public async Task <bool> CheckPasswordAsync(string password, RegisteredUser user)
{
var ret = false;
var lockEntry = ServerContext.ServiceTable.GetOrCreate(user.Username).UserLock;
await lockEntry.WithConcurrentReadAsync(Task.Run(() =>
{
//Calculate hash and compare
var cryptoHelper = new AuthCryptoHelper(user.Crypto.Conf);
var pwKey =
cryptoHelper.CalculateUserPasswordHash(password, user.Crypto.Salt);
ret = StructuralComparisons.StructuralEqualityComparer.Equals(pwKey, user.Crypto.Key);
}));
return(ret);
}
private RegisteredUser RegisterUser(RegistrationRequest regRequest)
{
RegisteredUser newUserRecord = null;
if (FindUserByUsernameAsync(regRequest.Username).GetAwaiter().GetResult() != null)
{
//BAD! Another conflicting user exists!
throw new SecurityException("A user with the same username already exists!");
}
var db = new DatabaseAccessService().OpenOrCreateDefault();
var registeredUsers = db.GetCollection <RegisteredUser>(DatabaseAccessService.UsersCollectionDatabaseKey);
using (var trans = db.BeginTrans())
{
// Calculate cryptographic info
var cryptoConf = PasswordCryptoConfiguration.CreateDefault();
var cryptoHelper = new AuthCryptoHelper(cryptoConf);
var pwSalt = cryptoHelper.GenerateSalt();
var encryptedPassword =
cryptoHelper.CalculateUserPasswordHash(regRequest.Password, pwSalt);
// Create user
newUserRecord = new RegisteredUser
{
Identifier = Guid.NewGuid().ToString(),
Username = regRequest.Username,
ApiKey = StringUtils.SecureRandomString(AuthCryptoHelper.DefaultApiKeyLength),
Crypto = new ItemCrypto
{
Salt = pwSalt,
Conf = cryptoConf,
Key = encryptedPassword
},
StorageQuota = ServerContext.Configuration.DefaultQuota
};
// Add the user to the database
registeredUsers.Insert(newUserRecord);
// Index database
registeredUsers.EnsureIndex(x => x.Identifier);
registeredUsers.EnsureIndex(x => x.ApiKey);
registeredUsers.EnsureIndex(x => x.Username);
trans.Commit();
}
return(newUserRecord);
}
public async Task ChangeUserPasswordAsync(RegisteredUser user, string newPassword)
{
var lockEntry = ServerContext.ServiceTable.GetOrCreate(user.Username).UserLock;
await lockEntry.WithExclusiveWriteAsync(Task.Run(async() =>
{
// Recompute password crypto
var cryptoConf = PasswordCryptoConfiguration.CreateDefault();
var cryptoHelper = new AuthCryptoHelper(cryptoConf);
var pwSalt = cryptoHelper.GenerateSalt();
var encryptedPassword =
cryptoHelper.CalculateUserPasswordHash(newPassword, pwSalt);
user.Crypto = new ItemCrypto
{
Salt = pwSalt,
Conf = cryptoConf,
Key = encryptedPassword
};
// Save changes
await UpdateUserInDatabaseAsync(user);
}));
}