public async Task CreateUser(User user) { using (var connection = new MySqlConnection(ConnectionString)) { await connection.OpenAsync(); var checkQuery = "SELECT 1 FROM users WHERE Username = @Username and Password = @Password"; var query = "INSERT INTO users (`Username`,`Password`,`Firstname`,`Lastname`)" + "VALUES (@Username,@Password,@Firstname,@Lastname);"; var passHash = PasswordHash.Generate(user.Password); var pass = Encoding.UTF8.GetString(passHash.Hash); var command = new MySqlCommand(checkQuery, connection); command.Parameters.AddWithValue("@Username", user.Username); command.Parameters.AddWithValue("@Password", pass); var res = await command.ExecuteScalarAsync(); if (res != null) { throw new ObjectAlreadyExistsException("User with the same details already exits"); } command.CommandText = query; await command.ExecuteNonQueryAsync(); } }
public async Task <IActionResult> SignUp(SignUpRequest request) { var cancellation = HttpContext.RequestAborted; var user = new UserEntity { Username = request.Username, Email = request.Email, PasswordHash = PasswordHash.Generate(request.Password), Profile = new ProfileEntity() }; try { await _dbContext.Users.AddAsync(user, cancellation); await _dbContext.SaveChangesAsync(cancellation); } // TODO: better handling for exceptions on duplicate usernames/emails (as mandated by indexes) catch (Exception ex) { return(Problem( statusCode: 400, title: "Error", detail: ex.Message )); } return(CreatedAtAction(nameof(SignIn), null)); }
public AuthUserBuilder WithPasswordHash(string plaintextPassword) { if (_id is null || _username is null) { throw new InvalidOperationException("The id and username should be set (and not changed)"); } return(WithPasswordHash(PasswordHash.Generate(plaintextPassword, _id, _username))); }
private AuthUser BuildTestAuthUser(long id, string name, params Role[] roles) { var userId = new UserId(id); var username = new Username(name); var hash = PasswordHash.Generate("admin", userId, username); var email = new Email($"{username}@example.com"); return(new AuthUser(userId, username, hash, email, Clock.UtcNow(), roles.Select(r => r.Id))); }
public void ValidatePassword() { var userId = Guid.NewGuid().ToString(); const string password = "******"; const string secretKey = "$2a$06$DCq7YPn5Rq63x1Lad4cll."; var passwordHash = new PasswordHash(); var hash = passwordHash.Generate(userId, password, secretKey); passwordHash.Validate(hash, userId, password, secretKey).Should().BeTrue(); }
public AuthUser CreateAuthUser(IIdPool idPool, Role pendingRegistrationRole, string?name, string?email, string?plaintextPassword) { if (pendingRegistrationRole.Rolename != Role.PENDING_REGISTRATION_ROLENAME) { throw new ArgumentException("You're supposed to add the pending registration role.", nameof(pendingRegistrationRole)); } var nextUserId = new UserId(idPool.NextForUser()); var username = new Username(name); var passwordHash = PasswordHash.Generate(plaintextPassword, nextUserId, username); return(new AuthUser(nextUserId, username, passwordHash, new Email(email), _clock.UtcNow(), new[] { pendingRegistrationRole.Id })); }
public async Task RegisterNewUser(RegisterModel newUser) { Users user = _mapper.Map <Users>(newUser); if (!_unitOfWork.Users.FindEmail(user.Email)) { user.Password = PasswordHash.Generate(user.Password); _unitOfWork.Users.Insert(user); await _unitOfWork.Users.AddAccounts(user); await _unitOfWork.Complete(); } else { throw new CustomException(400, "Usuario ya registrado"); } }
private void AddAuthUser(long id, string name, params long[] roleIds) { if (id >= UserDatabase.START_FOR_NEXT_IDS) { throw new InvalidOperationException("START_FOR_NEXT_IDS too low!"); } var hash = PasswordHash.Generate("admin", new UserId(id), new Username(name)).ToStorage(); var now = SystemClock.Instance.UtcNow(); AuthUsersTable.Add(new DbAuthUser { Id = id, Username = name, PasswordHash = hash, Email = $"{name}@example.com", CreatedAt = now }); foreach (long roleId in roleIds) { AuthUserRolesTable.Add(new DbAuthUserRole { UserId = id, RoleId = roleId }); } }