private void ChangePassword(object parameter)
{
string currentPassword = changePasswordWindow.CurrentPasswordTextBox.Password;
string newPassword = changePasswordWindow.NewPasswordTextBox.Password;
string confirmNewPassword = changePasswordWindow.ConfirmNewPasswordTextBox.Password;
if (!string.IsNullOrEmpty(currentPassword) && !string.IsNullOrEmpty(newPassword) && !string.IsNullOrEmpty(confirmNewPassword))
{
if (user != null)
{
if (!PasswordUtility.CheckPassword(currentPassword, user.Password))
{
MessageBox.Show("Incorrect old password.", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
return;
}
if (newPassword != confirmNewPassword)
{
MessageBox.Show("Password and Confirm Password doesn't match!.", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
return;
}
//var newPasswordHash = PasswordUtility.GeneratePasswordHash(newPassword);
//user.Password = newPasswordHash;
dataAccessor.ChangePassword(user, currentPassword, newPassword);
MessageBox.Show("Password changed successfully!!", "Success", MessageBoxButton.OK, MessageBoxImage.Information);
ClearAllValues();
changePasswordWindow.Hide();
}
}
else
{
MessageBox.Show("Fields cannot be empty!.", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
}
public void ChangePassword(User user, string oldPassword, string newPassword)
{
if (PasswordUtility.CheckPassword(oldPassword, user.Password))
{
PasswordHash newPasswordHash = PasswordUtility.GeneratePasswordHash(newPassword);
user.Password = newPasswordHash;
using SqlConnection connection = new SqlConnection(connectionString);
connection.Open();
using SqlCommand command = connection.CreateCommand();
command.CommandText =
"UPDATE dbo.Users "
+ "set PasswordSalt= @PasswordSalt, PasswordHash=@PasswordHash, DateModified=@DateModified "
+ "Where Id=@Id";
user.DateCreated = (DateTime)(user.DateModified = DateTime.UtcNow);
command.Parameters.Add("@Id", SqlDbType.Int).Value = user.Id;
command.Parameters.Add("@PasswordSalt", SqlDbType.VarBinary).Value = user.Password.Salt;
command.Parameters.Add("@PasswordHash", SqlDbType.VarBinary).Value = user.Password.Hash;
command.Parameters.Add("@DateModified", SqlDbType.DateTime2).Value = user.DateModified;
command.ExecuteScalar();
}
}
public void CheckPassword_KnownValues_Validates()
{
var pw = "T3stP@ssw0rd";
var hash = "10000.ZXhKk+k7lZ1xdHxnYO6TFA==.WPbmVg9TvVtjHub4l3e4Lb0N9PTRCSmOr81pTJOF72U=";
//var hash = PasswordUtility.EncryptPassword(pw, 10000);
var valid = PasswordUtility.CheckPassword(hash, pw);
Assert.True(valid);
}
public async Task <AuthenticateResponse> Authenticate(AuthenticateRequest model)
{
var user = await _userRepo.GetUserByUserName(model.Username);
if (user != null && PasswordUtility.CheckPassword(user.PasswordHash, model.Password))
{
var token = generateJwtToken(user);
return(new AuthenticateResponse(user, token));
}
else
{
return(null);
}
}
public Result AdminLogin(string userName, string password)
{
User user = service.GetAdmin(userName);
if (user != null)
{
bool isSuccess = PasswordUtility.CheckPassword(password, user.Password);
if (!isSuccess)
{
return(Result <User> .Error("Password you entered is incorrect."));
}
else
{
return(Result <User> .Success(user));
}
}
return(Result <User> .Error("."));
}
/// <summary>
/// Checks whether the given password correctly matches the stored password hash.
/// </summary>
/// <param name="password">The password to check.</param>
/// <param name="passwordHash">The stored password hash and salt.</param>
/// <returns>True if the password is correct, false if incorrect.</returns>
public static bool CheckPassword(string password, PasswordHash passwordHash)
{
return(PasswordUtility.CheckPassword(password, passwordHash));
}
/// <summary> /// Checks whether the given password correctly matches the stored password hash. /// </summary> /// <param name="password">The password to check.</param> /// <param name="passwordHash">The stored password hash and salt.</param> /// <returns>True if the password is correct, false if incorrect.</returns> public static bool CheckPassword(string password, PasswordHash passwordHash) => PasswordUtility.CheckPassword(password, passwordHash);
