public async Task <ActionResult> Post(
            [FromServices] DataContext context,
            [FromForm] string username,
            [FromForm] string password)
        {
            var user = await context
                       .Users
                       .FirstOrDefaultAsync(u => u.Username == username);

            if (user == null)
            {
                return(BadRequest(new { message = "Usuário inválido." }));
            }

            if (!PasswordEncryption.IsStringEqualToHash(password, user.Password, user.Salt))

            {
                return(BadRequest(new { message = "Senha inválida." }));
            }

            var claims = new List <Claim>
            {
                new Claim(ClaimTypes.Name, user.Username)
            };

            var userIdentity = new ClaimsIdentity(claims, "login");
            var principal    = new ClaimsPrincipal(userIdentity);
            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);

            return(Ok());
        }
        public void IsStringEqualToHash_DifferentPasswordSameSalt_ReturnsFalse()
        {
            byte[] salt = PasswordEncryption.GenerateSalt();
            byte[] hash = PasswordEncryption.GenerateHash("pa55word", salt);

            var isNotEqual = PasswordEncryption.IsStringEqualToHash("an0therpa55word", hash, salt);

            Assert.False(isNotEqual);
        }
        public void IsStringEqualToHash_SamePasswordAndSalt_ReturnsTrue()
        {
            byte[] salt = PasswordEncryption.GenerateSalt();
            byte[] hash = PasswordEncryption.GenerateHash("pa55word", salt);

            var isEqual = PasswordEncryption.IsStringEqualToHash("pa55word", hash, salt);

            Assert.True(isEqual);
        }
        public void IsStringEqualToHash_SamePasswordDifferentSalt_ReturnsTrue()
        {
            byte[] salt1 = PasswordEncryption.GenerateSalt();
            byte[] hash  = PasswordEncryption.GenerateHash("pa55word", salt1);

            byte[] salt2      = PasswordEncryption.GenerateSalt();
            var    isNotEqual = PasswordEncryption.IsStringEqualToHash("pa55word", hash, salt2);

            Assert.False(isNotEqual);
        }