public void SaltPasswordTest() { string salt = PasswordUtility.GenerateSalt(32); string password = "******"; Assert.That(PasswordUtility.SaltPassword(password, salt), Is.EqualTo(string.Concat(password, salt))); }
public async Task <string> RegisterAsync(Account account) { string response = string.Empty; if (await _dbContext.Accounts.AnyAsync(a => a.Email == account.Email)) { response = "Email is already in use"; } else { if (await _dbContext.Accounts.AnyAsync(a => a.Username == account.Username)) { response = "Username is already in use"; } else { account.Created = DateTime.UtcNow; byte[] salt = PasswordUtility.GenerateSalt(); account.PasswordSalt = salt; account.PasswordHash = PasswordUtility.HashPassword(account.Password, account.PasswordSalt); await _dbContext.Accounts.AddAsync(account); await _dbContext.SaveChangesAsync(); } } return(response); }
public void VerifyPasswordTest() { string password = "******"; string salt = PasswordUtility.GenerateSalt(password.Length); string hashPassword = PasswordUtility.HashPassword(PasswordUtility.SaltPassword(password, salt)); Assert.That(PasswordUtility.VerifyPassword(hashPassword, password, salt), Is.True); Assert.That(PasswordUtility.VerifyPassword(hashPassword, "notmypassword", salt), Is.False); }
public async Task ChangePassword(int accountID, string oldPass, string newPass) { Account entity = await _dbContext.Accounts.FindAsync(accountID); if (entity is null) { throw new NoAccountFoundException(); } byte[] passHash = PasswordUtility.HashPassword(oldPass, entity.PasswordSalt); if (Enumerable.SequenceEqual(entity.PasswordHash, passHash)) { entity.PasswordSalt = PasswordUtility.GenerateSalt(); entity.PasswordHash = PasswordUtility.HashPassword(newPass, entity.PasswordSalt); await _dbContext.SaveChangesAsync(); } else { throw new InvalidPasswordException(); } }