/// <summary>
/// Returns IHashedUser object with password and salt hashed.
/// The IHashedUser object must include Username, Password, and SaltByteArray.
/// </summary>
/// <param name="userToHash">User to hash</param>
/// <returns></returns>
public IHashedUser GetHashedUser(IHashedUser userToHash)
{
// Check if user input is valid.
if (userToHash.Password == null || userToHash.Password == string.Empty)
{
throw new ArgumentNullException("Password");
}
if (userToHash.Salt == null || userToHash.Salt == string.Empty)
{
throw new ArgumentNullException("Salt");
}
// Convert password string to byte array
byte[] passwordByteArray = Encoding.UTF8.GetBytes(userToHash.Password);
byte[] saltByteArray = Convert.FromBase64String(userToHash.Salt);
// Create hashed password with salt.
byte[] passwordWithSalt = this.HashPasswordWithSalt(passwordByteArray, saltByteArray);
// Set salt string - using Base64String
userToHash.Password = Convert.ToBase64String(passwordWithSalt);
userToHash.Salt = Convert.ToBase64String(saltByteArray);
return(userToHash);
}
public void VerifyPassword_ComparingWrongPassword_ShouldNotBeEqual()
{
// Arrange
HashingSettings settings = new HashingSettings(HashingMethodType.SHA256);
HashingService hashingService = new HashingService(settings);
string username = "******";
string correctPassword = "******";
string wrongPassword = "******";
IHashedUser hashedUser = null;
bool passwordMatched = false;
// Act
hashedUser = hashingService.CreateHashedUser(username, correctPassword);
passwordMatched = hashingService.VerifyPassword(wrongPassword, hashedUser.Password, hashedUser.Salt);
Console.WriteLine("Original Correct Password: "******"Original Wrong Password: "******"Hashed Password: "******"Hashed Salt: " + hashedUser.Salt);
// Assert
Assert.IsFalse(passwordMatched);
}
public void CreateUser(IUser user)
{
IHashedUser hashedUser = HandlerFactory.GetLoginHandler().CreateHashedUserInfo(user.Username, user.UserPassword);
user.UserPassword = hashedUser.Password;
user.Salt = hashedUser.Salt;
using (var conn = new SqlConnection(HandlerFactory.GetDBConnectionString()))
{
conn.Open();
var identity = conn.Insert(user);
conn.Close();
}
}
public void CreateHashedUser_WithValidSettings_ShouldCreateIHashedUser()
{
// Arrange
HashingSettings settings = new HashingSettings(HashingMethodType.SHA256);
HashingService hashingService = new HashingService(settings);
string username = "******";
string password = "******";
IHashedUser hashedUser = null;
// Act
hashedUser = hashingService.CreateHashedUser(username, password);
// Assert
Assert.IsNotNull(hashedUser);
}
/// <summary>
/// Verify the integrity of the User Salt and password.
/// Returns true if the password passes.
/// Returns false if the hashed password and salt does not match.
/// </summary>
/// <param name="user1"></param>
/// <param name="user2"></param>
/// <returns></returns>
public bool VerifyUserHash(IHashedUser userLogin, IHashedUser DBuser)
{
bool userHashIsVerified = false;
// Make sure the Database Salt is set.
if (DBuser.Salt == null || DBuser.Salt == string.Empty || DBuser.Salt == "")
{
throw new ArgumentException("User 1 salt is not set", "user1");
}
// Converts 64ByteString to ByteArray - IHashedUser.SaltByteArray
DBuser.SaltByteArray = Convert.FromBase64String(DBuser.Salt);
// Hash logged in user.
IHashedUser hashedUserLogin = this._hashingMethod.GetHashedUser(userLogin);
if (hashedUserLogin.Password == DBuser.Password)
{
userHashIsVerified = true;
}
return(userHashIsVerified);
}
