public async Task Post(UserModel userModel, string creditCard)
{
var user = await _userRepository.Get(userModel.Username);
if (user != null)
{
var salt = PasswordEncryptor.CreateSalt(ChaCha20Poly1305.ChaCha20Poly1305.NonceSize);
var key = _keyVault.Get();
var hashedCreditCard = PasswordEncryptor.EncryptSensitiveData(creditCard, salt, key);
user.CreditCardHash = hashedCreditCard;
user.CreditCardSalt = HexToBytesConverter.BytesArrayToHexString(salt);
await _userRepository.Update(user);
}
}
public async Task <string> Get(string email)
{
var user = await _userRepository.Get(email);
if (user != null)
{
var salt = HexToBytesConverter.HexStringToBytesArray(user.CreditCardSalt);
var key = _keyVault.Get();
var hashedCreditCard = PasswordEncryptor.DecryptSensitiveData(user.CreditCardHash, salt, key);
var creditCard = HexToBytesConverter.HexStringToBytesArray(hashedCreditCard);
return(Encoding.Default.GetString(creditCard));
}
throw new Exception("Decryption failed");
}
public async Task <bool> Register(UserModel userModel)
{
var salt = PasswordEncryptor.CreateSalt(SaltLength);
var hashedPassword = PasswordEncryptor.HashPassword(userModel.Password, salt);
var user = new User
{
Id = Guid.NewGuid(),
Email = userModel.Username,
PasswordHash = hashedPassword,
PasswordSalt = HexToBytesConverter.BytesArrayToHexString(salt)
};
await _userRepository.Add(user);
return(true);
}
public async Task <UserModel> Login(UserModel userModel)
{
var userEntity = await _userRepository.Get(userModel.Username);
if (userEntity != null)
{
var salt = HexToBytesConverter.HexStringToBytesArray(userEntity.PasswordSalt);
var hashedPassword = PasswordEncryptor.HashPassword(userModel.Password, salt);
if (hashedPassword == userEntity.PasswordHash)
{
userModel.Token = "Fake-Token";
return(userModel);
}
}
throw new Exception("Login failed");
}