public async Task <IActionResult> SignUp(RegisterModel registerModel) { if (ModelState.IsValid) { if (_userRepository.GetUserByEmail(registerModel.Email) != null) { ModelState.AddModelError("Email", "A user with this email already exists."); return(View(registerModel)); } var saltyHash = SaltyHash.Create(registerModel.Password); var user = new User { Email = registerModel.Email, Hash = saltyHash.Hash, Salt = saltyHash.Salt }; _userRepository.AddEntity(user); _userRepository.Save(); await Authenticate(registerModel.Email); return(RedirectToAction("Index", "Home")); } return(View(registerModel)); }
public void Validate_FromValue_True() { const string value = "P@$sw0Rd"; var saltyHash = SaltyHash.Create(value); Assert.IsTrue(saltyHash.Validate(value)); }
public void Validate_FromPregenerate_True() { const string hash = "E2HJhN1F3/VBR0bcU7CJ7qsjNjIzQO225cujRckk1rA="; const string salt = "blmCds9MPswKZ0+tJUqwsA=="; const string value = "P@$sw0Rd"; var saltyHash = new SaltyHash(hash, salt); Assert.IsTrue(saltyHash.Validate(value)); }
public async Task <User> Register(User user, string password) { SaltyHash saltyHash = CreatePasswordHash(password); user.PasswordHash = saltyHash.hash; user.PasswordSalt = saltyHash.salt; await _context.Users.AddAsync(user); await _context.SaveChangesAsync(); return(user); }
private bool VerifyPasswordHash(string password, SaltyHash saltyHash) { using (var hmac = new System.Security.Cryptography.HMACSHA512(saltyHash.salt)) { var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password)); for (var x = 0; x < saltyHash.hash.Length; x++) { if (computedHash[x] != saltyHash.hash[x]) { return(false); } } } return(true); }
// Start - IAuthRepository implementation public async Task <User> Login(string username, string password) { var user = await _context.Users.FirstOrDefaultAsync(x => x.Username == username); if (user == null) { return(null); } var saltyHash = new SaltyHash(user.PasswordSalt, user.PasswordHash); if (!VerifyPasswordHash(password, saltyHash)) { return(null); } return(user); }
public async Task <IActionResult> Login(LoginModel loginModel) { if (ModelState.IsValid) { var user = _userRepository.GetUserByEmail(loginModel.Email); if (user == null) { ModelState.AddModelError("Email", "User with this email does not exist."); return(View(loginModel)); } var saltyHash = new SaltyHash(user.Hash, user.Salt); if (saltyHash.Validate(loginModel.Password)) { await Authenticate(loginModel.Email); return(RedirectToAction("Index", "Home")); } ModelState.AddModelError("Password", "Please enter correct password."); } return(View(loginModel)); }
public IActionResult ChangePassword(ChangePasswordModel model) { if (ModelState.IsValid) { var user = _userRepository.GetUserByEmail(User.Identity.Name); var saltyHash = new SaltyHash(user.Hash, user.Salt); if (saltyHash.Validate(model.CurrentPassword)) { var newPassword = SaltyHash.Create(model.NewPassword); (user.Hash, user.Salt) = (newPassword.Hash, newPassword.Salt); _userRepository.UpdateEntity(user); _userRepository.Save(); ViewData.Add("Success", "Password change was successful!"); } else { ModelState.AddModelError("CurrentPassword", "Please enter correct password."); } } return(View("Settings")); }