public bool isPassedAuthorization(string login, string password)
{
try
{
using (SqlConnection sqlConnection = new SqlConnection(connectParametr))
using (SqlCommand sqlCommand = new SqlCommand())
{
sqlCommand.Connection = sqlConnection;
sqlConnection.Open();
String request = $"SELECT password, salt FROM Student WHERE IndexNumber = @login; "; // AND PASSWORD = @password";
sqlCommand.CommandText = request;
sqlCommand.Parameters.AddWithValue("login", login);
var dataReader = sqlCommand.ExecuteReader();
if (!dataReader.Read())
{
return(false);
}
string passwordInDataBase = dataReader["Password"].ToString();
string salt = dataReader["Salt"].ToString();
password = PasswordHashing.Create(password, salt);
return(password.Equals(passwordInDataBase));
/// sqlCommand.Parameters.AddWithValue("password", password);
}
}
catch (SqlException sqlException) {
return(false);
}
}
public RegisterResponse Register(RegisterRequest request)
{
var LogExists = _campaignDbContext.Clients.Any(c => c.Login.Equals(request.Login));
var MailExists = _campaignDbContext.Clients.Any(c => c.Email.Equals(request.Email));
var PhoneNumExists = _campaignDbContext.Clients.Any(c => c.Phone.Equals(request.Phone));
if (LogExists || MailExists || PhoneNumExists)
{
throw new ClientExistsException("Such client is already exists");
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, request.Login),
new Claim(ClaimTypes.Name, request.LastName),
new Claim(ClaimTypes.Role, "Client"),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("faafsasfassdgdfger524312"));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Artem",
audience: "Clients",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var accessToken = new JwtSecurityTokenHandler().WriteToken(token);
var refreshToken = Guid.NewGuid();
var refreshT = refreshToken.ToString();
var salt = PasswordHashing.GenerateSalt();
var passwrd = PasswordHashing.Create(request.Password, salt);
var client = new Client()
{
FirstName = request.FirstName,
LastName = request.LastName,
Email = request.Email,
Phone = request.Phone,
Login = request.Login,
Password = passwrd,
RefreshToken = refreshT,
Salt = salt
};
_campaignDbContext.Add(client);
_campaignDbContext.SaveChanges();
return(new RegisterResponse
{
AccessToken = accessToken,
RefreshToken = refreshT
});
}
public void Untampered_hash_matches_the_text()
{
// Arrange
var message = "passw0rd";
var salt = Salt.Create();
var hash = PasswordHashing.Create(message, salt);
// Act
var match = PasswordHashing.Validate(message, salt, hash);
// Assert
Assert.True(match);
}
public void Hash_of_two_different_messages_dont_match()
{
// Arrange
var message1 = "passw0rd";
var message2 = "password";
var salt = PasswordHashing.Create();
// Act
var hash1 = PasswordHashing.Create(message1, salt);
var hash2 = PasswordHashing.Create(message2, salt);
// Assert
Assert.True(hash1 != hash2);
}
public bool addAccount(RequestAccount account)
{
// try
// {
using (SqlConnection connection = new SqlConnection(connectParametr))
using (SqlCommand command = new SqlCommand()) {
command.Connection = connection;
connection.Open();
string salt = PasswordHashing.CreateSalt();
string hashingPassword = PasswordHashing.Create(account.Password, salt);
// salt and password
command.CommandText = @" INSERT INTO Student (IndexNumber, FirstName, LastName, BirthDate, IdEnrollment, Password, Salt) " +
" VALUES(@indexNumber, @firstName, @secondName, @birthDate, @idEnrollment, @hashingPassword, @salt); ";
command.Parameters.AddWithValue("indexNumber", account.Student.IndexNumber);
command.Parameters.AddWithValue("firstName", account.Student.FirstName);
command.Parameters.AddWithValue("secondName", account.Student.LastName);
command.Parameters.AddWithValue("birthDate", account.Student.BirthDate);
command.Parameters.AddWithValue("idEnrollment", account.Student.IdEnrollment);
command.Parameters.AddWithValue("hashingPassword", hashingPassword);
command.Parameters.AddWithValue("salt", salt);
if (command.ExecuteNonQuery() == 0)
{
return(false);
}
return(true);
}
// }
// catch (SqlException sqlException) {
// return false;
// }
//return true;
}