diff --git a/Composite/Core/WebClient/Captcha/CaptchaConfiguration.cs b/Composite/Core/WebClient/Captcha/CaptchaConfiguration.cs
index ac630c9367..6bdf07258b 100644
--- a/Composite/Core/WebClient/Captcha/CaptchaConfiguration.cs
+++ b/Composite/Core/WebClient/Captcha/CaptchaConfiguration.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
using System.IO;
using System.Xml;
using Composite.Core.Extensions;
@@ -9,59 +9,54 @@ namespace Composite.Core.WebClient.Captcha
internal static class CaptchaConfiguration
{
private static readonly string CaptchaConfigurationFilePath = @"App_Data\Composite\Configuration\Captcha.xml";
- private static readonly object _syncRoot = new object();
- private static string _password;
+ public static string Password { get; }
- public static string Password
+ static CaptchaConfiguration()
{
- get
- {
- if (_password != null) return _password;
-
- lock (_syncRoot)
- {
- if (_password != null) return _password;
+ string configurationFilePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, CaptchaConfigurationFilePath);
- string configurationFilePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, CaptchaConfigurationFilePath);
+ string password = null;
- if (C1File.Exists(configurationFilePath))
+ if (C1File.Exists(configurationFilePath))
+ {
+ var doc = new XmlDocument();
+ try
+ {
+ using (var sr = new C1StreamReader(configurationFilePath))
{
- var doc = new XmlDocument();
- try
- {
- using (var sr = new C1StreamReader(configurationFilePath))
- {
- doc.Load(sr);
- }
+ doc.Load(sr);
+ }
- var passwordNode = doc.SelectSingleNode("captcha/password");
- if (passwordNode != null && !string.IsNullOrEmpty(passwordNode.InnerText))
- {
- _password = passwordNode.InnerText;
- }
- }
- catch (Exception)
- {
- // Do nothing
- }
+ var passwordNode = doc.SelectSingleNode("captcha/password");
+ if (!string.IsNullOrEmpty(passwordNode?.InnerText))
+ {
+ password = passwordNode.InnerText;
+ }
+ }
+ catch (Exception)
+ {
+ // Do nothing
+ }
- if (_password != null) return _password;
+ if (password != null)
+ {
+ Password = password;
+ return;
+ }
- // Deleting configuration file
- C1File.Delete(configurationFilePath);
- }
+ // Deleting configuration file
+ C1File.Delete(configurationFilePath);
+ }
- _password = Guid.NewGuid().ToString();
+ password = Guid.NewGuid().ToString();
- string configFile = @" {0} ".FormatWith(_password);
+ string configFile = @" {0} ".FormatWith(password);
- C1File.WriteAllText(configurationFilePath, configFile);
+ C1File.WriteAllText(configurationFilePath, configFile);
- return _password;
- }
- }
+ Password = password;
}
}
}
diff --git a/Composite/Core/WebClient/Captcha/Encryption.cs b/Composite/Core/WebClient/Captcha/Encryption.cs
index dc0eded538..74b7c37748 100644
--- a/Composite/Core/WebClient/Captcha/Encryption.cs
+++ b/Composite/Core/WebClient/Captcha/Encryption.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
using System.Globalization;
using System.IO;
using System.Security.Cryptography;
@@ -16,19 +16,25 @@ internal static class Encryption
static Encryption()
{
- var md5 = MD5.Create();
-
string key = Environment.MachineName + CaptchaConfiguration.Password + HostingEnvironment.ApplicationPhysicalPath;
byte[] keyBytes = Encoding.UTF8.GetBytes(key);
- _encryptionKey = md5.ComputeHash(keyBytes);
+ using (var hashAlgorithm = MD5.Create())
+ {
+ _encryptionKey = hashAlgorithm.ComputeHash(keyBytes);
+ }
}
public static string Encrypt(string value)
{
Verify.ArgumentNotNullOrEmpty(value, nameof(value));
+ return ByteToHexString(RijndaelEncrypt(value));
+ }
+
+ private static byte[] RijndaelEncrypt(string value)
+ {
// Create a RijndaelManaged object
// with the specified key and IV.
using (var rima = new RijndaelManaged())
@@ -49,7 +55,7 @@ public static string Encrypt(string value)
swEncrypt.Write(value);
}
// Return the encrypted bytes from the memory stream.
- return ByteToHexString(msEncrypt.ToArray());
+ return msEncrypt.ToArray();
}
}
}
@@ -59,6 +65,11 @@ public static string Decrypt(string encryptedValue)
Verify.ArgumentNotNullOrEmpty(encryptedValue, nameof(encryptedValue));
byte[] encodedSequence = HexStringToByteArray(encryptedValue);
+ return RijndaelDecrypt(encodedSequence);
+ }
+
+ private static string RijndaelDecrypt(byte[] bytes)
+ {
using (var rima = new RijndaelManaged())
{
rima.Key = _encryptionKey;
@@ -68,7 +79,7 @@ public static string Decrypt(string encryptedValue)
ICryptoTransform decryptor = rima.CreateDecryptor();
// Create the streams used for decryption.
- using (var msDecrypt = new MemoryStream(encodedSequence))
+ using (var msDecrypt = new MemoryStream(bytes))
using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
using (var srDecrypt = new C1StreamReader(csDecrypt))
{