public bool RetrieveToken(string id, out PasswordHash.HashInfo hashedToken, out string encryptedUserId, out byte[] userIdSalt, out DateTime issuedAt, out DateTime refreshed) { try { var sql = @"SELECT [id] ,[id_salt] ,[token_hash] ,[token_salt] ,[token_method] ,[token_iterations] ,[issued_at] ,[refreshed] FROM [TokenStorage] WHERE [id] = @id"; var results = dataConnection.Query<TokenStorageDb>(sql, new { id = id }); // get the first out of the result set and throw exception if there is more var token = results.Single(); issuedAt = token.issued_at; refreshed = token.refreshed; hashedToken = new PasswordHash.HashInfo { Hash = token.token_hash, Iterations = token.token_iterations, Method = token.token_method, Salt = token.token_salt }; encryptedUserId = token.id; userIdSalt = Convert.FromBase64String(token.id_salt); return true; } catch (Exception ex) { logger.Error(ex); } // set all information on null or default hashedToken = null; encryptedUserId = null; userIdSalt = null; issuedAt = new DateTime(); refreshed = new DateTime(); return false; }
public bool StoreToken(int userId, PasswordHash.HashInfo hashedToken, string encryptedUserId, byte[] userIdSalt, DateTime issuedAt) { logger.Debug("Store access token"); // cleanup table var cleanUpSql = @"DELETE FROM [TokenStorage] WHERE user_id = @user_id"; var deleteResult = dataConnection.Execute(cleanUpSql, new { user_id = userId }); // store the actual token var sql = @" INSERT INTO [TokenStorage] ([id] ,[id_salt] ,[token_hash] ,[token_salt] ,[token_method] ,[token_iterations] ,[issued_at] ,[refreshed] ,[user_id]) VALUES (@id ,@id_salt ,@token_hash ,@token_salt ,@token_method ,@token_iterations ,@issued_at ,@refreshed ,@user_id)"; // maybe var result = dataConnection.Execute(sql, new { id = encryptedUserId, id_salt = Convert.ToBase64String(userIdSalt), token_hash = hashedToken.Hash, token_salt = hashedToken.Salt, token_iterations = hashedToken.Iterations, token_method = hashedToken.Method, issued_at = issuedAt, refreshed = issuedAt, user_id = userId }); logger.Debug("Store access token result: " + result); return result == 1 ? true : false; }
public void HashPasswordTest() { string orgPassword = "******"; var passwordHash = new PasswordHash(); var hashedPassword = passwordHash.CreateHash(orgPassword); StringBuilder sb = new StringBuilder(); foreach(char c in hashedPassword.ToString()){ sb.Append(c); } var enteredPassword = sb.ToString(); var validateResult = passwordHash.ValidatePassword("org-password", hashedPassword.ToString()); Assert.AreEqual(hashedPassword.ToString(), enteredPassword); Assert.IsTrue(validateResult); PasswordHash.HashInfo hi = new PasswordHash.HashInfo(hashedPassword.ToString()); Assert.AreEqual("sha1", hi.Method); Assert.AreEqual(PasswordHash.PBKDF2_ITERATIONS, hi.Iterations); Assert.AreEqual(hashedPassword.ToString().Split(':')[0], hi.Method); Assert.AreEqual(Int32.Parse(hashedPassword.ToString().Split(':')[1]), hi.Iterations); Assert.AreEqual(hashedPassword.ToString().Split(':')[2], hi.Salt); Assert.AreEqual(hashedPassword.ToString().Split(':')[3], hi.Hash); hi.Dispose(); Assert.AreEqual(":0::", hi.ToString()); PasswordHash.HashInfo hi2 = new PasswordHash.HashInfo { Method = "sha1", Iterations = 1000, Salt = "salt", Hash = "hash" }; Assert.AreEqual("sha1:1000:salt:hash", hi2.ToString()); hi2.Dispose(); Assert.AreEqual(":0::", hi2.ToString()); }