
// a new process for the same application path // a new process for the same application path
var appPath = HostingEnvironment.ApplicationPhysicalPath; var appPath = HostingEnvironment.ApplicationPhysicalPath;
var hash = (appId + ":::" + appPath).ToSHA1(); var hash = (appId + ":::" + appPath).GenerateHash<SHA1>();
var lockName = "UMBRACO-" + hash + "-MAINDOM-LCK"; var lockName = "UMBRACO-" + hash + "-MAINDOM-LCK";
_asyncLock = new AsyncLock(lockName); _asyncLock = new AsyncLock(lockName);

2
src/Umbraco.Core/Models/UserExtensions.cs
View File

@@ -67,7 +67,7 @@ namespace Umbraco.Core.Models
if (user.Avatar.IsNullOrWhiteSpace()) if (user.Avatar.IsNullOrWhiteSpace())
{ {
var gravatarHash = user.Email.ToMd5(); var gravatarHash = user.Email.GenerateHash<MD5>();
var gravatarUrl = "https://www.gravatar.com/avatar/" + gravatarHash + "?d=404"; var gravatarUrl = "https://www.gravatar.com/avatar/" + gravatarHash + "?d=404";
//try Gravatar //try Gravatar

7
src/Umbraco.Core/Persistence/Repositories/Implement/RedirectUrlRepository.cs
View File

@@ -1,6 +1,7 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Security.Cryptography;
using NPoco; using NPoco;
using Umbraco.Core.Cache; using Umbraco.Core.Cache;
using Umbraco.Core.Logging; using Umbraco.Core.Logging;
@@ -105,7 +106,7 @@ JOIN umbracoNode ON umbracoRedirectUrl.contentKey=umbracoNode.uniqueID");
CreateDateUtc = redirectUrl.CreateDateUtc, CreateDateUtc = redirectUrl.CreateDateUtc,
Url = redirectUrl.Url, Url = redirectUrl.Url,
Culture = redirectUrl.Culture, Culture = redirectUrl.Culture,
UrlHash = redirectUrl.Url.ToSHA1() UrlHash = redirectUrl.Url.GenerateHash<SHA1>()
}; };
} }
@@ -134,7 +135,7 @@ JOIN umbracoNode ON umbracoRedirectUrl.contentKey=umbracoNode.uniqueID");
public IRedirectUrl Get(string url, Guid contentKey, string culture) public IRedirectUrl Get(string url, Guid contentKey, string culture)
{ {
var urlHash = url.ToSHA1(); var urlHash = url.GenerateHash<SHA1>();
var sql = GetBaseQuery(false).Where<RedirectUrlDto>(x => x.Url == url && x.UrlHash == urlHash && x.ContentKey == contentKey && x.Culture == culture); var sql = GetBaseQuery(false).Where<RedirectUrlDto>(x => x.Url == url && x.UrlHash == urlHash && x.ContentKey == contentKey && x.Culture == culture);
var dto = Database.Fetch<RedirectUrlDto>(sql).FirstOrDefault(); var dto = Database.Fetch<RedirectUrlDto>(sql).FirstOrDefault();
return dto == null ? null : Map(dto); return dto == null ? null : Map(dto);
@@ -157,7 +158,7 @@ JOIN umbracoNode ON umbracoRedirectUrl.contentKey=umbracoNode.uniqueID");
public IRedirectUrl GetMostRecentUrl(string url) public IRedirectUrl GetMostRecentUrl(string url)
{ {
var urlHash = url.ToSHA1(); var urlHash = url.GenerateHash<SHA1>();
var sql = GetBaseQuery(false) var sql = GetBaseQuery(false)
.Where<RedirectUrlDto>(x => x.Url == url && x.UrlHash == urlHash) .Where<RedirectUrlDto>(x => x.Url == url && x.UrlHash == urlHash)
.OrderByDescending<RedirectUrlDto>(x => x.CreateDateUtc); .OrderByDescending<RedirectUrlDto>(x => x.CreateDateUtc);

