public void CreateAndVerifyPassword()
{
var password = "******";
var service = new UserSecurityService();
var salt = service.GetSalt();
var hashedPassword = service.CreatePassword(password, salt);
var another = service.CreatePassword(password, salt);
Assert.True(service.Verify(password, service.CreatePassword(password, salt), salt));
Assert.False(service.Verify(password, service.CreatePassword("wrong", salt), salt));
}
public async Task <IActionResult> Post(
[FromBody] AuthLoginBinding binding,
[FromServices] UserSecurityService gamerSecurityService,
CancellationToken cancellationToken)
{
var gamer = await _authorizationRepository.GetUser(binding.Login, cancellationToken);
if (gamer == null)
{
throw new ApiException(HttpStatusCode.NotFound, ErrorCodes.Forbidden, "");
}
if (String.IsNullOrEmpty(gamer.Password))
{
gamerSecurityService.CreatePassword(gamer, binding.Password);
await _authorizationRepository.SaveUser(gamer);
}
else
{
if (!gamerSecurityService.TestPassword(gamer, binding.Password))
{
throw new ApiException(HttpStatusCode.Unauthorized, ErrorCodes.Forbidden, "");
}
}
var sessionId = Guid.NewGuid();
await _authorizationRepository.SaveSession(new Session(sessionId, gamer.Id, 60 * 26, HttpContext.GetIp()));
var roles = new List <String>();
if (gamer.Roles != null)
{
roles.AddRange(gamer.Roles);
}
roles.Add(gamer.Rank.ToString().ToLower());
return(Ok(new TokenView
{
Token = sessionId,
GuildId = gamer.GuildId,
Roles = roles.Distinct(StringComparer.InvariantCultureIgnoreCase).ToArray()
}));
}