1.1.3 encrypt passwords

Author: TradeControl

changelog.md

@@ -15,4 +15,27 @@ Changes to 1.1.0, released 1 July 2021.
 [Sql node version 3.34.8](https://github.com/tradecontrol/sqlnode/releases)
 
 - Fix Web.Mail.MailInvoice.Send() - not filtering by selected email address
-- Mobile event log delete button permissions
+- Mobile event log delete button permissions
+
+## 1.1.3
+
+[Sql node version 3.34.8](https://github.com/tradecontrol/sqlnode/releases)
+
+Some web hosting services do not support Sql Server security. This upgrade protects mail hosting service credentials by [encrypting passwords](src/TCWeb/Mail/Encrypt.cs) in the data store. Because the app is Open Source, you need to change [the key and vector](src/TCWeb/Data/NodeSettings.cs) bytes prior to compilation.
+
+``` csharp
+/// <summary>
+/// Modify key bytes to protect passwords in an unsecured Sql Server context
+/// </summary>
+public static byte[] SymmetricKey
+{
+    get
+    {
+        byte[] key = { 0x22, 0x5C, 0x53, 0x4B, 0x44, 0x2D, 0x6B, 0x6D, 0x51, 0xC, 0x58, 0x69, 0x4C, 0x56, 0x72, 0x15 };
+        return key;
+    }
+}
+```
+
+
+

src/TCWeb/Data/Invoices.cs

@@ -243,7 +243,7 @@ public async Task SetToPrinted()
                 if (invoice != null)
                 {
                     invoice.Spooled = false;
-                    invoice.Printed = false;
+                    invoice.Printed = true;
                     _context.Attach(invoice).State = EntityState.Modified;
                     await _context.SaveChangesAsync();
                 }

src/TCWeb/Data/NodeSettings.cs

@@ -76,7 +76,6 @@ public bool HasMailHost
                 }
             }
         }
-        #endregion
 
         public Task<double> DataVersion => Task.Run(() =>
         {
@@ -120,6 +119,32 @@ public bool HasMailHost
             }
 
         });
+        #endregion
+
+        #region mail
+        /// <summary>
+        /// Modify key bytes to protect passwords in an unsecured Sql Server context
+        /// </summary>
+        public static byte[] SymmetricKey
+        {
+            get
+            {
+                byte[] key = { 0x22, 0x5C, 0x53, 0x4B, 0x44, 0x2D, 0x6B, 0x6D, 0x51, 0xC, 0x58, 0x69, 0x4C, 0x56, 0x72, 0x15 };
+                return key;
+            }
+        }
+
+        /// <summary>
+        /// Modify vector bytes to protect passwords in an unsecured Sql Server context
+        /// </summary>
+        public static byte[] SymmetricVector
+        {
+            get
+            {
+                byte[] iv = { 0x5C, 0x6B, 0xF, 0x1A, 0x5A, 0x70, 0x74, 0x71, 0x2A, 0x79, 0x14, 0x56, 0x6A, 0x77, 0x9, 0x22 };
+                return iv;
+            }
+        }
 
         public async Task<bool> SetHost(int? hostId)
         {
@@ -152,6 +177,7 @@ public async Task<MailSettings> MailHost()
         {
             try
             {
+                Encrypt encrypt = new Encrypt(NodeSettings.SymmetricKey, NodeSettings.SymmetricVector);
                 var defaultHost = await _context.App_Host.OrderBy(h => h.HostId).SingleOrDefaultAsync();
 
                 if (defaultHost == null)
@@ -161,7 +187,7 @@ public async Task<MailSettings> MailHost()
                     {
                         HostName = defaultHost.HostName,
                         UserName =  defaultHost.EmailAddress,
-                        Password = defaultHost.EmailPassword,
+                        Password = encrypt.DecryptString(defaultHost.EmailPassword),
                         Port = defaultHost.HostPort
                     };
             }
@@ -171,10 +197,7 @@ public async Task<MailSettings> MailHost()
                 return null;
             }
         }
+        #endregion
 
