public bool ValidateCredentials(string username, string unsalted_unhashed_password) { // Get a list of users which in the database, have salted and hashed passwords. List<DatabaseUser> db_users = _dbQueryService.GetAllUsers(); // If no Users exist, return false. if (db_users == null) { return false; } // Else, verify the provided credentials against all user credentials in the database. foreach (DatabaseUser user in db_users) { if (user.Username.ToUpper() == username.ToUpper()) // If plaintext username is correct, check the password. { // Using the DatabaseUser's Salt attribute, Hash and Salt the plain text password to verify/compare. string salted_hashed_password_to_check = UserPasswordTools.HashAndSaltPassword(unsalted_unhashed_password, user.Salt); // If the salted and hashed passwords are identical, then we have a match. if (salted_hashed_password_to_check == user.Password) { return true; } } } return false; }
public DatabaseUser(UserSettings userSettings) { UserId = userSettings.UserId; Username = userSettings.Username; EmailAddress = userSettings.EmailAddress; FirstName = userSettings.FirstName; LastName = userSettings.LastName; Salt = UserPasswordTools.GenerateRandomPasswordSalt(); Password = UserPasswordTools.HashAndSaltPassword(userSettings.Password, this.Salt); IsAdministrator = userSettings.IsAdministrator; }
public bool ModifyPassword(UserPassword userPassword) { if (userPassword.UserId != null) { DatabaseUser dbUser = _dbQueryService.GetUserById(userPassword.UserId.Value); string saltedHashedPasswordToCheck = UserPasswordTools.HashAndSaltPassword(userPassword.OldPassword, dbUser.Salt); // If the salted and hashed passwords are identical, then we have a match. if (saltedHashedPasswordToCheck == dbUser.Password) { dbUser.Salt = UserPasswordTools.GenerateRandomPasswordSalt(); dbUser.Password = UserPasswordTools.HashAndSaltPassword(userPassword.NewPassword, dbUser.Salt); return(_dbQueryService.PersistPasswordChange(dbUser)); } } return(false); }
public UserSettings CreateAndReturnUser(UserSettings userSettings) { DatabaseUser dbUser = new DatabaseUser(userSettings); dbUser.Salt = UserPasswordTools.GenerateRandomPasswordSalt(); dbUser.Password = UserPasswordTools.HashAndSaltPassword(userSettings.Password, dbUser.Salt); dbUser.EscapeStringFields(); if (_dbQueryService.PersistNewUser(dbUser)) { UserSettings createdUser = GetUserByUsername(userSettings.Username); createdUser.CreateAPIKey = userSettings.CreateAPIKey; if (createdUser.CreateAPIKey) { createdUser.APIKey = _apiKeyService.RegisterNewAPIKey(createdUser.UserId); } return(createdUser); } return(null); }
public bool ResetPassword(PasswordReset passwordReset) { DatabaseUser databaseUser = _dbQueryService.GetUserByPasswordResetToken(passwordReset.Token); if (databaseUser == null) { return(false); } databaseUser.Salt = UserPasswordTools.GenerateRandomPasswordSalt(); databaseUser.Password = UserPasswordTools.HashAndSaltPassword(passwordReset.Password, databaseUser.Salt); if (_dbQueryService.PersistPasswordChange(databaseUser)) { _dbQueryService.PersistRemovePasswordResetToken(passwordReset.Token); return(true); } return(false); }