public bool ValidateLogin(string username, string password) { using (var db = new AuctionContext()) { var hashedPW = HashingSHA256.ComputeHash(password); return(db.Users.Any(u => u.Username == username && u.Password == hashedPW)); } }
public bool UpdateUser(User newUser) { CoreValidator.ThrowIfNull(newUser, nameof(newUser)); CoreValidator.ThrowIfNull(newUser, nameof(newUser)); CoreValidator.ThrowIfNullOrEmpty(newUser.Username, nameof(newUser.Username)); CoreValidator.ThrowIfNullOrEmpty(newUser.Password, nameof(newUser.Password)); CoreValidator.ThrowIfNullOrEmpty(newUser.Name, nameof(newUser.Name)); CoreValidator.ThrowIfNullOrEmpty(newUser.Address, nameof(newUser.Address)); CoreValidator.ThrowIfNullOrEmpty(newUser.Email, nameof(newUser.Email)); CoreValidator.ThrowIfNullOrEmpty(newUser.Phone, nameof(newUser.Phone)); CoreValidator.SpecialThrowForCoinsIfValueIsNegativeOnly(newUser.Coins, nameof(newUser.Coins)); HashingSHA256.ValidateUserPassword(newUser.Password); if (newUser.DateOfBirth > DateTime.Now.AddYears(-18)) { throw new ArgumentException($"Date of birth is not valid, the customer must be adult."); } if (!ZipController.Instance().IsZipExisting(newUser.ZipId ?? 0)) { throw new ArgumentException($"Zip id doesn't exist in the system."); } using (var db = new AuctionContext()) { var dbUser = GetUserById(newUser.Id); db.Users.Attach(dbUser); dbUser.Address = newUser.Address; dbUser.Coins = newUser.Coins; dbUser.DateOfBirth = newUser.DateOfBirth; dbUser.Email = newUser.Email; dbUser.Gender = newUser.Gender; dbUser.Name = newUser.Name; if (newUser.Password != dbUser.Password) { dbUser.Password = HashingSHA256.ComputeHash(newUser.Password); } else { dbUser.Password = newUser.Password; } dbUser.Phone = newUser.Phone; dbUser.Username = newUser.Username; dbUser.ZipId = newUser.ZipId; db.Entry(dbUser).State = System.Data.Entity.EntityState.Modified; db.SaveChanges(); return(true); } }
/// <summary> /// Checks if the Hashing method is supported. /// Throw exception if an unsupported method is chosen. /// Returns IHashingMethod if success. /// </summary> /// <param name="hashingMethod">HashingMethodType to check - returns the corresponding IHashingMethod.</param> /// <returns></returns> private IHashingMethod ViableHashingMethodCheck(HashingMethodType hashingMethod) { IHashingMethod method = null; switch (hashingMethod) { case HashingMethodType.SHA256: method = new HashingSHA256(); break; default: throw new ArgumentException("Not a viable hashing method.", "hashingMethod"); } return(method); }
public void CreateUser(User user) { CoreValidator.ThrowIfNull(user, nameof(user)); CoreValidator.ThrowIfNullOrEmpty(user.Username, nameof(user.Username)); CoreValidator.ThrowIfNullOrEmpty(user.Password, nameof(user.Password)); CoreValidator.ThrowIfNullOrEmpty(user.Name, nameof(user.Name)); CoreValidator.ThrowIfNullOrEmpty(user.Address, nameof(user.Address)); CoreValidator.ThrowIfNullOrEmpty(user.Email, nameof(user.Email)); CoreValidator.ThrowIfNullOrEmpty(user.Phone, nameof(user.Phone)); CoreValidator.ThrowIfDateIsNotCorrect(user.DateOfBirth.ToString(), nameof(user.DateOfBirth)); CoreValidator.SpecialThrowForCoinsIfValueIsNegativeOnly(user.Coins, nameof(user.Coins)); HashingSHA256.ValidateUserPassword(user.Password); var dateParsed = user.DateOfBirth; if (dateParsed > DateTime.Now.AddYears(-18)) { throw new ArgumentException($"Date of birth is not valid, the customer must be adult."); } if (!ZipController.Instance().IsZipExisting(user.ZipId ?? 0)) { throw new ArgumentException($"Zip id doesn't exist in the system."); } using (var db = new AuctionContext()) { var userNew = new User { Username = user.Username, Password = HashingSHA256.ComputeHash(user.Password), Name = user.Name, Address = user.Address, Email = user.Email, Phone = user.Phone, DateOfBirth = dateParsed, Gender = user.Gender, ZipId = user.ZipId, Coins = user.Coins, IsAdmin = false, IsDeleted = false }; db.Users.Add(userNew); db.SaveChanges(); } }
