public LoginResult Login(string email, string passwordHash)
{
var user = _repository.Find <IUser>(u => u.Email.Equals(email));
if (user == null)
{
return(LoginResult.FailResult("No user with that email exists"));
}
string savedPasswordHash = user.Password;
/* Extract the bytes */
byte[] hashBytes = Convert.FromBase64String(savedPasswordHash);
/* Get the salt */
byte[] salt = new byte[16];
Array.Copy(hashBytes, 0, salt, 0, 16);
/* Compute the hash on the password the user entered */
var pbkdf2 = new Rfc2898DeriveBytes(passwordHash, salt, 10000);
byte[] hash = pbkdf2.GetBytes(20);
/* Compare the results */
for (int i = 0; i < 20; i++)
{
if (hashBytes[i + 16] != hash[i])
{
return(LoginResult.FailResult("Incorrect password"));
}
}
return(LoginResult.SuccessResult(_tokenProvider.NewToken(user)));
}
public LoginResult Register(string email, string password, DateTime dateOfBirth, string fullName)
{
if (!IsValidPassword(password))
{
return(LoginResult.FailResult("Invalid Password (Must: contain 1 uppercase, contain 1 number and be 8-15 characters long)"));
}
string savedPasswordHash = HashPassword(password);
var user = _entityFactory.NewUser;
user.Email = email;
user.FullName = fullName;
user.Password = savedPasswordHash;
user.DateOfBirth = dateOfBirth;
var validationError = user.ValidationErrors().FirstOrDefault();
if (validationError != null)
{
return(LoginResult.FailResult(validationError));
}
if (_repository.Find <IUser>(u => u.Email.Equals(email)) != null)
{
return(LoginResult.FailResult("Email already exists"));
}
user = _repository.Add(user);
if (user == null)
{
return(LoginResult.FailResult("Database Error"));
}
return(LoginResult.SuccessResult(_tokenProvider.NewToken(user)));
}
