public User Authenticate(string userName, string password)
{
if ((String.IsNullOrWhiteSpace(userName)) || (String.IsNullOrWhiteSpace(password)))
{
return(null);
}
DbUser user;
using (var context = new RelayContext())
{
user = context.Users.SingleOrDefault(u => u.UserName == userName);
if (user == null)
{
return(null);
}
}
var passwordInformation = new PasswordInformation
{
Hash = user.Password,
Salt = user.Salt,
Iterations = user.Iterations
};
if (_passwordHash.ValidatePassword(Encoding.UTF8.GetBytes(password), passwordInformation))
{
return(new User()
{
UserName = user.UserName,
Id = user.Id,
CreationDate = user.CreationDate
});
}
return(null);
}
public bool Authenticate(string userName, string password, out Guid linkId)
{
linkId = Guid.Empty;
using (var context = new RelayContext())
{
byte[] passwordBytes;
try
{
passwordBytes = Convert.FromBase64String(password);
}
catch
{
return(false);
}
var link = context.Links.Where(p => p.UserName == userName).Select(p => new
{
p.Id,
p.Password,
p.Iterations,
p.Salt
}).FirstOrDefault();
if (link == null)
{
return(false);
}
var passwordInformation = new PasswordInformation
{
Hash = link.Password,
Iterations = link.Iterations,
Salt = link.Salt
};
var cacheKey = userName + "/" + password;
PasswordInformation previousInfo;
lock (_successfullyValidatedUsernamesAndPasswords)
{
_successfullyValidatedUsernamesAndPasswords.TryGetValue(cacheKey, out previousInfo);
}
// found in cache (NOTE: cache only contains successfully validated passwords to prevent DOS attacks!)
if (previousInfo != null)
{
if (previousInfo.Hash == passwordInformation.Hash &&
previousInfo.Iterations == passwordInformation.Iterations &&
previousInfo.Salt == passwordInformation.Salt)
{
linkId = link.Id;
return(true);
}
}
// ELSE: calculate and cache
if (!_passwordHash.ValidatePassword(passwordBytes, passwordInformation))
{
return(false);
}
lock (_successfullyValidatedUsernamesAndPasswords)
{
{
_successfullyValidatedUsernamesAndPasswords[cacheKey] = passwordInformation;
}
}
linkId = link.Id;
return(true);
}
}
public PasswordInformationTest()
{
_passwordInformation = null;
}
public void SetFields(PasswordInformation info)
{
if (!string.IsNullOrWhiteSpace(info.Hint))
{
_password.Placeholder = info.Hint;
}
_forgotPassword.IsVisible = info.HasRecovery;
_currentSalt = info.CurrentSalt;
_newSalt = info.NewSalt;
}
private static Task<ActivationResult> Register(Service service, string nationalNumber, string countryCode, string code, string firstName = null, string lastName = null)
{
return Task<ActivationResult>.Factory.StartNew(() =>
{
var result = Telegram.RegisterCode(service, GetSettingsTelegramSettings(nationalNumber), countryCode + nationalNumber,
GetSettingsCodeHash(nationalNumber), code, firstName, lastName, GetSettingsRegistered(nationalNumber));
if (result == null)
{
return new ActivationResult
{
Success = false,
ErrorMessage = Localize.GetString("TelegramCodeError")
};
}
if (result.Response != Telegram.CodeRegister.Type.Success)
{
string errorMessage = null;
var info = new PasswordInformation();
switch (result.Response)
{
case Telegram.CodeRegister.Type.NumberInvalid:
errorMessage = Localize.GetString("TelegramCodeNumberInvalid");
break;
case Telegram.CodeRegister.Type.CodeEmpty:
errorMessage = Localize.GetString("TelegramCodeInvalidMessage");
break;
case Telegram.CodeRegister.Type.CodeExpired:
errorMessage = Localize.GetString("TelegramCodeCodeExpired");
break;
case Telegram.CodeRegister.Type.CodeInvalid:
errorMessage = Localize.GetString("TelegramCodeCodeInvalid");
break;
case Telegram.CodeRegister.Type.FirstNameInvalid:
errorMessage = Localize.GetString("TelegramCodeFirstNameInvalid");
break;
case Telegram.CodeRegister.Type.LastNameInvalid:
errorMessage = Localize.GetString("TelegramCodeLastNameInvalid");
break;
case Telegram.CodeRegister.Type.PasswordNeeded:
info.CurrentSalt = result.CurrentSalt;
info.HasRecovery = result.HasRecovery;
info.Hint = result.Hint;
info.NewSalt = result.NewSalt;
break;
default:
errorMessage = Localize.GetString("TelegramCodeError");
break;
}
return new ActivationResult
{
Success = false,
ErrorMessage = errorMessage,
PasswordNeeded = result.Response == Telegram.CodeRegister.Type.PasswordNeeded,
PasswordInformation = info
};
}
return new ActivationResult
{
Success = true,
AccountId = result.AccountId,
};
});
}
