Пример #1
0
        public AuthenticationResult Authenticate(string userName, byte[] password, NpgsqlTransaction transaction)
        {
            Assert.NotNull(userName, nameof(userName));
            Assert.NotNull(password, nameof(password));

            User match = userRepository.GetUser(userName, transaction);

            if (match == null)
            {
                return(AuthenticationResult.Failed);
            }

            byte[] compareHash = SHA256PasswordService.GenerateHash(password, match.Salt);

            if (compareHash.Length != match.Password.Length)
            {
                return(AuthenticationResult.Failed);
            }

            for (int i = 0; i < compareHash.Length; i++)
            {
                if (compareHash[i] != match.Password[i])
                {
                    return(AuthenticationResult.Failed);
                }
            }

            return(AuthenticationResult.Success);
        }
Пример #2
0
        //ev refactoren
        public void Register(RegisterUser newUser)
        {
            Assert.NotNull(newUser, nameof(newUser));

            byte[] salt = new byte[32];

            using (RNGCryptoServiceProvider cryptoServiceProvider = new RNGCryptoServiceProvider())
            {
                cryptoServiceProvider.GetBytes(salt);
            }

            byte[] passwordHash = SHA256PasswordService.GenerateHash(Encoding.UTF8.GetBytes(newUser.Password), salt);

            using (NpgsqlConnection connection = database.CreateAndOpenConnection())
                using (NpgsqlTransaction transaction = connection.BeginTransaction())
                {
                    if (!UserNameExists(newUser, transaction))
                    {
                        string insertUserStatement = @"INSERT INTO public.""User""(""FirstName"", ""LastName"", ""UserName"", ""Email"", ""Password"",
                                ""Salt"", ""HashAlgorithm"", ""Coins"", ""Rating"", ""GamesPlayed"", ""Winrate"")
	                            VALUES(@firstName, @lastName, @userName, @email, @password, @salt, @hashAlgorithm, @coins, @rating, @gamesplayed, @winrate); "    ;

                        database.ExecuteNonQuery(insertUserStatement, transaction,
                                                 new NpgsqlParameter("firstName", newUser.FirstName),
                                                 new NpgsqlParameter("lastName", newUser.LastName),
                                                 new NpgsqlParameter("userName", newUser.UserName),
                                                 new NpgsqlParameter("email", newUser.Email),
                                                 new NpgsqlParameter("password", passwordHash),
                                                 new NpgsqlParameter("salt", salt),
                                                 new NpgsqlParameter("hashAlgorithm", "SHA256"),
                                                 new NpgsqlParameter("coins", 20),
                                                 new NpgsqlParameter("rating", 1500),
                                                 new NpgsqlParameter("gamesplayed", (object)0),
                                                 new NpgsqlParameter("winrate", (object)0)
                                                 );

                        transaction.Commit();
                    }
                    else
                    {
                        throw new UniqueConstraintViolationException(
                                  $"Registrierung fehlgeschlagen. Benutzername: {newUser.UserName} wurde bereits vergeben."
                                  );
                    }
                }
        }