Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Question about Salt_Bytes
-
Re: Reset ProGet Admin Password via API
I've got code using the Native API which creates a user account and works wonders. But as I'm doing this programmatically I need to also generate a random password for the account, and set it. Seems pretty straightforward to do....but I'm unsure about what to do with the Salt_Bytes parameter available on the API. Any pointers would be outstanding.
-
Here's what I'm using currently, but it's complaining about Salt_Bytes. I'm fairly certain this is a PowerShell problem, but more eyes on it never hurt.
function Set-ProGetUserPassword { [Cmdletbinding()] Param( [Parameter(Mandatory)] [String] $Username, [Parameter(Mandatory)] [SecureString] $OldPassword, [Parameter(Mandatory)] [SecureString] $NewPassword ) begin { $confirm = Read-Host "Please re-enter your new password" -AsSecureString $identical = Compare-SecureString -SecureString1 $NewPassword -SecureString2 $confirm if(-not $identical){ Write-Error 'Passwords do not match!' break } } end { $unmanagedString = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword) $plainTextPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($unmanagedString) [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($unmanagedString) # Clean up $iterations = 10000 $saltLength = 10 $hashLength = 20 $rfc2898 = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($plainTextPassword, $saltLength, $iterations) $passwordBytes = $rfc2898.GetBytes($hashLength) $saltBytes = $rfc2898.Salt $base64Password = [System.Convert]::ToBase64String($passwordBytes) $body = @{ User_Name = $UserName Password_Bytes = $base64Password Salt_Bytes = $saltBytes } Write-Verbose ($body | ConvertTo-Json) $Params = @{ Slug = '/api/json/Users_SetPassword' Method = 'POST' Body = $body } Invoke-ProGet @Params } }
-
Hi @steviecoaster ,
I'm not really a PowerShell guru, but I think you'll want to do ...
$base64Salt= [System.Convert]::ToBase64String($saltBytes)... and then pass that in.
Hope that does it!
Alana
-
In my playing around yesterday, I did try to convert that to base64 and it still produced the same error. I'm very perplexed! For my use case I really need this functionality so I'm hopeful I can find a solution.
-
Sweet mother Mary, I got it! It was the content type. I was using
application/jsonand it wantedapplication/x-ww-form-urlencodedThis code works properly to set the password for a user:
function Set-ProGetUserPassword { [Cmdletbinding()] Param( [Parameter(Mandatory)] [String] $Username, [Parameter(Mandatory)] [SecureString] $OldPassword, [Parameter(Mandatory)] [SecureString] $NewPassword ) begin { $confirm = Read-Host "Please re-enter your new password" -AsSecureString $identical = Compare-SecureString -SecureString1 $NewPassword -SecureString2 $confirm if (-not $identical) { Write-Error 'Passwords do not match!' break } } end { $unmanagedString = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword) $plainTextPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($unmanagedString) [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($unmanagedString) # Clean up $iterations = 10000 $saltLength = 10 $hashLength = 20 $rfc2898 = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($plainTextPassword, $saltLength, $iterations) $passwordBytes = $rfc2898.GetBytes($hashLength) $saltBytes = $rfc2898.Salt $base64Password = [System.Convert]::ToBase64String($passwordBytes) $base64Salt = [System.Convert]::ToBase64String($saltBytes) $body = @{ User_Name = $Username Password_Bytes = $base64Password Salt_Bytes = $base64Salt } Write-Verbose $body $Params = @{ Slug = '/api/json/Users_SetPassword' Method = 'POST' Body = $body ContentType = 'application/x-www-form-urlencoded' } Invoke-ProGet @Params } }
-
@steviecoaster said in Question about Salt_Bytes:
Sweet mother Mary, I got it! It was the content type. I was using
application/jsonand it wantedapplication/x-ww-form-urlencodedThis code works properly to set the password for a user:
function Set-ProGetUserPassword { [Cmdletbinding()] Param( [Parameter(Mandatory)] [String] $Username, [Parameter(Mandatory)] [SecureString] $OldPassword, [Parameter(Mandatory)] [SecureString] $NewPassword ) begin { $confirm = Read-Host "Please re-enter your new password" -AsSecureString $identical = Compare-SecureString -SecureString1 $NewPassword -SecureString2 $confirm if (-not $identical) { Write-Error 'Passwords do not match!' break } } end { $unmanagedString = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword) $plainTextPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($unmanagedString) [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($unmanagedString) # Clean up $iterations = 10000 $saltLength = 10 $hashLength = 20 $rfc2898 = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($plainTextPassword, $saltLength, $iterations) $passwordBytes = $rfc2898.GetBytes($hashLength) $saltBytes = $rfc2898.Salt $base64Password = [System.Convert]::ToBase64String($passwordBytes) $base64Salt = [System.Convert]::ToBase64String($saltBytes) $body = @{ User_Name = $Username Password_Bytes = $base64Password Salt_Bytes = $base64Salt } Write-Verbose $body $Params = @{ Slug = '/api/json/Users_SetPassword' Method = 'POST' Body = $body ContentType = 'application/x-www-form-urlencoded' } Invoke-ProGet @Params } }Spoke to soon. This code functions and doesn't produce an error. However, the user cannot login with the credential set. More playing to do!
-
Hi @steviecoaster ,
The Native API can be a little finicky, especially since you can invoke with JSON, forum-encoded values, querystring, and I think even XML. But it sounds like you're on the right track.
Let me share the C# code that ProGet uses to set the password:
using (var rfc2898 = new Rfc2898DeriveBytes(password ?? string.Empty, 10, 10000, HashAlgorithmName.SHA1)) { var bytes = rfc2898.GetBytes(20); DB.Users_SetPassword(userName, bytes, rfc2898.Salt); }... it looks a little different than the code you're using, so hopefully that will help!
-- Dean
