public LoginResult Login(Login loginUser) { var user = _userRepository.SingleOrDefault(c => c.UserName == loginUser.UserName); if (user == null) { return new LoginResult() { Success = false, ErrorMessage = "Wrong login" } } ; bool valid = SaltedHashGenerator.VerifyHash(user.Password, loginUser.Password, user.Salt); return(new LoginResult() { User = valid ? new UserDetails() { UserId = user.UserId, UserName = user.UserName } : null, ErrorMessage = valid ? null : "Wrong password", Success = valid }); }
public LoginResult Add(Login loginUser) { if (_userRepository.SingleOrDefault(c => c.UserName == loginUser.UserName) != null) { return new LoginResult() { Success = false, ErrorMessage = "There is a userDetails with the same login" } } ; var salt = SaltedHashGenerator.GenerateSalt(); var newUser = _userRepository.Add(new Domain.User { UserName = loginUser.UserName, Password = SaltedHashGenerator.GenerateSaltedHash(loginUser.Password, salt), Salt = salt, Account = new Account() }); _userRepository.SaveChanges(); return(new LoginResult() { Success = true, User = new UserDetails() { UserId = newUser.UserId, UserName = newUser.UserName, Balance = newUser.Account.Balance } }); }
public bool Add(User user, UserCredentials userCredentials) { if (userCredentials.Password == null || userCredentials.Email == null) { throw new IncorrectDataException("Data not correct"); } if (_userCredentialsRepository.CheckByEmail(userCredentials.Email)) { throw new IncorrectDataException("Email booked"); } if (userCredentials.Role == null) { userCredentials.Role = "User"; } userCredentials.RegistrationDate = DateTime.Now; userCredentials.Password = SaltedHashGenerator.GenerateHash(userCredentials.Password, userCredentials.Email); try { _userRepository.Add(user, userCredentials); return(true); } catch (DbEntityValidationException ex) { throw new IncorrectDataException(DbEntityValidationExceptioErrorMessages.ErrorMessages(ex)); } }
/// <summary> /// Actually generates the AuthUser. /// NOTE: this second, internal static method exists to make testing easier, /// while the public instance method must be present to implement interface. /// </summary> /// <param name="username"></param> /// <param name="generatePassword"></param> /// <param name="password"></param> /// <param name="userRoleId"></param> /// <returns>Returns a new AuthUser.</returns> internal static AuthUser DoGenerateAuthUser(string username, bool generatePassword, string password, int userRoleId) { if (generatePassword) { return(DoGenerateAuthUser(username, userRoleId)); } ValidatePasswordStrength(password); var sh = new SaltedHashGenerator(password); return(DoGenerateAuthUser(username, sh.SaltedHash, sh.Salt, userRoleId)); }
/// <summary> /// Updates a user's password. /// </summary> /// <param name="user"></param> /// <param name="password"></param> /// <returns>Returns true unless an error occurs.</returns> public bool UpdatePassword(AuthUser user, string password) { ThrowIfNull(user); if (!user.IsEditable) { throw new ValidationException("This is a protected user and cannot be edited."); } ValidatePasswordStrength(password); var sh = new SaltedHashGenerator(password); user.Password = sh.SaltedHash; user.Salt = sh.Salt; Context.SetEntityState(user, EntityState.Modified); Context.SaveChanges(); return(true); }
private static AuthToken CreateTokenRecord(int userId, int authClientId, Guid g, DateTime issuedUtc, int tokenMinutes, string jwt) { var sh = new SaltedHashGenerator(g.ToString()); return(new AuthToken { IdentifierKey = sh.SaltedHash, Salt = sh.Salt, Id = userId, AuthClientId = authClientId, AuthUserId = userId, IssuedUtc = issuedUtc, ExpiresUtc = issuedUtc.AddMinutes(tokenMinutes), Token = jwt }); }
public bool EditPassword(int id, string newPassword, string oldPassword) { try { UserCredentials userCredentials = _userCredentialsRepository.GetById(id); string oldP = SaltedHashGenerator.GenerateHash(oldPassword, userCredentials.Email); if (oldP != userCredentials.Password) { throw new IncorrectDataException("Passwords do not match"); } _userCredentialsRepository.EditPassword(id, newPassword); return(true); } catch (DbEntityValidationException ex) { throw new IncorrectDataException(DbEntityValidationExceptioErrorMessages.ErrorMessages(ex)); } }
public void Login_ReturnsFailure_WhenPasswordIsWrong() { var salt = SaltedHashGenerator.GenerateSalt(); var user = new User { UserId = 1, UserName = "******", Password = SaltedHashGenerator.GenerateSaltedHash("24041998", salt), Salt = salt }; var loginUser = new Login() { UserName = "******", Password = "******" }; _userRepository .Setup(c => c.SingleOrDefault(It.IsAny <Expression <Func <User, bool> > >())) .Returns(user); var userService = new UserService(_userRepository.Object); Assert.IsFalse(userService.Login(loginUser).Success); }
public UserCredentials GetByEmailAndPassword(string email, string password) { string hashPassword = SaltedHashGenerator.GenerateHash(password, email); return(_userCredentialsRepository.GetByEmailAndPassword(email, hashPassword)); }