public void TestAuthorized()
{
var username = "******";
var token = _authRepo.Auth(new User {
UserName = username
});
_authRepo.IsAuthorized(token).Should().BeTrue();
}
public IActionResult Auth(string username, string password)
{
var matchingUser = _userRepo.GetUser(username);
if (matchingUser is null)
{
return(Unauthorized());
}
var passwordHashBytes = SHA256.HashData(Encoding.UTF8.GetBytes(password ?? string.Empty));
var passwordHash = BitConverter.ToString(passwordHashBytes).Replace("-", string.Empty);
var passwordsMatchIngoreCase = string.Equals(matchingUser.PasswordHash, passwordHash, StringComparison.InvariantCultureIgnoreCase);
if (!passwordsMatchIngoreCase)
{
return(Unauthorized());
}
var token = _authRepo.Auth(matchingUser);
return(Ok(token));
}