public void TestGenerateSalt()
{
byte[] expectedSalt = Convert.FromBase64String(KnownSalt);
byte[] salt = PasswordHashing.GenerateSalt();
Assert.That(salt, Is.Not.EqualTo(expectedSalt));
}
public void TestHashDoesntMatch()
{
byte[] storedHash = Convert.FromBase64String(KnownHashAndSalt);
byte[] salt = PasswordHashing.GenerateSalt();
byte[] curHash = Convert.FromBase64String(PasswordHashing.EncodePassword(KnownPassword.ToSecureString(), salt));
Assert.That(PasswordHashing.HashesMatch(storedHash, curHash), Is.False);
}
public RegisterResponse Register(RegisterRequest request)
{
var LogExists = _campaignDbContext.Clients.Any(c => c.Login.Equals(request.Login));
var MailExists = _campaignDbContext.Clients.Any(c => c.Email.Equals(request.Email));
var PhoneNumExists = _campaignDbContext.Clients.Any(c => c.Phone.Equals(request.Phone));
if (LogExists || MailExists || PhoneNumExists)
{
throw new ClientExistsException("Such client is already exists");
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, request.Login),
new Claim(ClaimTypes.Name, request.LastName),
new Claim(ClaimTypes.Role, "Client"),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("faafsasfassdgdfger524312"));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Artem",
audience: "Clients",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var accessToken = new JwtSecurityTokenHandler().WriteToken(token);
var refreshToken = Guid.NewGuid();
var refreshT = refreshToken.ToString();
var salt = PasswordHashing.GenerateSalt();
var passwrd = PasswordHashing.Create(request.Password, salt);
var client = new Client()
{
FirstName = request.FirstName,
LastName = request.LastName,
Email = request.Email,
Phone = request.Phone,
Login = request.Login,
Password = passwrd,
RefreshToken = refreshT,
Salt = salt
};
_campaignDbContext.Add(client);
_campaignDbContext.SaveChanges();
return(new RegisterResponse
{
AccessToken = accessToken,
RefreshToken = refreshT
});
}
public void CreateUser(string email, string password, string displayname, string description)
{
string salt = PasswordHashing.GenerateSalt();
string hash = PasswordHashing.GeneratePasswordHash(password, salt);
UserDTO data = new UserDTO
{
Email = email,
Salt = salt,
PasswordHash = hash,
DisplayName = displayname,
Description = description
};
string sql = @"INSERT INTO user (Email, Salt, PasswordHash, DisplayName, Description)
VALUES(@Email, @Salt, @PasswordHash, @DisplayName, @Description);";
using (IDbConnection con = new MySqlConnection(GetConnectionString()))
{
con.Execute(sql, data);
}
}