fix: 修复BCrypt加密算法存在的生成salt问题。

main
NoahLan 8 months ago
parent f3382f9c8e
commit 808ec6b60a

@ -1,16 +1,23 @@
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Text; using System.Text;
using BBCrypt = Org.BouncyCastle.Crypto.Generators.BCrypt;
namespace NPin.Framework.Core.Crypt.BCrypt; namespace NPin.Framework.Core.Crypt.BCrypt;
public static class BCrypt public static class BCrypt
{ {
public static byte[] Generate(string password, string salt, int cost) public static byte[] Generate(string password, string salt, int cost = 4)
{ {
var passBytes = Encoding.UTF8.GetBytes(password); var passBytes = BBCrypt.PasswordToByteArray(password.ToCharArray());
var saltBytes = Encoding.UTF8.GetBytes(salt); var saltBytes = Convert.FromBase64String(salt);
return Org.BouncyCastle.Crypto.Generators.BCrypt.Generate(passBytes, saltBytes, cost); return BBCrypt.Generate(passBytes, saltBytes, cost);
}
public static string GenerateStr(string password, string salt, int cost = 4)
{
var bytes = Generate(password, salt, cost);
return Convert.ToBase64String(bytes);
} }
public static string GenerateSalt() public static string GenerateSalt()
@ -19,7 +26,7 @@ public static class BCrypt
using var rand = RandomNumberGenerator.Create(); using var rand = RandomNumberGenerator.Create();
rand.GetBytes(buf); rand.GetBytes(buf);
return Convert.ToBase64String(buf); return Convert.ToBase64String(buf, 0, 16);
} }
/// <summary> /// <summary>
@ -33,7 +40,7 @@ public static class BCrypt
/// <returns></returns> /// <returns></returns>
public static bool Check(string encrypt, string password, string salt, int cost) public static bool Check(string encrypt, string password, string salt, int cost)
{ {
var passStr = Generate(password, salt, cost).ToString(); var passStr = GenerateStr(password, salt, cost);
return string.Equals(encrypt, passStr); return string.Equals(encrypt, passStr);
} }

@ -1,4 +1,5 @@
using NPin.Framework.Core.Crypt.BCrypt; using System.Text;
using NPin.Framework.Core.Crypt.BCrypt;
using NPin.Framework.SqlSugarCore.Abstractions.Data; using NPin.Framework.SqlSugarCore.Abstractions.Data;
using NPin.Framework.Upms.Domain.Entities.ValueObjects; using NPin.Framework.Upms.Domain.Entities.ValueObjects;
using NPin.Framework.Upms.Domain.Shared.Enums; using NPin.Framework.Upms.Domain.Shared.Enums;
@ -28,8 +29,8 @@ public class UserEntity : Entity<Guid>, ISoftDelete, IAuditedObject, IEnabled, I
[SugarColumn(ColumnDescription = "昵称")] [SugarColumn(ColumnDescription = "昵称")]
public string? Nickname { get; set; } public string? Nickname { get; set; }
[SugarColumn(ColumnDescription = "密码", IsOwnsOne = true)] [SugarColumn(IsOwnsOne = true)]
public EncryptPasswordValueObject? EncryptPassword { get; set; } = new EncryptPasswordValueObject(); public EncryptPasswordValueObject EncryptPassword { get; set; } = new();
[SugarColumn(ColumnDescription = "简介")] [SugarColumn(ColumnDescription = "简介")]
public string? Introduction { get; set; } public string? Introduction { get; set; }
@ -50,12 +51,12 @@ public class UserEntity : Entity<Guid>, ISoftDelete, IAuditedObject, IEnabled, I
/// <summary> /// <summary>
/// 逻辑删除 /// 逻辑删除
/// </summary> /// </summary>
public bool IsDeleted { get; } public bool IsDeleted { get; set; }
public DateTime CreationTime { get; } = DateTime.Now; public DateTime CreationTime { get; set; } = DateTime.Now;
public Guid? CreatorId { get; } public Guid? CreatorId { get; set; }
public DateTime? LastModificationTime { get; } public DateTime? LastModificationTime { get; set; }
public Guid? LastModifierId { get; } public Guid? LastModifierId { get; set; }
/// <summary> /// <summary>
/// 是否启用 /// 是否启用
@ -123,10 +124,10 @@ public class UserEntity : Entity<Guid>, ISoftDelete, IAuditedObject, IEnabled, I
{ {
// 若传入密码无值则使用原本Password // 若传入密码无值则使用原本Password
// 若原本Password依然无值则抛出参数异常 // 若原本Password依然无值则抛出参数异常
password ??= EncryptPassword?.Password ?? throw new ArgumentNullException(nameof(EncryptPassword.Password)); password ??= EncryptPassword.Password ?? throw new ArgumentNullException(nameof(EncryptPassword.Password));
EncryptPassword.Salt = BCrypt.GenerateSalt(); EncryptPassword.Salt = BCrypt.GenerateSalt();
EncryptPassword.Password = BCrypt.Generate(password, EncryptPassword.Salt, 0).ToString()!; EncryptPassword.Password = BCrypt.GenerateStr(password, EncryptPassword.Salt, 10);
return this; return this;
} }
@ -139,11 +140,11 @@ public class UserEntity : Entity<Guid>, ISoftDelete, IAuditedObject, IEnabled, I
/// <exception cref="ArgumentNullException"></exception> /// <exception cref="ArgumentNullException"></exception>
public bool CheckPassword(string password) public bool CheckPassword(string password)
{ {
if (EncryptPassword?.Salt is null) if (EncryptPassword.Salt is null)
{ {
throw new ArgumentNullException(nameof(EncryptPassword.Salt)); throw new ArgumentNullException(nameof(EncryptPassword.Salt));
} }
return BCrypt.Check(EncryptPassword.Password, password, EncryptPassword.Salt, 0); return BCrypt.Check(EncryptPassword.Password, password, EncryptPassword.Salt, 10);
} }
} }
Loading…
Cancel
Save