Do not return password form Enterprise Service Methods

WebsitePanel/Sources/WebsitePanel.WebPortal/Code/PortalUtils.cs

@@ -43,6 +43,7 @@ using System.Web.Security;
 using System.Web.UI.WebControls;
 using System.Net;
 using System.Net.Mail;
+using System.Security.Cryptography;
 
 using Microsoft.Web.Services3;
 using WebsitePanel.EnterpriseServer;
@@ -336,15 +337,30 @@ namespace WebsitePanel.Portal
             return DefaultPage.GetLocalizedPageName(pageId);
         }
 
+        public static string SHA1(string plainText)
+        {
+            // Convert plain text into a byte array.
+            byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
+
+            HashAlgorithm hash = new SHA1Managed(); ;
+
+            // Compute hash value of our plain text with appended salt.
+            byte[] hashBytes = hash.ComputeHash(plainTextBytes);
+
+            // Return the result.
+            return Convert.ToBase64String(hashBytes);
+        }
         public static int AuthenticateUser(string username, string password, string ipAddress,
             bool rememberLogin, string preferredLocale, string theme)
         {
             esAuthentication authService = new esAuthentication();
             ConfigureEnterpriseServerProxy(authService, false);
 
+            string passwordSH = SHA1(password);
+
             try
             {
-                int authResult = authService.AuthenticateUser(username, password, ipAddress);
+                int authResult = authService.AuthenticateUser(username, passwordSH, ipAddress);
 
                 if (authResult < 0)
                 {
@@ -352,13 +368,13 @@ namespace WebsitePanel.Portal
                 }
                 else
                 {
-                    UserInfo user = authService.GetUserByUsernamePassword(username, password, ipAddress);
+                    UserInfo user = authService.GetUserByUsernamePassword(username, passwordSH, ipAddress);
                     if (user != null)
                     {
                         if (IsRoleAllowedToLogin(user.Role))
                         {
                             // issue authentication ticket
-                            FormsAuthenticationTicket ticket = CreateAuthTicket(user.Username, user.Password, user.Role, rememberLogin);
+                            FormsAuthenticationTicket ticket = CreateAuthTicket(user.Username, password, user.Role, rememberLogin);
                             SetAuthTicket(ticket, rememberLogin);
 
                             CompleteUserLogin(username, rememberLogin, preferredLocale, theme);
@@ -513,7 +529,7 @@ namespace WebsitePanel.Portal
             }
         }
 
-        public static int AddUserAccount(List<string> log, UserInfo user, bool sendLetter)
+        public static int AddUserAccount(List<string> log, UserInfo user, bool sendLetter, string password)
         {
             esUsers usersService = new esUsers();
             ConfigureEnterpriseServerProxy(usersService, true);
@@ -521,7 +537,7 @@ namespace WebsitePanel.Portal
             try
             {
                 // add user to WebsitePanel server
-                return usersService.AddUser(user, sendLetter);
+                return usersService.AddUser(user, sendLetter, password);
             }
             catch (Exception ex)
             {

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Code/Helpers/UsersHelper.cs

@@ -210,10 +210,10 @@ namespace WebsitePanel.Portal
             return dsUsers;
         }
 
-        public static int AddUser(List<string> log, int portalId, UserInfo user, bool sendLetter)
+        public static int AddUser(List<string> log, int portalId, UserInfo user, bool sendLetter, string password)
         {
             // add user to WebsitePanel server
-            return ES.Services.Users.AddUser(user, sendLetter);
+            return ES.Services.Users.AddUser(user, sendLetter, password);
         }
 
         public static void AddUserVLan(int userId, UserVlan vLan)

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/PeersEditPeer.ascx.cs

@@ -195,7 +195,7 @@ namespace WebsitePanel.Portal
                 user.SecondaryEmail = txtSecondaryEmail.Text;
                 user.HtmlMail = ddlMailFormat.SelectedIndex == 1;
                 user.Username = txtUsername.Text;
-                user.Password = userPassword.Password;
+//                user.Password = userPassword.Password;
                 user.IsDemo = chkDemo.Checked;
                 
                 user.LoginStatusId = loginStatus.SelectedIndex;
@@ -220,7 +220,7 @@ namespace WebsitePanel.Portal
                     try
                     {
                         //int userId = UsersHelper.AddUser(log, PortalId, user);
-                        int userId = PortalUtils.AddUserAccount(log, user, false);
+                        int userId = PortalUtils.AddUserAccount(log, user, false, userPassword.Password);
 
                         if (userId < 0)
                         {

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserCreateUserAccount.ascx.cs

@@ -103,7 +103,7 @@ namespace WebsitePanel.Portal
             user.SecondaryEmail = txtSecondaryEmail.Text;
             user.HtmlMail = ddlMailFormat.SelectedIndex == 1;
             user.Username  = txtUsername.Text.Trim();
-            user.Password = userPassword.Password;
+//            user.Password = userPassword.Password;
 
             // contact info
 			user.CompanyName = contact.CompanyName;
@@ -123,7 +123,7 @@ namespace WebsitePanel.Portal
             try
             {
                 //int userId = UsersHelper.AddUser(log, PortalId, user);
-                int userId = PortalUtils.AddUserAccount(log, user, chkAccountLetter.Checked);
+                int userId = PortalUtils.AddUserAccount(log, user, chkAccountLetter.Checked, userPassword.Password);
 
                 if (userId == BusinessErrorCodes.ERROR_INVALID_USER_NAME)
                 {