public void UpdatePassword(int id, string oldPassword, string newPassword)
{
using (var db = new OnlineCasinoDb())
{
var userForUpdate = db.Users.FirstOrDefault(u => u.Id == id);
if (userForUpdate == null)
{
throw new NotFoundException();
}
var saltedOldPassword = CryptographicManager.GenerateSHA256Hash(oldPassword, userForUpdate.Salt);
if (!object.Equals(userForUpdate.Password, saltedOldPassword))
{
throw new BadRequestException();
}
var saltedNewPassword = CryptographicManager.GenerateSHA256Hash(newPassword, userForUpdate.Salt);
userForUpdate.Password = saltedNewPassword;
db.Users.AddOrUpdate(userForUpdate);
db.SaveChanges();
}
}
public bool IsPasswordCorrect(int id, string password)
{
using (var db = new DiceGamingDb())
{
var user = db.Users.FirstOrDefault(u => u.Id == id);
if (user == null)
throw new BadRequestException();
var saltedPassword = CryptographicManager.GenerateSHA256Hash(password, user.Salt);
return object.Equals(user.Password, saltedPassword);
}
}
public UserDto Get(string username, string password)
{
User user;
using (var db = new DiceGamingDb())
{
user = db.Users.FirstOrDefault(u => object.Equals(u.Username, username));
if (user == null)
throw new NotFoundException();
var saltedPassword = CryptographicManager.GenerateSHA256Hash(password, user.Salt);
if (!object.Equals(user.Password, saltedPassword))
throw new BadRequestException();
}
return CreateUserDTO(user);
}