public ActionResult <InitResponse> DoSignup([FromBody] CredentialCreateDto credentialCreateDto)
{
/* Checks if the request body respects the Template Decorators of the CredentialCreateDto Objects */
if (!ModelState.IsValid)
{
return(BadRequest());
}
/* Checks if there's present a user with the same username */
if (_vaultDbContext.Credentials.Any(credential => credential.Username.Equals(credentialCreateDto.Username)))
{
return(Unauthorized()); //401
}
// Creates a Credential object
Credential credential = new Credential
{
// Sets the passed Username
Username = credentialCreateDto.Username,
// Sets the passed Password - Sha256(<passed_password>+salt) - OBSOLETE AND INSECURE!
//Password = CryptoHelper.ComputeSha256Hash(credentialCreateDto.Password.PadLeft(32, '*') + _configuration.GetSection("NCLVaultConfiguration").GetValue(typeof(string), "PASSWORD_SALT"))
Password = PBKDF2Provider.Generate(credentialCreateDto.Password.PadLeft(32, '*'))
};
// Adds the element to Credential table and save
_vaultDbContext.Credentials.Add(credential);
_vaultDbContext.SaveChanges();
// Returns the stored Credential
return(Ok(new InitResponse {
Username = credential.Username
}));
}
public void T2_001_HashAndVerify()
{
string STRING_HashedString = PBKDF2Provider.Generate("!//Lab2020");
Assert.IsTrue(PBKDF2Provider.IsValid("!//Lab2020", STRING_HashedString));
}
