public bool ValidateLogin(string username, string password)
{
using (var db = new AuctionContext())
{
var hashedPW = HashingSHA256.ComputeHash(password);
return(db.Users.Any(u => u.Username == username && u.Password == hashedPW));
}
}
public bool UpdateUser(User newUser)
{
CoreValidator.ThrowIfNull(newUser, nameof(newUser));
CoreValidator.ThrowIfNull(newUser, nameof(newUser));
CoreValidator.ThrowIfNullOrEmpty(newUser.Username, nameof(newUser.Username));
CoreValidator.ThrowIfNullOrEmpty(newUser.Password, nameof(newUser.Password));
CoreValidator.ThrowIfNullOrEmpty(newUser.Name, nameof(newUser.Name));
CoreValidator.ThrowIfNullOrEmpty(newUser.Address, nameof(newUser.Address));
CoreValidator.ThrowIfNullOrEmpty(newUser.Email, nameof(newUser.Email));
CoreValidator.ThrowIfNullOrEmpty(newUser.Phone, nameof(newUser.Phone));
CoreValidator.SpecialThrowForCoinsIfValueIsNegativeOnly(newUser.Coins, nameof(newUser.Coins));
HashingSHA256.ValidateUserPassword(newUser.Password);
if (newUser.DateOfBirth > DateTime.Now.AddYears(-18))
{
throw new ArgumentException($"Date of birth is not valid, the customer must be adult.");
}
if (!ZipController.Instance().IsZipExisting(newUser.ZipId ?? 0))
{
throw new ArgumentException($"Zip id doesn't exist in the system.");
}
using (var db = new AuctionContext())
{
var dbUser = GetUserById(newUser.Id);
db.Users.Attach(dbUser);
dbUser.Address = newUser.Address;
dbUser.Coins = newUser.Coins;
dbUser.DateOfBirth = newUser.DateOfBirth;
dbUser.Email = newUser.Email;
dbUser.Gender = newUser.Gender;
dbUser.Name = newUser.Name;
if (newUser.Password != dbUser.Password)
{
dbUser.Password = HashingSHA256.ComputeHash(newUser.Password);
}
else
{
dbUser.Password = newUser.Password;
}
dbUser.Phone = newUser.Phone;
dbUser.Username = newUser.Username;
dbUser.ZipId = newUser.ZipId;
db.Entry(dbUser).State = System.Data.Entity.EntityState.Modified;
db.SaveChanges();
return(true);
}
}
/// <summary>
/// Checks if the Hashing method is supported.
/// Throw exception if an unsupported method is chosen.
/// Returns IHashingMethod if success.
/// </summary>
/// <param name="hashingMethod">HashingMethodType to check - returns the corresponding IHashingMethod.</param>
/// <returns></returns>
private IHashingMethod ViableHashingMethodCheck(HashingMethodType hashingMethod)
{
IHashingMethod method = null;
switch (hashingMethod)
{
case HashingMethodType.SHA256:
method = new HashingSHA256();
break;
default: throw new ArgumentException("Not a viable hashing method.", "hashingMethod");
}
return(method);
}
public void CreateUser(User user)
{
CoreValidator.ThrowIfNull(user, nameof(user));
CoreValidator.ThrowIfNullOrEmpty(user.Username, nameof(user.Username));
CoreValidator.ThrowIfNullOrEmpty(user.Password, nameof(user.Password));
CoreValidator.ThrowIfNullOrEmpty(user.Name, nameof(user.Name));
CoreValidator.ThrowIfNullOrEmpty(user.Address, nameof(user.Address));
CoreValidator.ThrowIfNullOrEmpty(user.Email, nameof(user.Email));
CoreValidator.ThrowIfNullOrEmpty(user.Phone, nameof(user.Phone));
CoreValidator.ThrowIfDateIsNotCorrect(user.DateOfBirth.ToString(), nameof(user.DateOfBirth));
CoreValidator.SpecialThrowForCoinsIfValueIsNegativeOnly(user.Coins, nameof(user.Coins));
HashingSHA256.ValidateUserPassword(user.Password);
var dateParsed = user.DateOfBirth;
if (dateParsed > DateTime.Now.AddYears(-18))
{
throw new ArgumentException($"Date of birth is not valid, the customer must be adult.");
}
if (!ZipController.Instance().IsZipExisting(user.ZipId ?? 0))
{
throw new ArgumentException($"Zip id doesn't exist in the system.");
}
using (var db = new AuctionContext())
{
var userNew = new User
{
Username = user.Username,
Password = HashingSHA256.ComputeHash(user.Password),
Name = user.Name,
Address = user.Address,
Email = user.Email,
Phone = user.Phone,
DateOfBirth = dateParsed,
Gender = user.Gender,
ZipId = user.ZipId,
Coins = user.Coins,
IsAdmin = false,
IsDeleted = false
};
db.Users.Add(userNew);
db.SaveChanges();
}
}
/// <summary>
/// Used to setup login functionality.
