internal Authentication ValidateAndGet(String email, String password) { if (password == null) { throw Error.InvalidUser.Throw(); } var user = GetByEmail(email); if (user == null) { throw Error.InvalidUser.Throw(); } var validPass = Crypt.Check(password, user.Password); var validCode = user.TFAPassword && IsValid(user.TFASecret, password); if (!validPass && !validCode) { throw Error.InvalidUser.Throw(); } if (!user.Control.ActiveOrAllowedPeriod()) { throw Error.DisabledUser.Throw(); } return(new Authentication(user, validCode)); }
public Boolean VerifyPassword(User user, String password) { return(password != null && Crypt.Check(password, user.Password)); }