public User Create(User user, string password)
{
// validation
if (string.IsNullOrWhiteSpace(password))
{
throw new RequestException(UserExceptionCodes.BadPassword);
}
if (_context.Users.Any(x => x.Email == user.Email))
{
throw new RequestException(UserExceptionCodes.EmailAlreadyExists);
}
byte[] passwordHash, passwordSalt;
PasswordVerifier.CreatePasswordHash(password, out passwordHash, out passwordSalt);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
user.Location = null;
_context.Users.Add(user);
_context.SaveChanges();
return(user);
}
public void CreateAndVerifyPasswordHashTest()
{
string password;
byte[] passwordHash, passwordSalt;
for (int i = 0; i < 100; i++)
{
password = RandomString(Random.Next(1, 33));
PasswordVerifier.CreatePasswordHash(password, out passwordHash, out passwordSalt);
Assert.True(PasswordVerifier.VerifyPasswordHash(password, passwordHash, passwordSalt));
}
}
public void SetNewPassword(User user, string newPassword, string oldPassword = null)
{
if (oldPassword != null && !PasswordVerifier.VerifyPasswordHash(oldPassword, user.PasswordHash, user.PasswordSalt))
{
throw new RequestException(UserExceptionCodes.InvalidCredentials);
}
if (string.IsNullOrWhiteSpace(newPassword))
{
throw new RequestException(UserExceptionCodes.BadPassword);
}
byte[] passwordHash, passwordSalt;
PasswordVerifier.CreatePasswordHash(newPassword, out passwordHash, out passwordSalt);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
_context.Users.Update(user);
_context.SaveChanges();
}