public void SaltPasswordTest()
{
string salt = PasswordUtility.GenerateSalt(32);
string password = "******";
Assert.That(PasswordUtility.SaltPassword(password, salt), Is.EqualTo(string.Concat(password, salt)));
}
public async Task <string> RegisterAsync(Account account)
{
string response = string.Empty;
if (await _dbContext.Accounts.AnyAsync(a => a.Email == account.Email))
{
response = "Email is already in use";
}
else
{
if (await _dbContext.Accounts.AnyAsync(a => a.Username == account.Username))
{
response = "Username is already in use";
}
else
{
account.Created = DateTime.UtcNow;
byte[] salt = PasswordUtility.GenerateSalt();
account.PasswordSalt = salt;
account.PasswordHash = PasswordUtility.HashPassword(account.Password, account.PasswordSalt);
await _dbContext.Accounts.AddAsync(account);
await _dbContext.SaveChangesAsync();
}
}
return(response);
}
public void VerifyPasswordTest()
{
string password = "******";
string salt = PasswordUtility.GenerateSalt(password.Length);
string hashPassword = PasswordUtility.HashPassword(PasswordUtility.SaltPassword(password, salt));
Assert.That(PasswordUtility.VerifyPassword(hashPassword, password, salt), Is.True);
Assert.That(PasswordUtility.VerifyPassword(hashPassword, "notmypassword", salt), Is.False);
}
public async Task ChangePassword(int accountID, string oldPass, string newPass)
{
Account entity = await _dbContext.Accounts.FindAsync(accountID);
if (entity is null)
{
throw new NoAccountFoundException();
}
byte[] passHash = PasswordUtility.HashPassword(oldPass, entity.PasswordSalt);
if (Enumerable.SequenceEqual(entity.PasswordHash, passHash))
{
entity.PasswordSalt = PasswordUtility.GenerateSalt();
entity.PasswordHash = PasswordUtility.HashPassword(newPass, entity.PasswordSalt);
await _dbContext.SaveChangesAsync();
}
else
{
throw new InvalidPasswordException();
}
}