-        public void InitialiseNode()
-        {
-
-        }
     }
 }

src/TCWeb/Mail/Encrypt.cs

@@ -0,0 +1,130 @@
+using System.Text;
+using System.Security.Cryptography;
+using System.IO;
+
+namespace TradeControl.Web.Mail
+{
+    /// <summary>
+    /// Encrypts or decrypts strings according to passed keys/vectors using the RijndaelManaged algorithm
+    /// </summary>
+    public class Encrypt
+    {
+        readonly byte[] key;
+        readonly byte[] iv;
+
+        public Encrypt(byte[] _key, byte[] _iv)
+        {
+            key = _key;
+            iv = _iv;
+        }
+
+        public Encrypt(byte[] _fullKey)
+        {
+            key = new byte[16];
+            iv = new byte[16];
+
+            for (int i = 0; i < 16; i++)
+            {
+                key[i] = _fullKey[i];
+                iv[i + 16] = _fullKey[i + 16];
+            }
+
+        }
+
+        private byte[] ToByte(char[] _chars)
+        {
+            byte[] bytes = new byte[_chars.Length];
+            for (int i = 0; i < _chars.Length; i++)
+                bytes[i] = (byte)_chars[i];
+            return bytes;
+        }
+
+        private string ByteToString(byte[] _bytes)
+        {
+            string result = string.Empty;
+            for (int i = 0; i < _bytes.Length; i++)
+                result = result + (char)_bytes[i];
+
+            return result;
+        }
+
+        #region Encryption
+        private byte[] Key
+        {
+            get
+            {
+                return key;
+            }
+        }
+
+        private byte[] IV
+        {
+            get
+            {
+                return iv;
+            }
+        }
+
+        public string DecryptString(string _encrypted)
+        {
+            string decrypt;
+
+            try
+            {
+                ASCIIEncoding textConverter = new();
+                byte[] encrypted = ToByte(_encrypted.ToCharArray());
+
+                RijndaelManaged RMCrypto = new();
+                byte[] fromEncrypt;
+
+                ICryptoTransform decryptor = RMCrypto.CreateDecryptor(Key, IV);
+
+                MemoryStream msDecrypt = new(encrypted);
+                CryptoStream csDecrypt = new(msDecrypt, decryptor, CryptoStreamMode.Read);
+
+                fromEncrypt = new byte[encrypted.Length];
+
+                csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length);
+
+                decrypt = textConverter.GetString(fromEncrypt).Trim(new char[] { ' ', '\0' });
+            }
+            catch
+            {
+                
+                decrypt = string.Empty;
+            }
+
+            return decrypt;
+        }
+
+        public string EncryptString(string _decrypted)
+        {
+            try
+            {
+                ASCIIEncoding textConverter = new();
+                RijndaelManaged RMCrypto = new();
+
+                byte[] toEncrypt;
+
+                ICryptoTransform encryptor = RMCrypto.CreateEncryptor(Key, IV);
+
+                MemoryStream msEncrypt = new();
+                CryptoStream csEncrypt = new(msEncrypt, encryptor, CryptoStreamMode.Write);
+
+                toEncrypt = textConverter.GetBytes(_decrypted);
+
+                csEncrypt.Write(toEncrypt, 0, toEncrypt.Length);
+                csEncrypt.FlushFinalBlock();
+
+                byte[] encrypted = msEncrypt.ToArray();
+
+                return ByteToString(encrypted) ;
+            }
+            catch
+            {
+                return string.Empty;
+            }
+        }
+        #endregion
+    }
+}

src/TCWeb/Pages/Admin/Host/Create.cshtml.cs

@@ -13,6 +13,7 @@
 using TradeControl.Web.Areas.Identity.Data;
 using TradeControl.Web.Data;
 using TradeControl.Web.Models;
+using TradeControl.Web.Mail;
 
 namespace TradeControl.Web.Pages.Admin.Host
 {
@@ -61,7 +62,11 @@ public async Task<IActionResult> OnPostAsync()
                 if (!ModelState.IsValid)
                     return Page();
 
+                Encrypt encrypt = new(NodeSettings.SymmetricKey, NodeSettings.SymmetricVector);
+                App_tbHost.EmailPassword = encrypt.EncryptString(App_tbHost.EmailPassword);
+
                 NodeContext.App_tbHosts.Add(App_tbHost);
+
                 await NodeContext.SaveChangesAsync();
 
                 if (await NodeContext.App_tbHosts.AnyAsync())

src/TCWeb/Pages/Admin/Host/Edit.cshtml.cs

@@ -7,6 +7,7 @@
 using Microsoft.EntityFrameworkCore;
 using TradeControl.Web.Areas.Identity.Data;
 using TradeControl.Web.Data;
+using TradeControl.Web.Mail;
 using TradeControl.Web.Models;
 
 namespace TradeControl.Web.Pages.Admin.Host
@@ -59,6 +60,9 @@ public async Task<IActionResult> OnPostAsync()
                 Profile profile = new(NodeContext);
                 App_tbHost.InsertedBy = await profile.UserName(UserManager.GetUserId(User));
                 App_tbHost.InsertedOn = DateTime.Now;
+                
+                Encrypt encrypt = new(NodeSettings.SymmetricKey, NodeSettings.SymmetricVector);
+                App_tbHost.EmailPassword = encrypt.EncryptString(App_tbHost.EmailPassword);
 
                 NodeContext.Attach(App_tbHost).State = EntityState.Modified;
 

src/TCWeb/Pages/Invoice/Update/EmailSubmit.cshtml

@@ -17,7 +17,7 @@
     "MaxFileSize": 2097152,
     "SupportRequestTemplate": "support_request.html",
     "SupportEmailAddress": "office@tradecontrol.co.uk",
-    "WebVersion": "1.1.2",
+    "WebVersion": "1.1.3",
     "SqlNodeVersion": "3.34.8"      
   }
 }