public async Task <ActionResult> Post( [FromServices] DataContext context, [FromForm] string username, [FromForm] string password) { var user = await context .Users .FirstOrDefaultAsync(u => u.Username == username); if (user == null) { return(BadRequest(new { message = "Usuário inválido." })); } if (!PasswordEncryption.IsStringEqualToHash(password, user.Password, user.Salt)) { return(BadRequest(new { message = "Senha inválida." })); } var claims = new List <Claim> { new Claim(ClaimTypes.Name, user.Username) }; var userIdentity = new ClaimsIdentity(claims, "login"); var principal = new ClaimsPrincipal(userIdentity); await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal); return(Ok()); }
public void IsStringEqualToHash_DifferentPasswordSameSalt_ReturnsFalse() { byte[] salt = PasswordEncryption.GenerateSalt(); byte[] hash = PasswordEncryption.GenerateHash("pa55word", salt); var isNotEqual = PasswordEncryption.IsStringEqualToHash("an0therpa55word", hash, salt); Assert.False(isNotEqual); }
public void IsStringEqualToHash_SamePasswordAndSalt_ReturnsTrue() { byte[] salt = PasswordEncryption.GenerateSalt(); byte[] hash = PasswordEncryption.GenerateHash("pa55word", salt); var isEqual = PasswordEncryption.IsStringEqualToHash("pa55word", hash, salt); Assert.True(isEqual); }
public void IsStringEqualToHash_SamePasswordDifferentSalt_ReturnsTrue() { byte[] salt1 = PasswordEncryption.GenerateSalt(); byte[] hash = PasswordEncryption.GenerateHash("pa55word", salt1); byte[] salt2 = PasswordEncryption.GenerateSalt(); var isNotEqual = PasswordEncryption.IsStringEqualToHash("pa55word", hash, salt2); Assert.False(isNotEqual); }