private static bool CheckPassword(string password, User usr)
{
if (string.IsNullOrEmpty(usr.Password))
{
return(true);
}
string hashedPassword = SaltHashing.ComputeSaltedHash(password, usr.Salt);
return(usr.Password == hashedPassword);
}
public async Task <User> Register(User user, string password)
{
byte[] passwordHash, passwordSalt;
//the out keyword will set value back into the variables
SaltHashing.CreatePasswordHash(password, out passwordHash, out passwordSalt);
//set user password values
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
//save user async
await _db.Users.AddAsync(user);
await _db.SaveChangesAsync();
//return user
return(user);
}
private static void EncodePasswordIfRequired(User usr)
{
if (!string.IsNullOrEmpty(usr.Password) && usr.Password[0] == '#')
{
usr.Salt = SaltHashing.CreateRandomSalt();
usr.Password = SaltHashing.ComputeSaltedHash(usr.Password.Substring(1), usr.Salt);
}
/*
* // encode password
* if (usr.IsNew)
* {
* usr.Salt = SaltHashing.CreateRandomSalt();
* usr.Password = SaltHashing.ComputeSaltedHash(usr.Password, usr.Salt);
* }
* //if not new User then get it from DB
* else
* {
* if (usr.Password == null || usr.Password.Length == 0)
* {
* // shorj: not really sure if this try/catch has to be exactly here
* try
* {
* User tmp = UserDao.FindById(usr.ID);
* if (tmp != null)
* {
* usr.Password = tmp.Password;
* usr.Salt = tmp.Salt;
* }
* return;
* }
* catch (Exception ex)
* {
* throw new LoadException(ex);
* }
* }
* else if (usr.Password[0] == '#')
* {
* usr.Salt = SaltHashing.CreateRandomSalt();
* usr.Password = SaltHashing.ComputeSaltedHash(usr.Password.Substring(1), usr.Salt);
* }
* }*/
}
public void SeedUsers()
{
var userData = System.IO.File.ReadAllText("Datas/UserSeedData.json");
var users = JsonConvert.DeserializeObject <List <User> >(userData);
foreach (var user in users)
{
byte[] passwordHash, passwordSalt;
SaltHashing.CreatePasswordHash("password", out passwordHash, out passwordSalt);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
user.Username = user.Username.ToLower();
_context.Users.Add(user);
}
_context.SaveChanges();
}
public LoginResult ChangePassword(string oldPassword, string newPassword)
{
LoginResult res = LoginResult.WrongLogin;
User usr = GetCurrentUser();
if (usr != null)
{
User dbUsr = _UserSvc.GetByLogin(usr.LoginName);
if (dbUsr != null)
{
if (!dbUsr.Active)
{
res = LoginResult.UserIsInactive;
}
else
{
string hashedPassword = SaltHashing.ComputeSaltedHash(oldPassword, usr.Salt);
if (string.IsNullOrEmpty(dbUsr.Password) || dbUsr.Password == hashedPassword)
{
if (string.IsNullOrEmpty(newPassword))
{
dbUsr.Password = "";
}
else
{
dbUsr.Password = '******' + newPassword;
}
dbUsr.ShouldChangePassword = false;
_UserSvc.Save(dbUsr);
res = LoginResult.Successful;
}
else
{
res = LoginResult.WrongPassword;
}
}
}
}
return(res);
}
