/// <summary>
/// Reads a password from a database.
/// </summary>
/// <param name="userEmail">A useremail/login for which a password is read.</param>
/// <returns>Returns a password read from a database.</returns>
public byte[] ReadUserPasswordFromDatabase(string userEmail)
{
SqlCommand command = new SqlCommand($"SELECT [UserPassword] FROM [dbo].[tblUsersWithAccessToLicensesData] WHERE [UserEmail]=@UserEmail");
command.Parameters.AddWithValue("@UserEmail", userEmail);
object result = resultOfQuery(command, (cmd) => cmd.ExecuteScalar());
return(result is string?HashedPassword.RemoveSeparators((string)result) : null);
}
/// <summary>
/// Checks if a password given by user is the same as keeped in a storage.
/// </summary>
/// <returns>Returns true if passwords are the same and false if not.</returns>
private bool checkAuthorization()
{
HashedPassword passHash = null;
byte[] HashedPasswordFromStorage = this?.getUserHashedPasswordFromStorage();
if (HashedPasswordFromStorage != null)
{
passHash = new HashedPassword(HashedPasswordFromStorage);
return(passHash.Verify(userPasswordToCheck));
}
return(false);
}
/// <summary>
/// Saves a new user into database.
/// </summary>
/// <param name="userEmail">A users email/login.</param>
/// <param name="userPassword">A users password.</param>
/// <returns>Returns 1 if user is saved correctly.</returns>
public int SaveNewUserIntoDatabase(string userEmail, string userPassword)
{
HashedPassword userHashedPassword = new HashedPassword(userPassword);
string password = userHashedPassword.ToString("|");
string command =
$@"IF NOT EXISTS (SELECT [UserEmail] FROM [dbo].[tblUsersWithAccessToLicensesData] WHERE [UserEmail]=@UserEmail)
BEGIN
INSERT INTO [dbo].[tblUsersWithAccessToLicensesData] VALUES (@UserEmail, @Password)
END";
SqlCommand sqlCommand = new SqlCommand(command);
sqlCommand.Parameters.AddWithValue("@UserEmail", userEmail);
sqlCommand.Parameters.AddWithValue("@Password", userPassword);
return((int)resultOfQuery(sqlCommand, (cmd) => cmd.ExecuteNonQuery()));
}