public bool RetrieveToken(string id, out PasswordHash.HashInfo hashedToken, out string encryptedUserId, out byte[] userIdSalt, out DateTime issuedAt, out DateTime refreshed)
{
try
{
var sql = @"SELECT [id]
,[id_salt]
,[token_hash]
,[token_salt]
,[token_method]
,[token_iterations]
,[issued_at]
,[refreshed]
FROM [TokenStorage]
WHERE [id] = @id";
var results = dataConnection.Query<TokenStorageDb>(sql, new { id = id });
// get the first out of the result set and throw exception if there is more
var token = results.Single();
issuedAt = token.issued_at;
refreshed = token.refreshed;
hashedToken = new PasswordHash.HashInfo
{
Hash = token.token_hash,
Iterations = token.token_iterations,
Method = token.token_method,
Salt = token.token_salt
};
encryptedUserId = token.id;
userIdSalt = Convert.FromBase64String(token.id_salt);
return true;
}
catch (Exception ex)
{
logger.Error(ex);
}
// set all information on null or default
hashedToken = null;
encryptedUserId = null;
userIdSalt = null;
issuedAt = new DateTime();
refreshed = new DateTime();
return false;
}
public bool StoreToken(int userId, PasswordHash.HashInfo hashedToken, string encryptedUserId, byte[] userIdSalt, DateTime issuedAt)
{
logger.Debug("Store access token");
// cleanup table
var cleanUpSql = @"DELETE FROM [TokenStorage] WHERE user_id = @user_id";
var deleteResult = dataConnection.Execute(cleanUpSql, new { user_id = userId });
// store the actual token
var sql = @" INSERT INTO [TokenStorage]
([id]
,[id_salt]
,[token_hash]
,[token_salt]
,[token_method]
,[token_iterations]
,[issued_at]
,[refreshed]
,[user_id])
VALUES
(@id
,@id_salt
,@token_hash
,@token_salt
,@token_method
,@token_iterations
,@issued_at
,@refreshed
,@user_id)";
// maybe
var result = dataConnection.Execute(sql, new
{
id = encryptedUserId,
id_salt = Convert.ToBase64String(userIdSalt),
token_hash = hashedToken.Hash,
token_salt = hashedToken.Salt,
token_iterations = hashedToken.Iterations,
token_method = hashedToken.Method,
issued_at = issuedAt,
refreshed = issuedAt,
user_id = userId
});
logger.Debug("Store access token result: " + result);
return result == 1 ? true : false;
}
public void HashPasswordTest()
{
string orgPassword = "******";
var passwordHash = new PasswordHash();
var hashedPassword = passwordHash.CreateHash(orgPassword);
StringBuilder sb = new StringBuilder();
foreach(char c in hashedPassword.ToString()){
sb.Append(c);
}
var enteredPassword = sb.ToString();
var validateResult = passwordHash.ValidatePassword("org-password", hashedPassword.ToString());
Assert.AreEqual(hashedPassword.ToString(), enteredPassword);
Assert.IsTrue(validateResult);
PasswordHash.HashInfo hi = new PasswordHash.HashInfo(hashedPassword.ToString());
Assert.AreEqual("sha1", hi.Method);
Assert.AreEqual(PasswordHash.PBKDF2_ITERATIONS, hi.Iterations);
Assert.AreEqual(hashedPassword.ToString().Split(':')[0], hi.Method);
Assert.AreEqual(Int32.Parse(hashedPassword.ToString().Split(':')[1]), hi.Iterations);
Assert.AreEqual(hashedPassword.ToString().Split(':')[2], hi.Salt);
Assert.AreEqual(hashedPassword.ToString().Split(':')[3], hi.Hash);
hi.Dispose();
Assert.AreEqual(":0::", hi.ToString());
PasswordHash.HashInfo hi2 = new PasswordHash.HashInfo
{
Method = "sha1",
Iterations = 1000,
Salt = "salt",
Hash = "hash"
};
Assert.AreEqual("sha1:1000:salt:hash", hi2.ToString());
hi2.Dispose();
Assert.AreEqual(":0::", hi2.ToString());
}
