Example #1
0
        /// <summary>
        /// Reads a password from a database.
        /// </summary>
        /// <param name="userEmail">A useremail/login for which a password is read.</param>
        /// <returns>Returns a password read from a database.</returns>
        public byte[] ReadUserPasswordFromDatabase(string userEmail)
        {
            SqlCommand command = new SqlCommand($"SELECT [UserPassword] FROM [dbo].[tblUsersWithAccessToLicensesData] WHERE [UserEmail]=@UserEmail");

            command.Parameters.AddWithValue("@UserEmail", userEmail);
            object result = resultOfQuery(command, (cmd) => cmd.ExecuteScalar());

            return(result is string?HashedPassword.RemoveSeparators((string)result) : null);
        }
        /// <summary>
        /// Checks if a password given by user is the same as keeped in a storage.
        /// </summary>
        /// <returns>Returns true if passwords are the same and false if not.</returns>
        private bool checkAuthorization()
        {
            HashedPassword passHash = null;

            byte[] HashedPasswordFromStorage = this?.getUserHashedPasswordFromStorage();
            if (HashedPasswordFromStorage != null)
            {
                passHash = new HashedPassword(HashedPasswordFromStorage);
                return(passHash.Verify(userPasswordToCheck));
            }

            return(false);
        }
Example #3
0
        /// <summary>
        /// Saves a new user into database.
        /// </summary>
        /// <param name="userEmail">A users email/login.</param>
        /// <param name="userPassword">A users password.</param>
        /// <returns>Returns 1 if user is saved correctly.</returns>
        public int SaveNewUserIntoDatabase(string userEmail, string userPassword)
        {
            HashedPassword userHashedPassword = new HashedPassword(userPassword);
            string         password           = userHashedPassword.ToString("|");
            string         command            =
                $@"IF NOT EXISTS (SELECT [UserEmail] FROM [dbo].[tblUsersWithAccessToLicensesData] WHERE [UserEmail]=@UserEmail)
                        BEGIN
                            INSERT INTO [dbo].[tblUsersWithAccessToLicensesData] VALUES (@UserEmail, @Password)                            
                        END";

            SqlCommand sqlCommand = new SqlCommand(command);

            sqlCommand.Parameters.AddWithValue("@UserEmail", userEmail);
            sqlCommand.Parameters.AddWithValue("@Password", userPassword);
            return((int)resultOfQuery(sqlCommand, (cmd) => cmd.ExecuteNonQuery()));
        }