public async Task <UserData> GetUserWithPasswordAsync(
string userName,
string password,
CancellationToken cancellationToken)
{
FileUserData user = await GetUserAsync(userName, cancellationToken);
if (user == null)
{
return(null);
}
byte[] hash = CalculateHash(user.Salt, password, user.Algorithm, user.Iterations);
if (hash.Length != user.Hash.Length)
{
return(null);
}
if (!ConstantTimeEquals(hash, 0, user.Hash, 0, hash.Length))
{
return(null);
}
return(new UserData(userName));
}
private async Task <FileUserData> GetUserAsync(string username, CancellationToken token)
{
using (FileStream stream = File.Open(_settings.UserPasswordFile, FileMode.Open, FileAccess.Read, FileShare.Read))
using (var reader = new StreamReader(stream))
{
string line = null;
while (await reader.TryReadLineAsync(l => line = l, token))
{
string[] parts = line.Split(':');
if (parts.Length != 2)
{
continue;
}
if (!parts[1].StartsWith('{'))
{
continue;
}
int endAlgIndex = parts[1].IndexOf('}');
if (endAlgIndex == -1)
{
continue;
}
if (parts[0] == username)
{
string alg = parts[1].Substring(1, endAlgIndex - 1);
string pwdData = parts[1].Substring(endAlgIndex + 1);
var fileUserData = new FileUserData
{
Name = username,
Algorithm = alg,
};
SplitHashAndSalt(
fileUserData.Algorithm,
pwdData,
out fileUserData.Hash,
out fileUserData.Salt,
out fileUserData.Iterations);
if (fileUserData.Hash == null)
{
return(null);
}
return(fileUserData);
}
}
}
return(null);
}
