Ejemplo n.º 1
0
        public ObjectId ValidateLoginAttempt(string username, byte[] enteredPassword)
        {
            User user = Database.Instance.userCollection.FindOneAs <User>(Query.EQ("username", username));

            if (user != null)
            {
                byte[] saltedHash = Authorize.GenerateSaltedHash(enteredPassword, user.password.salt);

                if (Authorize.IsValidHash(saltedHash, user.password.hash))
                {
                    return(user.id);
                }
                else
                {
                    return(ObjectId.Empty);
                }
            }
            else
            {
                return(ObjectId.Empty);
            }
        }
Ejemplo n.º 2
0
        public bool ChangePassword(byte[] newPassword)
        {
            byte[] saltedHash = Authorize.GenerateSaltedHash(newPassword, password.salt);
            if (Authorize.IsValidHash(saltedHash, password.hash))
            {
                return(false);
            }
            foreach (Password prevPass in previousPasswords)
            {
                saltedHash = Authorize.GenerateSaltedHash(newPassword, prevPass.salt);
                if (Authorize.IsValidHash(saltedHash, prevPass.hash))
                {
                    return(false);
                }
            }
            byte[] salt = Authorize.GenerateSalt();
            saltedHash = Authorize.GenerateSaltedHash(newPassword, salt);
            Password newPass = new Password(saltedHash, salt);

            previousPasswords.Add(this.password);
            this.password = newPass;

            return(true);
        }