Exemplo n.º 1
0
        // obviously when displaying the result to the user you should not differentiate
        // between wrong username and wrong password!!!
        public LoginResult Login(string username, string password, int limitSeconds = 0, int limit = 0)
        {
            username = username.ToLower();

            if (limitSeconds > 0)
            {
                _rateMeasureService.Increment(username);
                if (!_rateMeasureService.InsideLimit(username, limitSeconds, limit))
                {
                    return(LoginResult.ReachedRateLimit);
                }
            }

            var credential = _credentialRepository.GetStoredCredential(username);

            if (credential == null)
            {
                return(LoginResult.UserDoesNotExist);
            }

            var hashedPassword = Hasher.Sha256(password);

            if (!credential.HashedPassword.Equals(hashedPassword))
            {
                return(LoginResult.WrongPassword);
            }

            return(LoginResult.Success);
        }