GOC335 ExtensionMethods.cs

1. using System;
2. using System.Configuration;
3. using System.IO;
4. using System.Web.Security;
5.  
6. namespace Altairis.Nemesis.Events.WebCore.Security {
7.   public static class ExtensionMethods {
8.  
9.     public static string CreatePasswordResetCode(this MembershipUser user) {
10.       if (user == null) throw new ArgumentNullException("user");
11.  
12.       // Prepare data to compute hash from (username + date)
13.       byte[] data;
14.       using (var ms = new MemoryStream()) {
15.         using (var bw = new BinaryWriter(ms)) {
16.           bw.Write(user.UserName.ToLower());
17.           bw.Write(Math.Max(user.LastActivityDate.ToBinary(), user.LastLoginDate.ToBinary()));
18.         }
19.         data = ms.ToArray();
20.       }
21.  
22.       // Compute hash
23.       using (var hmac = new System.Security.Cryptography.HMACSHA1()) {
24.         hmac.Key = GetMacKey();
25.         var hash = hmac.ComputeHash(data);
26.         return hash.ToUrlSafeBase64String();
27.       }
28.     }
29.  
30.     public static bool VerifyPasswordResetCode(this MembershipUser user, string code) {
31.       if (user == null) throw new ArgumentNullException("user");
32.       if (code == null) throw new ArgumentNullException("code");
33.  
34.       return code.Equals(user.CreatePasswordResetCode(), StringComparison.Ordinal);
35.     }
36.  
37.     public static string CreateEmailChangeCode(this MembershipUser user, string newEmail) {
38.       if (user == null) throw new ArgumentNullException("user");
39.       if (newEmail == null) throw new ArgumentNullException("newEmail");
40.       if (string.IsNullOrWhiteSpace(newEmail)) throw new ArgumentException("Value cannot be empty or whitespace only string.", "newEmail");
41.  
42.       // Prepare data to compute hash from (username + old mail + new mail)
43.       byte[] data;
44.       using (var ms = new MemoryStream()) {
45.         using (var bw = new BinaryWriter(ms)) {
46.           bw.Write(user.UserName.ToLower());
47.           bw.Write(user.Email.ToLower());
48.           bw.Write(newEmail.ToLower());
49.         }
50.         data = ms.ToArray();
51.       }
52.  
53.       // Compute hash
54.       using (var hmac = new System.Security.Cryptography.HMACSHA1()) {
55.         hmac.Key = GetMacKey();
56.         var hash = hmac.ComputeHash(data);
57.         return hash.ToUrlSafeBase64String();
58.       }
59.  
60.     }
61.  
62.     public static bool VerifyEmailChangeCode(this MembershipUser user, string newEmail, string code) {
63.       if (user == null) throw new ArgumentNullException("user");
64.       if (newEmail == null) throw new ArgumentNullException("newEmail");
65.       if (string.IsNullOrWhiteSpace(newEmail)) throw new ArgumentException("Value cannot be empty or whitespace only string.", "newEmail");
66.       if (code == null) throw new ArgumentNullException("code");
67.       if (string.IsNullOrWhiteSpace(code)) throw new ArgumentException("Value cannot be empty or whitespace only string.", "code");
68.  
69.       return code.Equals(user.CreateEmailChangeCode(newEmail), StringComparison.Ordinal);
70.     }
71.  
72.     public static string ToUrlSafeBase64String(this byte[] data) {
73.       var s = Convert.ToBase64String(data);
74.       s = s.Replace('+', '-');
75.       s = s.Replace('/', '_');
76.       s = s.TrimEnd('=');
77.       return s;
78.     }
79.  
80.     // Private helper methods
81.  
82.     private static byte[] GetMacKey() {
83.       return Convert.FromBase64String(ConfigurationManager.AppSettings["PasswordResetKey"]);
84.     }
85.  
86.   }
87. }