public bool VerifySecret(string key, string presentedSecret, ApiClientSecret actualSecret)
{
if (!_next.VerifySecret(key, presentedSecret, actualSecret))
{
_logger.Warn(
$"Unable to decode the secret for vendor \"{key}\" using the secret verifier \"{_next.GetType().Name}\". You may need to reset the secret for this vendor.");
return(false);
}
var hashAlgorithm = _hashConfiguration.GetAlgorithmHashCode();
if (actualSecret.IsHashed)
{
var packedHash = _packedHashConverter.GetPackedHash(actualSecret.Secret);
if (packedHash.HashAlgorithm == hashAlgorithm &&
packedHash.Iterations == _hashConfiguration.Iterations &&
packedHash.Salt.Length == _hashConfiguration.GetSaltSizeInBytes())
{
return(true);
}
}
actualSecret.Secret = _securePackedHashProvider.ComputePackedHashString(
presentedSecret,
hashAlgorithm,
_hashConfiguration.Iterations,
_hashConfiguration.GetSaltSizeInBytes());
actualSecret.IsHashed = true;
_apiClientSecretProvider.SetSecret(key, actualSecret);
return(true);
}
public virtual void Should_not_save_new_password()
{
A.CallTo(() => _apiClientSecretProvider.SetSecret(Key, _apiClientSecret)).MustNotHaveHappened();
}
public void Should_persist_the_packedhash()
{
A.CallTo(() => _apiClientSecretProvider.SetSecret(A <string> .That.IsNotNull(), A <ApiClientSecret> .That.IsEqualTo(_apiClientSecret)));
}
public virtual void Should_save_new_secret()
{
A.CallTo(() => _apiClientSecretProvider.SetSecret(Key, _apiClientSecret)).MustHaveHappenedOnceExactly();
}