67
src/Umbraco.Core/StringExtensions.cs
View File

@@ -724,67 +724,56 @@ namespace Umbraco.Core
/// <summary> /// <summary>
/// Generates a hash of a string based on the FIPS compliance setting. /// Generates a hash of a string based on the FIPS compliance setting.
/// </summary> /// </summary>
/// <param name="str">Refers to itself</param> /// <param name="str">The <see cref="string" /> to hash.</param>
/// <returns>The hashed string</returns> /// <returns>
/// The hashed string.
/// </returns>
public static string GenerateHash(this string str) public static string GenerateHash(this string str)
{ {
return CryptoConfig.AllowOnlyFipsAlgorithms return str.GenerateHash(CryptoConfig.AllowOnlyFipsAlgorithms ? "SHA1" : "MD5");
? str.ToSHA1()
: str.ToMd5();
} }
/// <summary> /// <summary>
/// Converts the string to MD5 /// Generate a hash of a string based on the specified hash algorithm.
/// </summary> /// </summary>
/// <param name="stringToConvert">Refers to itself</param> /// <typeparam name="T">The hash algorithm implementation to use.</typeparam>
/// <returns>The MD5 hashed string</returns> /// <param name="str">The <see cref="string" /> to hash.</param>
[Obsolete("Please use the GenerateHash method instead. This may be removed in future versions")] /// <returns>
internal static string ToMd5(this string stringToConvert) /// The hashed string.
/// </returns>
internal static string GenerateHash<T>(this string str)
where T : HashAlgorithm
{ {
return stringToConvert.GenerateHash("MD5"); return str.GenerateHash(typeof(T).FullName);
} }
/// <summary> /// <summary>
/// Converts the string to SHA1 /// Generate a hash of a string based on the specified <paramref name="hashType" />.
/// </summary> /// </summary>
/// <param name="stringToConvert">refers to itself</param> /// <param name="str">The <see cref="string" /> to hash.</param>
/// <returns>The SHA1 hashed string</returns> /// <param name="hashType">The hash algorithm implementation to use.</param>
[Obsolete("Please use the GenerateHash method instead. This may be removed in future versions")] /// <returns>
internal static string ToSHA1(this string stringToConvert) /// The hashed string.
/// </returns>
/// <exception cref="System.InvalidOperationException">No hashing type found by name <paramref name="hashType" />.</exception>
/// <seealso cref="https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.hashalgorithm.create#System_Security_Cryptography_HashAlgorithm_Create_System_String_" />
internal static string GenerateHash(this string str, string hashType)
{ {
return stringToConvert.GenerateHash("SHA1");
}
/// <summary>Generate a hash of a string based on the hashType passed in
/// </summary>
/// <param name="str">Refers to itself</param>
/// <param name="hashType">String with the hash type. See remarks section of the CryptoConfig Class in MSDN docs for a list of possible values.</param>
/// <returns>The hashed string</returns>
private static string GenerateHash(this string str, string hashType)
{
//create an instance of the correct hashing provider based on the type passed in
var hasher = HashAlgorithm.Create(hashType); var hasher = HashAlgorithm.Create(hashType);
if (hasher == null) throw new InvalidOperationException("No hashing type found by name " + hashType); if (hasher == null) throw new InvalidOperationException($"No hashing type found by name {hashType}.");
using (hasher) using (hasher)
{ {
//convert our string into byte array
var byteArray = Encoding.UTF8.GetBytes(str); var byteArray = Encoding.UTF8.GetBytes(str);
//get the hashed values created by our selected provider
var hashedByteArray = hasher.ComputeHash(byteArray); var hashedByteArray = hasher.ComputeHash(byteArray);
//create a StringBuilder object var sb = new StringBuilder();
var stringBuilder = new StringBuilder();
//loop to each byte
foreach (var b in hashedByteArray) foreach (var b in hashedByteArray)
{ {
//append it to our StringBuilder sb.Append(b.ToString("x2"));
stringBuilder.Append(b.ToString("x2"));
} }
//return the hashed value return sb.ToString();
return stringBuilder.ToString();
} }
} }

3
src/Umbraco.Web/Editors/UsersController.cs
View File

@@ -5,6 +5,7 @@ using System.Linq;
using System.Net; using System.Net;
using System.Net.Http; using System.Net.Http;
using System.Runtime.Serialization; using System.Runtime.Serialization;
using System.Security.Cryptography;
using System.Threading.Tasks; using System.Threading.Tasks;
using System.Web; using System.Web;
using System.Web.Http; using System.Web.Http;
@@ -105,7 +106,7 @@ namespace Umbraco.Web.Editors
if (Current.Configs.Settings().Content.DisallowedUploadFiles.Contains(ext) == false) if (Current.Configs.Settings().Content.DisallowedUploadFiles.Contains(ext) == false)
{ {
//generate a path of known data, we don't want this path to be guessable //generate a path of known data, we don't want this path to be guessable
user.Avatar = "UserAvatars/" + (user.Id + safeFileName).ToSHA1() + "." + ext; user.Avatar = "UserAvatars/" + (user.Id + safeFileName).GenerateHash<SHA1>() + "." + ext;
using (var fs = System.IO.File.OpenRead(file.LocalFileName)) using (var fs = System.IO.File.OpenRead(file.LocalFileName))
{ {