public ObjectId ValidateLoginAttempt(string username, byte[] enteredPassword) { User user = Database.Instance.userCollection.FindOneAs <User>(Query.EQ("username", username)); if (user != null) { byte[] saltedHash = Authorize.GenerateSaltedHash(enteredPassword, user.password.salt); if (Authorize.IsValidHash(saltedHash, user.password.hash)) { return(user.id); } else { return(ObjectId.Empty); } } else { return(ObjectId.Empty); } }
public bool ChangePassword(byte[] newPassword) { byte[] saltedHash = Authorize.GenerateSaltedHash(newPassword, password.salt); if (Authorize.IsValidHash(saltedHash, password.hash)) { return(false); } foreach (Password prevPass in previousPasswords) { saltedHash = Authorize.GenerateSaltedHash(newPassword, prevPass.salt); if (Authorize.IsValidHash(saltedHash, prevPass.hash)) { return(false); } } byte[] salt = Authorize.GenerateSalt(); saltedHash = Authorize.GenerateSaltedHash(newPassword, salt); Password newPass = new Password(saltedHash, salt); previousPasswords.Add(this.password); this.password = newPass; return(true); }
public Tuple <ServerResponse, ObjectId> CreateNewAccount(string username, string password) { Tuple <ServerResponse, ObjectId> response; try { if (Authorize.PassesGuidelines(password)) { byte[] passBytes = Encoding.UTF8.GetBytes(password); byte[] salt = Authorize.GenerateSalt(); byte[] saltedHash = Authorize.GenerateSaltedHash(passBytes, salt); Password pass = new Password(saltedHash, salt); User newUser = new User(username.ToLower(), pass); try { UserManager.Instance.SaveUser(newUser); response = new Tuple <ServerResponse, ObjectId>(ServerResponse.Success, newUser.id); } catch (MongoWriteConcernException ex) { WriteLog(ex); response = new Tuple <ServerResponse, ObjectId>(ServerResponse.UsernameAlreadyExists, ObjectId.Empty); } } else { response = new Tuple <ServerResponse, ObjectId>(ServerResponse.UsernameAlreadyExists, ObjectId.Empty); } } catch (Exception ex) { WriteLog(ex); response = new Tuple <ServerResponse, ObjectId>(ServerResponse.ServerError, ObjectId.Empty); } return(response); }