public void HashAndVerifyPassowrd_ShouldVerify(string password)
{
//
var hash = HashingUtil.HashPasswordWithSalt(password);
var verifyIsTrue = HashingUtil.VerifyPassword(password, hash);
Assert.IsTrue(verifyIsTrue);
}
public void ChangePassword(int userId, string oldPassword, string newPassword)
{
using (var transaction = new TransactionScope())
{
var user = usersDao.SelectByID(userId);
if (user == null)
{
throw new EntityNotFoundException($"User with ID {userId} was not found", typeof(User));
}
if (!HashingUtil.VerifyPassword(oldPassword, user.Password))
{
throw new ValidationFailedException(new ValidationInfo(new ErrorMessage[] { Errors.InvalidPassword() }));
}
user.Password = HashingUtil.HashPasswordWithSalt(newPassword);
usersDao.UpdateUser(user);
transaction.Complete();
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
var userSelector = new UsersDao();
//var userData = (User) userSelector.SelectOneRow(context.UserName, context.Password);
var userData = (User)userSelector.SelectByEmail(context.UserName);
if (userData != null && userData.Password != null && HashingUtil.VerifyPassword(context.Password, userData.Password))
{
//identity.AddClaim(new Claim(ClaimTypes.
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userData.UserId.ToString()));
identity.AddClaim(new Claim(ClaimTypes.Name, userData.Email));
context.Validated(identity);
}
else
{
context.SetError("invalid_grant", "Provided username and password is incorrect");
context.Rejected();
}
}
