public async Task <CreateUserResponse> Handle(CreateUserRequest request) { var errors = new List <CreateUserError>(); if (!namePattern.IsMatch(request.Name)) { errors.Add(CreateUserError.NameHasInvalidFormat); } if (!emailPattern.IsMatch(request.Email)) { errors.Add(CreateUserError.EmailHasInvalidFormat); } if (!passwordPattern.IsMatch(request.Password)) { errors.Add(CreateUserError.PasswordHasInvalidFormat); } if (errors.Any()) { return(new CreateUserResponse(errors)); } if (await userRetriever.RetrieveByName(request.Name) != null) { return(new CreateUserResponse(CreateUserError.NameAlreadyTaken)); } if (await userRetriever.RetrieveByEmail(request.Email) != null) { return(new CreateUserResponse(CreateUserError.EmailAlreadyInUse)); } var salt = new byte[16]; using (var rng = new RNGCryptoServiceProvider()) { rng.GetBytes(salt); } var passwordHash = passwordHasher.GenerateHash(salt, request.Password); var user = new User(request.Name, request.Email, salt, passwordHash, 0); await userCreator.Create(user); return(new CreateUserResponse(user.Id)); }
public async Task <AuthenticateUserResponse> Handle(AuthenticateUserRequest request) { var user = await userRetriever.RetrieveByName(request.Name); var salt = user?.Salt ?? new byte[16]; var passwordHash = passwordHasher.GenerateHash(salt, request.Password); if (user == null || !user.PasswordHash.SequenceEqual(passwordHash)) { return(new AuthenticateUserResponse(AuthenticateUserError.InvalidCredentials)); } if (!user.Active) { return(new AuthenticateUserResponse(AuthenticateUserError.UserIsInactive)); } var auth = new UserAuthentication(user, authDurationProvider.Duration); await authCreator.Create(auth); return(new AuthenticateUserResponse(auth.Id, auth.Expiration)); }