public void ArePasswordsEqual_PasswordIsNull_ThrowsArgumentNullException()
{
// Arrange
SecuredPassword securedPassword = new SecuredPassword("password_hash", "password_salt");
// Act and Assert
Assert.Throws<ArgumentNullException>(() => this._securedPasswordHelper.ArePasswordsEqual(null, securedPassword));
}
public bool ArePasswordsEqual(string password, SecuredPassword securedPassword)
{
Guard.NotNullOrEmpty(password, "password");
Guard.NotNull(securedPassword, "securedPassword");
using (
Rfc2898DeriveBytes deriveBytes = new Rfc2898DeriveBytes(password, Convert.FromBase64String(securedPassword.Salt))
)
{
byte[] newKey = deriveBytes.GetBytes(SecuredPasswordHelper.SaltSize);
return newKey.SequenceEqual(Convert.FromBase64String(securedPassword.Hash));
}
}
private bool IsPasswordCorrect(string password, User user)
{
SecuredPassword securedPassword = new SecuredPassword(user.Password, user.Salt);
return this._securedPasswordHelper.ArePasswordsEqual(password, securedPassword);
}