public async Task <ResponseDto> CreateUserLogin(UserDto userDto)
{
var authenticationDto = new AuthenticationDto();
ISpecification <UserDto> specification = new UserNameSpecification()
.And(new PasswordSpecification());
if (specification.IsSatisfiedBy(userDto))
{
var user = new Users();
user.UserName = userDto.UserName;
string passwordHash = ""; string passwordSalt = "";
ECWRNGRfcSaltedHashManager.GenrateSaltedHash(userDto.Password, out passwordHash, out passwordSalt);
user.Logins.Add(new Logins {
UserName = userDto.UserName, PasswordHash = passwordHash, PasswordSalt = passwordSalt
});
var userId = await this.loginRepository.CreateLogin(user);
if (userId <= 0)
{
authenticationDto.AddRule("userDto", "Server Error.");
}
}
return(authenticationDto);
}
public async Task <AuthenticationDto> VerifyUser(UserDto userDto)
{
var authenticationDto = new AuthenticationDto();
ISpecification <UserDto> specification = new UserNameSpecification();
if (!specification.IsSatisfiedBy(userDto))
{
authenticationDto.AddRule("userDto", "UserName is empty.");
}
var userLogin = await this.loginRepository.GetLogin(userDto.UserName);
if (userLogin == null)
{
authenticationDto.AddRule("userDto", "Invalid UserName.");
}
if (!ECWRNGRfcSaltedHashManager.VerifyPassword(userDto.Password, userLogin.PasswordHash, userLogin.PasswordSalt))
{
authenticationDto.AddRule("userDto", "UserName or password is incorrect.");
}
else
{
authenticationDto.IsAuthenticated = true;
authenticationDto.AddRule("Success", "Authentication is successfull.");
}
return(authenticationDto);
}
public async Task <UserDto> CreateUser(UserDto userDto)
{
var authenticationDto = new AuthenticationDto();
var userSpecification = new UserSpecification().
And(new UserNameSpecification()).
And(new PasswordSpecification()).
And(new UniqueUserSpecification(this.userRepository));
if (userSpecification.IsSatisfiedBy(userDto))
{
string passwordSalt = "";
string passwordHash = "";
ECWRNGRfcSaltedHashManager.GenrateSaltedHash(userDto.Password, out passwordHash, out passwordSalt);
var newUser = new Logins
{
UserName = userDto.UserName,
PasswordSalt = passwordSalt,
PasswordHash = passwordHash
};
int identity = await this.userRepository.CreateLogin(newUser);
if (identity <= 0)
{
userDto.AddRule("User", "Creation faild!");
}
else
{
userDto.AddRule("Success", "Authentication is successfull.");
}
}
return(userDto);
}
public void RNGRfc_When_Correct_Password_Test()
{
string password = "******";
//string newPassword = "******";
string hash = "";
string salt = "";
ECWRNGRfcSaltedHashManager.GenrateSaltedHash(password, out hash, out salt);
Assert.True(ECWRNGRfcSaltedHashManager.VerifyPassword(password, hash, salt));
}
public void Verif_ySaltedHash_With_MD5_When_InCorrect_Password_Test()
{
string password = "******";
string newPassword = "******";
string hash = "";
string salt = "";
ECWRNGRfcSaltedHashManager.GenrateSaltedHash(password, out hash, out salt);
Assert.False(ECWRNGRfcSaltedHashManager.VerifyPassword(newPassword, hash, salt));
}
