public void ValidatePassword_InvalidPasswordUnHashed_ReturnsFalse()
{
var hp = new HashPasswords();
bool unHashed = hp.UnHashAccountPassword("abc123", "id5Js+i6vmHSk+l8sIuplu/85HdPCY6IrPSMf/cNJidF9uGM");
Assert.IsFalse(unHashed);
}
//used to register an account and add it to the database, used generics so that any type of user can be passed to the function
public bool AddAccount <T>(T account) where T : AccountBase
{
bool success = false;
//hash password before entering it into the database
var hp = new HashPasswords();
string hashedPassword = hp.HashAccountPassword(account.Password);
using (SqlConnection connection = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand(
$"INSERT INTO Accounts (Name, Username, Password, Email, AccessLevel) " +
$"VALUES (@name, @username, @password, @email, @accessLevel)", connection))
{
try
{
cmd.Parameters.AddWithValue("@name", account.Name);
cmd.Parameters.AddWithValue("@username", account.Username);
cmd.Parameters.AddWithValue("@password", hashedPassword);
cmd.Parameters.AddWithValue("@email", account.Email);
cmd.Parameters.AddWithValue("@accessLevel", account.AccessLevel);
connection.Open();
cmd.ExecuteNonQuery();
connection.Close();
success = true;
}
catch (Exception ex)
{
Console.WriteLine("There was an issue while creating this user " + ex);
}
}
}
return(success);
}
private void btnAsimEncriptar_Click(object sender, EventArgs e)
{
string txt = HashPasswords.Get_Credentials_Pathern(txtUserName.Text, txtPassword.Text);
bool isValid = HashPasswords.CompararHash(txt, txtHashEncriptado.Text);
if (isValid)
{
MessageBox.Show("El usuario se autentico correctamente");
}
else
{
MessageBox.Show("Autenticacion FALLIDA, nombre de usuario o contraseña es invalida");
}
}
//this is function is used for retrieving information from database needed to login to an account
public Tuple <bool, string, string> GetAccountPassword(string username, string enteredPassword)
{
string savedPassword = "";
string currentUserId = "";
string accessLevel = "";
using (SqlConnection connection = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand($"SELECT * FROM Accounts WHERE Username = @username", connection))
{
connection.Open();
cmd.Parameters.AddWithValue("@username", username);
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
try
{
savedPassword = reader["Password"].ToString();
currentUserId = reader["Id"].ToString();
accessLevel = reader["AccessLevel"].ToString();
}
catch (Exception ex)
{
Console.WriteLine("There was an issue retrieving the users password to unhash." + ex);
}
}
}
connection.Close();
}
}
//check currently stored hash password with the password the user entered, see if it's a match and return the results
var hp = new HashPasswords();
bool match = hp.UnHashAccountPassword(enteredPassword, savedPassword);
//return if it's a match, and relevant account data
return(Tuple.Create(match, currentUserId, accessLevel));
}
