Commit 90bef95c authored by Andres Käver's avatar Andres Käver

hw

parent 696af007
......@@ -10,6 +10,8 @@ namespace ConsoleApp01
{
Console.WriteLine("ics0031-2020f Andres.Kaver HW01");
Cesar();
RSADemo();
/*
......
using Microsoft.AspNetCore.Identity;
namespace Domain
{
public class Cesar
......@@ -6,5 +8,8 @@ namespace Domain
public int Key { get; set; }
public string PlainText { get; set; }
public string CypherText { get; set; }
public string UserId { get; set; }
public IdentityUser User { get; set; }
}
}
......@@ -4,4 +4,8 @@
<TargetFramework>netstandard2.1</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Extensions.Identity.Stores" Version="3.1.8" />
</ItemGroup>
</Project>
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.EntityFrameworkCore;
using Domain;
using Microsoft.AspNetCore.Authorization;
using WebApp.Data;
namespace WebApp.Controllers
{
[Authorize]
public class CesarsController : Controller
{
private readonly ApplicationDbContext _context;
public CesarsController(ApplicationDbContext context)
{
_context = context;
}
public string GetUserId()
{
var claim = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier);
return claim?.Value ?? "";
}
// GET: Cesars
public async Task<IActionResult> Index()
{
return View(await _context.Cesars.ToListAsync());
var userId = GetUserId();
return View(await _context.Cesars.Where(c => c.UserId == userId).ToListAsync());
}
// GET: Cesars/Details/5
......@@ -64,6 +77,7 @@ namespace WebApp.Controllers
{
cesar.Key = cesar.Key % 255;
cesar.CypherText = System.Convert.ToBase64String(Crypto.Cesar.CesarEncryptString(cesar.PlainText, (byte) cesar.Key, Encoding.Default));
cesar.UserId = GetUserId();
_context.Add(cesar);
await _context.SaveChangesAsync();
return RedirectToAction(nameof(Index));
......@@ -104,7 +118,7 @@ namespace WebApp.Controllers
// more details, see http://go.microsoft.com/fwlink/?LinkId=317598.
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Edit(int id, [Bind("Id,Key,PlainText,CypherText")] Cesar cesar)
public async Task<IActionResult> Edit(int id, Cesar cesar)
{
if (id != cesar.Id)
{
......@@ -112,7 +126,8 @@ namespace WebApp.Controllers
}
ValidateCesar(cesar);
cesar.UserId = GetUserId();
if (ModelState.IsValid)
{
......@@ -163,7 +178,9 @@ namespace WebApp.Controllers
[ValidateAntiForgeryToken]
public async Task<IActionResult> DeleteConfirmed(int id)
{
// TODO: .where(c => c.Id == id && c.UserId == GetUserId()
var cesar = await _context.Cesars.FindAsync(id);
_context.Cesars.Remove(cesar);
await _context.SaveChangesAsync();
return RedirectToAction(nameof(Index));
......
......@@ -3,12 +3,14 @@ using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using WebApp.Models;
namespace WebApp.Controllers
{
[Authorize]
public class HomeController : Controller
{
private readonly ILogger<HomeController> _logger;
......@@ -18,6 +20,7 @@ namespace WebApp.Controllers
_logger = logger;
}
[AllowAnonymous]
public IActionResult Index()
{
//return "OK";
......@@ -29,6 +32,7 @@ namespace WebApp.Controllers
return "Test it is!";
}
public IActionResult Privacy()
{
return View();
......
......@@ -3,11 +3,14 @@ using System.Collections.Generic;
using System.Security.Permissions;
using System.Text;
using Domain;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore;
namespace WebApp.Data
{
public class ApplicationDbContext : IdentityDbContext
{
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
......
......@@ -14,17 +14,17 @@
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
<div class="form-group">
<label asp-for="Key" class="control-label"></label>
<input asp-for="Key" class="form-control" />
<input asp-for="Key" class="form-control"/>
<span asp-validation-for="Key" class="text-danger"></span>
</div>
<div class="form-group">
<label asp-for="PlainText" class="control-label"></label>
<input asp-for="PlainText" class="form-control" />
<input asp-for="PlainText" class="form-control"/>
<span asp-validation-for="PlainText" class="text-danger"></span>
</div>
<div class="form-group">
<input type="submit" value="Create" class="btn btn-primary" />
<input type="submit" value="Create" class="btn btn-primary"/>
</div>
</form>
</div>
......
......@@ -13,6 +13,7 @@
<form asp-action="Edit">
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
<input type="hidden" asp-for="Id" />
<div class="form-group">
<label asp-for="Key" class="control-label"></label>
<input asp-for="Key" class="form-control" />
......
......@@ -21,7 +21,7 @@
<th>
@Html.DisplayNameFor(model => model.CypherText)
</th>
<th>Decrypt</th>
<th>UserId</th>
<th></th>
</tr>
</thead>
......@@ -38,7 +38,7 @@
@Html.DisplayFor(modelItem => item.CypherText)
</td>
<td>
----
@item.UserId
</td>
<td>
<a asp-action="Edit" asp-route-id="@item.Id">Edit</a> |
......
......@@ -3,4 +3,26 @@
}
<h1>@ViewData["Title"]</h1>
<p>Use this page to detail your site's privacy policy.</p>
\ No newline at end of file
<p>No privacy here</p>
<h2>Claims</h2>
<table>
<tr>
<th>Type</th>
<th>Value</th>
<th>ValueType</th>
</tr>
@foreach (var claim in User.Claims)
{
<tr>
<td>
@claim.Type
</td>
<td>
@claim.Value
</td>
<td>
@claim.ValueType
</td>
</tr>
}
</table>
\ No newline at end of file
......@@ -46,3 +46,9 @@ Re-implement diffie-hellman and rsa as web app (move crypto functions into separ
In the case of RSA implement encryption of text (convert it to bytes) and decryption (Also in console app).
## HW05
***Deadline 2020-11-08 23:59:59***
Secure your web app controllers (diffie-helman and rsa) as was demonstrated in class. IDOR. Use the built in identity system. Check for correct user and correct ownership of resources on every controller action.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment