public async Task WhenCheckingPassword_CallPasswordEncryptionService()
{
const string someHashedPassword = "******";
var user = new User {
Username = SomeUsername, HashedPassword = someHashedPassword
};
_unitOfWorkFactory.GetUnitOfWork().Users.GetByUsernameAsync(SomeUsername)
.Returns(user);
_passwordHashingService.VerifyPassword(someHashedPassword, SomePassword)
.Returns(true);
var result = await _service.CheckPasswordAsync(SomeUsername, SomePassword);
result.Should().Be(user);
}
public async Task <User> CheckPasswordAsync(string username, string password)
{
using (var uow = _unitOfWorkFactory.CreateUnitOfWork())
{
var user = await uow.Users.GetByUsernameAsync(username);
if (user == null)
{
throw new UserNotFoundException();
}
if (user.HashedPassword == null)
{
throw new InvalidPasswordException();
}
var success = _passwordHashingService.VerifyPassword(user.HashedPassword, password);
if (!success)
{
throw new InvalidPasswordException();
}
return(user);
}
}
public async Task <AuthenticatedUser> AuthenticateAsync(string username, string password)
{
var user = await context.Users.FirstOrDefaultAsync(x => x.Username == username);
if (user == null)
{
logger.LogDebug($"Unable to find user {username}");
return(null);
}
var passwordMatches = passwordHashingService.VerifyPassword(password, user.PasswordHash);
if (!passwordMatches)
{
logger.LogDebug($"Password for {username} does not match");
return(null);
}
var token = tokenService.GetToken(user.Id.ToString(), user.Username);
return(new AuthenticatedUser(user, token));
}