/// <summary> /// Used to setup login functionality. /// Takes LoginSettings as argument. /// </summary> /// <param name="settings">Settings used to setup login.</param> public HashingService(HashingSettings settings) { this._settings = settings; IHashingMethod method; switch (settings.HashingMethod) { case HashingMethodType.SHA256: method = new HashingSHA256(settings.NumberOfIterations); break; default: throw new ArgumentException("Not a viable hashing method.", "hashingMethod"); } this._hashingMethod = method; }
public static Response Create(string password) { Console.WriteLine(); Response res = new Response(); string passwordHashIncludeSalt = HashingSHA256.passwordHash(password); string[] s = passwordHashIncludeSalt.Split(','); string hashedPassword = s[0]; Console.WriteLine("hashed password:"******"salt:" + salt); string encryptSalt = EncryptionAES.Encrypt(salt); //byte[] saltBytes = Encoding.UTF8.GetBytes(salt); //byte[] hashPasswordByte = Encoding.UTF8.GetBytes(hashedPassword); // bool verify = hashing.verifyHash(pwd, hashedPassword); //need to do asymmetric encryption to store the keys! try { if (DatabaseConnection.conn != null) { //Console.WriteLine(DatabaseConnection.conn + "a1"); DatabaseConnection.conn.Open(); MySqlCommand comm = DatabaseConnection.conn.CreateCommand(); //Object usrObj = Data.userObj; // comm.CommandText = " INSERT INTO user(username,email, passwordHash, salt)VALUES (@username, @email, @passwordHash, @salt)"; comm.CommandText = " INSERT INTO checking(passwordHash, salt)VALUES ( @passwordHash, @salt)"; comm.Parameters.AddWithValue("@passwordHash", encryptHashedPassword); comm.Parameters.AddWithValue("@salt", encryptSalt); //comm.Parameters.Add("@salt", MySqlDbType.VarBinary).Value = saltBytes; comm.ExecuteNonQuery(); res.Success = true; Console.WriteLine(res.Success); } } catch (Exception e) { //Console.WriteLine(DatabaseConnection.conn + "b2"); Console.WriteLine(e); res.Success = false; res.Reason = e.Message; } finally { if (DatabaseConnection.conn != null) { //Console.WriteLine(DatabaseConnection.conn + "c3"); DatabaseConnection.conn.Close(); } else { Console.WriteLine("dbconn is null"); } } Console.WriteLine("RESPONSE FROM DATABASE"); Console.WriteLine(res); return(res); }
public static Response Login(string password) { Response res = new Response(); Response resRetrieve = new Response(); int checkID = 1; try { Console.WriteLine("HI IM IN LOGIN"); if (DatabaseConnection.conn != null) { DatabaseConnection.conn.Open(); MySqlCommand comm = DatabaseConnection.conn.CreateCommand(); comm.CommandText = "SELECT passwordHash, salt from checking WHERE checkID = @checkID"; comm.Parameters.AddWithValue("@checkID", checkID); using (var reader = comm.ExecuteReader()) { Console.WriteLine("Breakpoint X"); while (reader.Read()) { Console.WriteLine("Breakpoint Y"); string encryptedCorrectPasswordHash = reader.GetString("passwordHash"); string correctPasswordHash = EncryptionAES.Decrypt(encryptedCorrectPasswordHash); string encryptedSalt = reader.GetString("salt"); string salt = EncryptionAES.Decrypt(encryptedSalt); Console.WriteLine("Correct password hash: " + correctPasswordHash); Console.WriteLine("Salt: " + salt); bool verifyHash = HashingSHA256.verifypasswordHash(password, salt, correctPasswordHash); Console.WriteLine("Verifying hash: " + verifyHash); if (verifyHash) { Console.Write("verified"); res.Success = true; Console.WriteLine("Breakpoint Z1 == Login success!"); } else { res.Success = false; res.Reason = "Unmatch password"; Console.WriteLine("Breakpoint Z2: unmatch password"); } } } Console.WriteLine("Breakpoint A"); DatabaseConnection.conn.Close(); Console.WriteLine("Breakpoint B"); } } catch (Exception e) { res.Success = false; res.Reason = e.Message; Console.WriteLine(e.Message); Console.WriteLine("Breakpoint C"); } finally { Console.WriteLine("Breakpoint D"); if (DatabaseConnection.conn != null) { Console.WriteLine("Breakpoint E: connection not null currently closing"); DatabaseConnection.conn.Close(); } Console.WriteLine("Breakpoint F: connection closed"); } Console.WriteLine(res.Success); return(res); }