private void VerifyLoginCredentials(string password, string hash, string salt)
{
var isPasswordVerified = PasswordEncryptionUtilities.VerifyPassword(password, hash, salt);
if (!isPasswordVerified)
{
throw new ValidationException("Invalid credentials");
}
}
async Task AndGivenCreatedDefaultAccountsInDatabase()
{
var fakerGenerator = new FakerGenerator();
var hashSalt = PasswordEncryptionUtilities.GenerateSaltedHash("Password12345");
var myUserAccountData = fakerGenerator.GetUserAccountDataFakerGenerator()
.RuleFor(x => x.Id, Guid.Parse("042d748c-9cef-4a5a-92bd-3fd9a4a0e499"))
.RuleFor(x => x.Salt, hashSalt.Salt)
.RuleFor(x => x.Hash, hashSalt.Hash)
.Generate();
var otherUser = fakerGenerator.GetUserAccountDataFakerGenerator().Generate();
_context.UserAccountsData.AddRange(myUserAccountData, otherUser);
await _context.SaveChangesAsync();
// Multi accounts
var otherMultiAccount = new UserMultiAccount
(
id: Guid.NewGuid(),
userAccountDataId: otherUser.Id,
sponsorId: null,
multiAccountName: "otherMultiAccountName"
);
otherMultiAccount.SetReflink("FIRST_REFLINK");
otherMultiAccount.SetAsMainAccount();
var myMultiAccount1 = new UserMultiAccount
(
id: Guid.NewGuid(),
userAccountDataId: myUserAccountData.Id,
sponsorId: null,
multiAccountName: "myMultiAccount1"
);
var myMultiAccount2 = new UserMultiAccount
(
id: Guid.NewGuid(),
userAccountDataId: myUserAccountData.Id,
sponsorId: null,
multiAccountName: "myMultiAccount2"
);
var myMultiAccount3 = new UserMultiAccount
(
id: Guid.NewGuid(),
userAccountDataId: myUserAccountData.Id,
sponsorId: null,
multiAccountName: "myMultiAccount3"
);
_context.UserMultiAccounts.AddRange(otherMultiAccount, myMultiAccount1, myMultiAccount2, myMultiAccount3);
await _context.SaveChangesAsync();
}
public string GenerateReflink()
{
var random = new Random(DateTime.Now.Ticks.GetHashCode());
var randomStrings = new string(Enumerable.Repeat(Chars, Length).Select(s => s[random.Next(s.Length)]).ToArray());
var hashSalt = PasswordEncryptionUtilities.GenerateSaltedHash(randomStrings);
var hash = hashSalt.Hash.Substring(0, Math.Min(hashSalt.Hash.Length, Length));
return(hash);
}
async Task AndGivenCreatedUserAccountInDatabase()
{
var fakerGenerator = new FakerGenerator();
var hashSalt = PasswordEncryptionUtilities.GenerateSaltedHash(TestPassword);
var myUserAccountData = fakerGenerator.GetUserAccountDataFakerGenerator()
.RuleFor(x => x.Id, f => Guid.Parse("042d748c-9cef-4a5a-92bd-3fd9a4a0e499"))
.RuleFor(x => x.Login, f => TestLogin)
.RuleFor(x => x.Hash, hashSalt.Hash)
.RuleFor(x => x.Salt, hashSalt.Salt)
.Generate();
_context.UserAccountsData.Add(myUserAccountData);
await _context.SaveChangesAsync();
}
public async Task <Guid> Handle(RegisterCommand request, CancellationToken cancellationToken)
{
var user = _mapper.Map <User>(request);
var hashSalt = PasswordEncryptionUtilities.GenerateSaltedHash(request.Password);
user.Salt = hashSalt.Salt;
user.Hash = hashSalt.Hash;
await _shoppingListDbContext.Users.AddAsync(user, cancellationToken);
await _shoppingListDbContext.SaveChangesAsync(cancellationToken);
return(user.Id);
}
public async Task <Guid> Handle(RegisterNewUserAccountCommand command, CancellationToken cancellationToken = default(CancellationToken))
{
await ValidateForUniqueness(command);
var sponsorId = await GetSponsorId(command);
var hashSalt = PasswordEncryptionUtilities.GenerateSaltedHash(command.Password);
var userAccountData = new UserAccountData
(
id: Guid.NewGuid(),
email: command.Email,
login: command.Login,
firstName: command.FirstName,
lastName: command.LastName,
street: command.Street,
city: command.City,
zipCode: command.ZipCode,
country: command.Country,
btcWalletAddress: command.BtcWalletAddress,
role: UserRolesHelper.User
);
userAccountData.SetPassword(hashSalt.Salt, hashSalt.Hash);
await _context.Set <UserAccountData>().AddAsync(userAccountData);
await _context.SaveChangesAsync();
// TODO: Event that user was created: eventhandler should create new multiaccount for him
var userMultiAccount = new UserMultiAccount
(
id: Guid.NewGuid(),
userAccountDataId: userAccountData.Id,
sponsorId: sponsorId,
multiAccountName: userAccountData.Login
);
userMultiAccount.SetAsMainAccount();
await _userMultiAccountRepository.CreateAsync(userMultiAccount);
return(userAccountData.Id);
}
public async Task <string> Handle(LoginCommand request, CancellationToken cancellationToken)
{
var user = await _shoppingListDbContext.Users.FirstOrDefaultAsync(x => x.Email == request.Email && !x.IsDeleted, cancellationToken);
if (user == null)
{
//TODO: Custom Exception types would be nice
throw new Exception("Invalid credentials");
}
var isPasswordMatched = PasswordEncryptionUtilities.VerifyPassword(request.Password, user.Hash, user.Salt);
if (!isPasswordMatched)
{
throw new Exception("Invalid credentials");
}
var tokenString = CreateTokenString(request.Email);
return(tokenString);
}
