public void VerifyPassword_ComparingWrongPassword_ShouldNotBeEqual()
{
// Arrange
HashingSettings settings = new HashingSettings(HashingMethodType.SHA256);
HashingService hashingService = new HashingService(settings);
string username = "******";
string correctPassword = "******";
string wrongPassword = "******";
IHashedUser hashedUser = null;
bool passwordMatched = false;
// Act
hashedUser = hashingService.CreateHashedUser(username, correctPassword);
passwordMatched = hashingService.VerifyPassword(wrongPassword, hashedUser.Password, hashedUser.Salt);
Console.WriteLine("Original Correct Password: "******"Original Wrong Password: "******"Hashed Password: "******"Hashed Salt: " + hashedUser.Salt);
// Assert
Assert.IsFalse(passwordMatched);
}
public async Task <ActionResult <bool> > VerifyUser([FromBody] AuthUser authUser)
{
bool verifyUserSucceed;
AuthUser verifyUser = authUser;
AuthUser existingUser = new AuthUser();
HashingSettings settings = new HashingSettings(HashingMethodType.SHA256);
HashingService hashingService = new HashingService(settings);
var user = _context.Users.Where(x => x.Email == verifyUser.Email).FirstOrDefault();
if (user == null)
{
return(false);
}
using (SqlConnection con = new SqlConnection("Data Source=MSI\\SQLExpress;Initial Catalog=StreamingTinder;Integrated Security=SSPI;"))
{
using (SqlCommand cmd = new SqlCommand("select * from AuthUsers WHERE Email = @Email", con))
{
cmd.Parameters.AddWithValue("@Email", user.Email);
con.Open();
using (SqlDataReader reader = cmd.ExecuteReader())
{
if (reader.Read())
{
existingUser.Email = reader["Email"].ToString();
existingUser.Password = reader["Password"].ToString();
existingUser.Salt = reader["Salt"].ToString();
}
}
}
}
// Run hashing compare
verifyUserSucceed = hashingService.VerifyPassword(verifyUser.Password, existingUser.Password, existingUser.Salt);
return(verifyUserSucceed);
}
