public LoginResult Login(string email, string passwordHash) { var user = _repository.Find <IUser>(u => u.Email.Equals(email)); if (user == null) { return(LoginResult.FailResult("No user with that email exists")); } string savedPasswordHash = user.Password; /* Extract the bytes */ byte[] hashBytes = Convert.FromBase64String(savedPasswordHash); /* Get the salt */ byte[] salt = new byte[16]; Array.Copy(hashBytes, 0, salt, 0, 16); /* Compute the hash on the password the user entered */ var pbkdf2 = new Rfc2898DeriveBytes(passwordHash, salt, 10000); byte[] hash = pbkdf2.GetBytes(20); /* Compare the results */ for (int i = 0; i < 20; i++) { if (hashBytes[i + 16] != hash[i]) { return(LoginResult.FailResult("Incorrect password")); } } return(LoginResult.SuccessResult(_tokenProvider.NewToken(user))); }
public LoginResult Register(string email, string password, DateTime dateOfBirth, string fullName) { if (!IsValidPassword(password)) { return(LoginResult.FailResult("Invalid Password (Must: contain 1 uppercase, contain 1 number and be 8-15 characters long)")); } string savedPasswordHash = HashPassword(password); var user = _entityFactory.NewUser; user.Email = email; user.FullName = fullName; user.Password = savedPasswordHash; user.DateOfBirth = dateOfBirth; var validationError = user.ValidationErrors().FirstOrDefault(); if (validationError != null) { return(LoginResult.FailResult(validationError)); } if (_repository.Find <IUser>(u => u.Email.Equals(email)) != null) { return(LoginResult.FailResult("Email already exists")); } user = _repository.Add(user); if (user == null) { return(LoginResult.FailResult("Database Error")); } return(LoginResult.SuccessResult(_tokenProvider.NewToken(user))); }