internal Authentication ValidateAndGet(String email, String password)
{
if (password == null)
{
throw Error.InvalidUser.Throw();
}
var user = GetByEmail(email);
if (user == null)
{
throw Error.InvalidUser.Throw();
}
var validPass = Crypt.Check(password, user.Password);
var validCode = user.TFAPassword && IsValid(user.TFASecret, password);
if (!validPass && !validCode)
{
throw Error.InvalidUser.Throw();
}
if (!user.Control.ActiveOrAllowedPeriod())
{
throw Error.DisabledUser.Throw();
}
return(new Authentication(user, validCode));
}
public Boolean VerifyPassword(User user, String password)
{
return(password != null &&
Crypt.Check(password, user.Password));
}