trading
/
PTMagic
mirror of https://github.com/PTMagicians/PTMagic.git
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #273 from JackTerok/develop 

Some more Security Improvements
This commit is contained in:
HojouFotytu 2021-02-23 12:58:37 +09:00 committed by GitHub
parent 674862eff9 24a50dd244
commit dc9f340849
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 73 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Core/Main/PTMagicConfiguration.cs
View File

@ -83,6 +83,25 @@ namespace Core.Main
return result;
}
public string GetProfitTrailerServerAPITokenMasked()
{
string result = "";
if (!this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Equals(""))
{
result = this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Substring(0, 4);
for (int i = 1; i < this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Length - 8; i++)
{
result += "*";
}
result += this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Substring(this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Length - 4);
}
return result;
}
public GeneralSettings GeneralSettings
{
get

2
Monitor/Pages/SettingsGeneral.cshtml
View File

@ -92,7 +92,7 @@
<div class="form-group row">
<label class="col-md-4 col-form-label">Profit Trailer Server API Token <i class="fa fa-info-circle text-muted" data-toggle="tooltip" data-placement="top" title="The API token needed to communicate with Profit Trailer - set in Profit Trailer Server Settings"></i></label>
<div class="col-md-8">
<input type="text" class="form-control" name="Application_ProfitTrailerServerAPIToken" value="@Model.PTMagicConfiguration.GeneralSettings.Application.ProfitTrailerServerAPIToken">
<input type="text" class="form-control" name="Application_ProfitTrailerServerAPIToken" value="@Model.PTMagicConfiguration.GetProfitTrailerServerAPITokenMasked()">
</div>
</div>

42
Monitor/Pages/SetupPassword.cshtml
View File

@ -14,29 +14,30 @@
<h3 class="text-center"> <strong class="text-custom">PT Magic</strong> </h3>
<p class="text-center">Setup your password.</p>
</div>
<div class="p-20">
<form class="form-horizontal m-t-20" method="post">
<div class="form-group">
<div class="col-12">
<input name="Password" class="form-control" type="password" required="" placeholder="Password">
</div>
</div>
<div class="form-group">
<div class="col-12">
<input name="PasswordConfirm" class="form-control" type="password" required="" compare="Password" placeholder="Confirm Password">
@if (System.IO.File.Exists(System.IO.Directory.GetCurrentDirectory().Split("Monitor")[0] + "settings.secure.json"))
{
<div class="form-group">
<div class="col-12">
<input name="OldPassword" class="form-control" type="password" required="" placeholder="Old Password">
</div>
</div>
</div>
@if (!Model.ValidationMessage.Equals("")) {
<div class="form-group">
<div class="text-danger m-l-10">
@Model.ValidationMessage
</div>
</div>
}
<div class="form-group">
<div class="col-12">
<input name="Password" class="form-control" type="password" required="" placeholder="New Password">
</div>
</div>
<div class="form-group">
<div class="col-12">
<input name="PasswordConfirm" class="form-control" type="password" required="" compare="Password" placeholder="Confirm New Password">
</div>
</div>
<div class="form-group text-center m-t-40">
<div class="col-12">
<button class="btn btn-ptmagic btn-block text-uppercase waves-effect waves-light" type="submit">
@ -44,9 +45,12 @@
</button>
</div>
</div>
<div class="form-group">
<div class="text-danger m-l-10">
@Model.ValidationMessage
</div>
</div>
</form>
</div>
</div>

39
Monitor/Pages/SetupPassword.cshtml.cs
View File

@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Http;
using System.Threading.Tasks;
using Newtonsoft.Json;
using Core.Main;
using Core.Helper;
namespace Monitor.Pages
{
@ -16,19 +17,39 @@ namespace Monitor.Pages
base.PreInit();
}
public void OnPost(string password, string passwordConfirm)
public void OnPost(string OldPassword, string Password, string PasswordConfirm)
{
if (!password.Equals(passwordConfirm))
base.PreInit();
ValidationMessage = "Test";
string encryptedOldPassword = null;
if (OldPassword != null)
{
ValidationMessage = "Password does not match the confirmation!";
encryptedOldPassword = EncryptionHelper.Encrypt(OldPassword);
if (!Password.Equals(PasswordConfirm) || !encryptedOldPassword.Equals(PTMagicConfiguration.SecureSettings.MonitorPassword) && System.IO.File.Exists(System.IO.Directory.GetCurrentDirectory().Split("Monitor")[0] + "settings.secure.json"))
{
ValidationMessage = "Old Password wrong or new Password does not match with confirmation";
}
else if (ModelState.IsValid)
{
PTMagicConfiguration.WriteSecureSettings(Password);
ValidationMessage = "";
Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + "Login");
}
}
if (ModelState.IsValid)
else
{
base.PreInit();
PTMagicConfiguration.WriteSecureSettings(password);
Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + "Login");
if (!Password.Equals(PasswordConfirm) && !System.IO.File.Exists(System.IO.Directory.GetCurrentDirectory().Split("Monitor")[0] + "settings.secure.json"))
{
ValidationMessage = "New Password does not match with confirmation";
}
else if (ModelState.IsValid)
{
PTMagicConfiguration.WriteSecureSettings(Password);
ValidationMessage = "";
Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + "Login");
}
}
}