/// Takes LoginSettings as argument.
/// </summary>
/// <param name="settings">Settings used to setup login.</param>
public HashingService(HashingSettings settings)
{
this._settings = settings;
IHashingMethod method;
switch (settings.HashingMethod)
{
case HashingMethodType.SHA256:
method = new HashingSHA256(settings.NumberOfIterations);
break;
default: throw new ArgumentException("Not a viable hashing method.", "hashingMethod");
}
this._hashingMethod = method;
}
public static Response Create(string password)
{
Console.WriteLine();
Response res = new Response();
string passwordHashIncludeSalt = HashingSHA256.passwordHash(password);
string[] s = passwordHashIncludeSalt.Split(',');
string hashedPassword = s[0];
Console.WriteLine("hashed password:"******"salt:" + salt);
string encryptSalt = EncryptionAES.Encrypt(salt);
//byte[] saltBytes = Encoding.UTF8.GetBytes(salt);
//byte[] hashPasswordByte = Encoding.UTF8.GetBytes(hashedPassword);
// bool verify = hashing.verifyHash(pwd, hashedPassword);
//need to do asymmetric encryption to store the keys!
try
{
if (DatabaseConnection.conn != null)
{
//Console.WriteLine(DatabaseConnection.conn + "a1");
DatabaseConnection.conn.Open();
MySqlCommand comm = DatabaseConnection.conn.CreateCommand();
//Object usrObj = Data.userObj;
// comm.CommandText = " INSERT INTO user(username,email, passwordHash, salt)VALUES (@username, @email, @passwordHash, @salt)";
comm.CommandText = " INSERT INTO checking(passwordHash, salt)VALUES ( @passwordHash, @salt)";
comm.Parameters.AddWithValue("@passwordHash", encryptHashedPassword);
comm.Parameters.AddWithValue("@salt", encryptSalt);
//comm.Parameters.Add("@salt", MySqlDbType.VarBinary).Value = saltBytes;
comm.ExecuteNonQuery();
res.Success = true;
Console.WriteLine(res.Success);
}
}
catch (Exception e)
{
//Console.WriteLine(DatabaseConnection.conn + "b2");
Console.WriteLine(e);
res.Success = false;
res.Reason = e.Message;
}
finally
{
if (DatabaseConnection.conn != null)
{
//Console.WriteLine(DatabaseConnection.conn + "c3");
DatabaseConnection.conn.Close();
}
else
{
Console.WriteLine("dbconn is null");
}
}
Console.WriteLine("RESPONSE FROM DATABASE");
Console.WriteLine(res);
return(res);
}
public static Response Login(string password)
{
Response res = new Response();
Response resRetrieve = new Response();
int checkID = 1;
try
{
Console.WriteLine("HI IM IN LOGIN");
if (DatabaseConnection.conn != null)
{
DatabaseConnection.conn.Open();
MySqlCommand comm = DatabaseConnection.conn.CreateCommand();
comm.CommandText = "SELECT passwordHash, salt from checking WHERE checkID = @checkID";
comm.Parameters.AddWithValue("@checkID", checkID);
using (var reader = comm.ExecuteReader())
{
Console.WriteLine("Breakpoint X");
while (reader.Read())
{
Console.WriteLine("Breakpoint Y");
string encryptedCorrectPasswordHash = reader.GetString("passwordHash");
string correctPasswordHash = EncryptionAES.Decrypt(encryptedCorrectPasswordHash);
string encryptedSalt = reader.GetString("salt");
string salt = EncryptionAES.Decrypt(encryptedSalt);
Console.WriteLine("Correct password hash: " + correctPasswordHash);
Console.WriteLine("Salt: " + salt);
bool verifyHash = HashingSHA256.verifypasswordHash(password, salt, correctPasswordHash);
Console.WriteLine("Verifying hash: " + verifyHash);
if (verifyHash)
{
Console.Write("verified");
res.Success = true;
Console.WriteLine("Breakpoint Z1 == Login success!");
}
else
{
res.Success = false;
res.Reason = "Unmatch password";
Console.WriteLine("Breakpoint Z2: unmatch password");
}
}
}
Console.WriteLine("Breakpoint A");
DatabaseConnection.conn.Close();
Console.WriteLine("Breakpoint B");
}
}
catch (Exception e)
{
res.Success = false;
res.Reason = e.Message;
Console.WriteLine(e.Message);
Console.WriteLine("Breakpoint C");
}
finally
{
Console.WriteLine("Breakpoint D");
if (DatabaseConnection.conn != null)
{
Console.WriteLine("Breakpoint E: connection not null currently closing");
DatabaseConnection.conn.Close();
}
Console.WriteLine("Breakpoint F: connection closed");
}
Console.WriteLine(res.Success);
return(res);
}
