/// <summary>
/// Creates a new user based off information passed. Throws an error if the provided username is already in use on the machine.
/// </summary>
/// <param name="username">Username of new user.</param>
/// <param name="password">Password of new user, plaintext, will be hashed and salted here.</param>
/// <returns>New <see cref="User"/> object representing user now existing in DB.</returns>
public static User CreateNewUser(string username, string password)
{
string documentName = "ExpenseTracker" + username;
string salt = PasswordUtility.GenerateSalt(password.Length);
string secret = PasswordUtility.GenerateSecret();
string hashedPassword = PasswordUtility.HashPassword(PasswordUtility.SaltPassword(password, salt));
string connString = CreateConnectionString();
if (!UserTableExists)
{
CreateUserTable();
}
using (SqliteConnection db = new SqliteConnection(connString))
{
db.Open();
using (SqliteCommand cmd = db.CreateCommand())
{
cmd.CommandText = string.Format("INSERT INTO {0} (Username, Password, Secret, Document, Salt) VALUES (@username, @password, @secret, @document, @salt);", UserTableName);
cmd.Parameters.Add(new SqliteParameter("@username", username));
cmd.Parameters.Add(new SqliteParameter("@password", hashedPassword));
cmd.Parameters.Add(new SqliteParameter("@secret", secret));
cmd.Parameters.Add(new SqliteParameter("@document", documentName));
cmd.Parameters.Add(new SqliteParameter("@salt", salt));
cmd.Prepare();
cmd.ExecuteNonQuery();
}
}
return(new User(username, hashedPassword, secret, documentName, salt));
}
/// <summary>
/// Returns true if the credentials passed match the user.
/// </summary>
/// <param name="username">username of the user.</param>
/// <param name="password">password of the user in plaintext, will be salted and hashed here.</param>
/// <returns>True if the user does indeed match these credentials, false otherwise.</returns>
public bool VerifyUser(string username, string password)
{
return(username.Equals(this.Username) && PasswordUtility.VerifyPassword(this.PasswordHash, password, this.Salt));
}