public void VerifyPassword_ComparingWrongPassword_ShouldNotBeEqual()
        {
            // Arrange
            HashingSettings settings       = new HashingSettings(HashingMethodType.SHA256);
            HashingService  hashingService = new HashingService(settings);

            string      username        = "******";
            string      correctPassword = "******";
            string      wrongPassword   = "******";
            IHashedUser hashedUser      = null;
            bool        passwordMatched = false;

            // Act
            hashedUser = hashingService.CreateHashedUser(username, correctPassword);

            passwordMatched = hashingService.VerifyPassword(wrongPassword, hashedUser.Password, hashedUser.Salt);

            Console.WriteLine("Original Correct Password: "******"Original Wrong Password: "******"Hashed Password: "******"Hashed Salt: " + hashedUser.Salt);

            // Assert
            Assert.IsFalse(passwordMatched);
        }
Example #2
0
        public async Task <ActionResult <bool> > VerifyUser([FromBody] AuthUser authUser)
        {
            bool            verifyUserSucceed;
            AuthUser        verifyUser     = authUser;
            AuthUser        existingUser   = new AuthUser();
            HashingSettings settings       = new HashingSettings(HashingMethodType.SHA256);
            HashingService  hashingService = new HashingService(settings);

            var user = _context.Users.Where(x => x.Email == verifyUser.Email).FirstOrDefault();

            if (user == null)
            {
                return(false);
            }


            using (SqlConnection con = new SqlConnection("Data Source=MSI\\SQLExpress;Initial Catalog=StreamingTinder;Integrated Security=SSPI;"))
            {
                using (SqlCommand cmd = new SqlCommand("select * from AuthUsers WHERE Email = @Email", con))
                {
                    cmd.Parameters.AddWithValue("@Email", user.Email);
                    con.Open();

                    using (SqlDataReader reader = cmd.ExecuteReader())
                    {
                        if (reader.Read())
                        {
                            existingUser.Email    = reader["Email"].ToString();
                            existingUser.Password = reader["Password"].ToString();
                            existingUser.Salt     = reader["Salt"].ToString();
                        }
                    }
                }
            }

            // Run hashing compare
            verifyUserSucceed = hashingService.VerifyPassword(verifyUser.Password, existingUser.Password, existingUser.Salt);



            return(verifyUserSucceed);
        }