public bool ValidateCredentials(string username, string unsalted_unhashed_password)
{
// Get a list of users which in the database, have salted and hashed passwords.
List<DatabaseUser> db_users = _dbQueryService.GetAllUsers();
// If no Users exist, return false.
if (db_users == null)
{
return false;
}
// Else, verify the provided credentials against all user credentials in the database.
foreach (DatabaseUser user in db_users)
{
if (user.Username.ToUpper() == username.ToUpper()) // If plaintext username is correct, check the password.
{
// Using the DatabaseUser's Salt attribute, Hash and Salt the plain text password to verify/compare.
string salted_hashed_password_to_check = UserPasswordTools.HashAndSaltPassword(unsalted_unhashed_password, user.Salt);
// If the salted and hashed passwords are identical, then we have a match.
if (salted_hashed_password_to_check == user.Password)
{
return true;
}
}
}
return false;
}
public DatabaseUser(UserSettings userSettings)
{
UserId = userSettings.UserId;
Username = userSettings.Username;
EmailAddress = userSettings.EmailAddress;
FirstName = userSettings.FirstName;
LastName = userSettings.LastName;
Salt = UserPasswordTools.GenerateRandomPasswordSalt();
Password = UserPasswordTools.HashAndSaltPassword(userSettings.Password, this.Salt);
IsAdministrator = userSettings.IsAdministrator;
}
public bool ModifyPassword(UserPassword userPassword)
{
if (userPassword.UserId != null)
{
DatabaseUser dbUser = _dbQueryService.GetUserById(userPassword.UserId.Value);
string saltedHashedPasswordToCheck =
UserPasswordTools.HashAndSaltPassword(userPassword.OldPassword, dbUser.Salt);
// If the salted and hashed passwords are identical, then we have a match.
if (saltedHashedPasswordToCheck == dbUser.Password)
{
dbUser.Salt = UserPasswordTools.GenerateRandomPasswordSalt();
dbUser.Password = UserPasswordTools.HashAndSaltPassword(userPassword.NewPassword, dbUser.Salt);
return(_dbQueryService.PersistPasswordChange(dbUser));
}
}
return(false);
}
public UserSettings CreateAndReturnUser(UserSettings userSettings)
{
DatabaseUser dbUser = new DatabaseUser(userSettings);
dbUser.Salt = UserPasswordTools.GenerateRandomPasswordSalt();
dbUser.Password = UserPasswordTools.HashAndSaltPassword(userSettings.Password, dbUser.Salt);
dbUser.EscapeStringFields();
if (_dbQueryService.PersistNewUser(dbUser))
{
UserSettings createdUser = GetUserByUsername(userSettings.Username);
createdUser.CreateAPIKey = userSettings.CreateAPIKey;
if (createdUser.CreateAPIKey)
{
createdUser.APIKey = _apiKeyService.RegisterNewAPIKey(createdUser.UserId);
}
return(createdUser);
}
return(null);
}
public bool ResetPassword(PasswordReset passwordReset)
{
DatabaseUser databaseUser = _dbQueryService.GetUserByPasswordResetToken(passwordReset.Token);
if (databaseUser == null)
{
return(false);
}
databaseUser.Salt = UserPasswordTools.GenerateRandomPasswordSalt();
databaseUser.Password = UserPasswordTools.HashAndSaltPassword(passwordReset.Password, databaseUser.Salt);
if (_dbQueryService.PersistPasswordChange(databaseUser))
{
_dbQueryService.PersistRemovePasswordResetToken(passwordReset.Token);
return(true);
}
return(false);
}
