public async Task CreateUserAsync(string username, string password) { string activationCode; using (var uow = _unitOfWorkFactory.CreateUnitOfWork()) { var alreadyExistingUser = await uow.Users.GetByUsernameAsync(username); if (alreadyExistingUser != null) { throw new UserAlreadyExistsException(); } var bytes = new byte[64]; using (var rng = RandomNumberGenerator.Create()) { rng.GetBytes(bytes); } activationCode = string.Join("", bytes.Select(b => b.ToString("x2"))); var user = new User() { Username = username, HashedPassword = _passwordHashingService.HashPassword(password), ActivationCode = activationCode }; uow.Users.Add(user); await uow.SaveChangesAsync(); } await _mailService.SendCreateUserMailAsync(username, activationCode); }
public void ResetPassword( string resetToken, string newPassword, IDateTimeService dateTimeService, IPasswordHashingService passwordHashingService, ISecureRng secureRng) { var result = PasswordResetTokens.FirstOrDefault(i => i.Token == resetToken); if (result == null) { throw new DomainModelException("Reset token doesn't exist"); } if (dateTimeService.GetCurrentDateTime() > result.CreatedAt.AddHours(6)) { throw new DomainModelException("Reset token expired"); } string salt = secureRng.GenerateSecureRandomString(16); PasswordCredential = new PasswordCredential() { HashedPassword = passwordHashingService.HashPassword(newPassword, salt), Salt = salt }; }
public AuthToken GetAuthToken( string password, IPasswordHashingService passwordHasher, IAlphanumericTokenGenerator alphanumericTokenGenerator, IDateTimeService dateTimeService) { var accountSalt = PasswordCredential.PasswordSalt; if (PasswordCredential.HashedPassword == passwordHasher.HashPassword(password, accountSalt)) { var newAuthToken = new AuthToken() { TokenString = alphanumericTokenGenerator.GenerateAlphanumericToken(64), LastUsed = dateTimeService.GetCurrentDateTime(), Account = this }; AuthTokens.Add(newAuthToken); return(newAuthToken); } else { throw new Exception("Incorrect Username or Password."); } }
public LoginResultViewModel Register(ExtendedBenutzerViewModel benutzer) { Guard.IsNotNull(benutzer, nameof(benutzer)); Guard.IsNotNull(benutzer.Person, nameof(benutzer.Person)); Guard.IsNotNull(benutzer.Person.Email, nameof(benutzer.Person.Email)); Guard.IsNotNull(benutzer.Person.Vorname, nameof(benutzer.Person.Email)); Guard.IsNotNull(benutzer.Person.Name, nameof(benutzer.Person.Email)); benutzer.Person.Email = benutzer.Person.Email.ToLowerInvariant(); if (benutzer.PasswortWiederholung != benutzer.Passwort) { throw new CustomException("Passwort und Passwortwiederholung sind nicht identisch."); } var dbBenutzer = _mapper.Map <Benutzer>(benutzer); dbBenutzer.Passwort = _passwordHashingService.HashPassword(benutzer.Passwort); dbBenutzer.IstGesperrt = false; dbBenutzer = _benutzerService.CreateBenutzer(dbBenutzer); _logger.LogInformation("Neuer Benutzer registriert: " + benutzer.Person.Email); return(_mapper.Map <LoginResultViewModel>(dbBenutzer)); }
public ActionResult Register(string username, string email, string password) { //Input validation var errors = new List <string>(); if (!userService.IsEmailUnique(email)) { errors.Add("Email already exists"); } if (!userService.IsNameUnique(username)) { errors.Add("Username already exists"); } if (!emailService.IsEmailValid(email)) { errors.Add("Email is not valid"); } if (errors.Any()) { return(BadRequest(errors)); } //Create new user var passwordHash = hashingService.HashPassword(password); IUser user = new User { UserName = username, Email = email, PasswordHash = passwordHash, Active = true, }; userService.Create(user); var simpleToken = simpleTokenService.GenerateSimpleToken(); simpleTokenService.StoreToken(user.Id, simpleToken); //Don't send email if no email host settings are defined if (string.IsNullOrWhiteSpace(emailService.Settings.Host)) { return(NoContent()); } var body = $@"Welcome, Your account has been created. Click on this link to confirm your email: http://localhost:4200/confirmemail/{user.Id}/{simpleToken}"; emailService.SendEmail(new MailAddress($"*****@*****.**"), new string[] { email }, "New account", body); return(NoContent()); }
public void SetPassword( string password, IPasswordHashingService passwordHasher, ISecureRandomStringGeneratorService saltGenerator) { PasswordSalt = saltGenerator.GenerateSecureRandomString(); HashedPassword = passwordHasher.HashPassword(password, PasswordSalt); }
public void ResetPassword( string newPassword, IPasswordHashingService passwordHasher, PasswordResetToken resetToken, ISecureRandomStringGeneratorService saltGenerator) { if (PasswordResetTokens.Contains(resetToken) && resetToken.IsActive) { PasswordSalt = saltGenerator.GenerateSecureRandomString(); HashedPassword = passwordHasher.HashPassword(newPassword, PasswordSalt); } }
public async Task WhenCreatingUser_CreateUserInDatabase_AndHashPassword() { _passwordHashingService.HashPassword(SomePassword) .Returns(SomeEncryptedPassword); await _service.CreateUserAsync(SomeUsername, SomePassword); var userRepository = _unitOfWorkFactory.GetUnitOfWork().Users; Received.InOrder(() => { userRepository.Add(Arg.Is <User>(u => u.Username == SomeUsername && u.HashedPassword == SomeEncryptedPassword && !string.IsNullOrEmpty(u.ActivationCode)) ); _unitOfWorkFactory.GetUnitOfWork().SaveChangesAsync(); }); }
public AuthToken Login( string password, IAlphanumericTokenGenerator tokenGenerator, IDateTimeService dateTimeService, IPasswordHashingService passwordHashingService) { var hashedPassword = passwordHashingService.HashPassword(password, PasswordCredential.Salt); if (hashedPassword != PasswordCredential.HashedPassword) { throw new DomainModelException("Incorrect username or password"); } var authToken = new AuthToken() { Token = tokenGenerator.GenerateAlphanumericToken(16), CreatedAt = dateTimeService.GetCurrentDateTime() }; AuthTokens.Add(authToken); return(authToken); }