/// <summary> /// Attempts to register a new user. Only the username is validated, it is expected that other fields have already been validated! /// </summary> /// <param name="signupParams"></param> /// <returns></returns> public RegisteredUser RegisterUser(WebSignupParameters signupParams) { RegisteredUser newUserRecord = null; if (FindUserByUsername(signupParams.Username) != null) { //BAD! Another conflicting user exists! throw new SecurityException("A user with the same username already exists!"); } using (var db = new DatabaseAccessService().OpenOrCreateDefault()) { var registeredUsers = db.GetCollection <RegisteredUser>(DatabaseAccessService.UsersCollectionDatabaseKey); //Calculate cryptographic info var cryptoConf = PasswordCryptoConfiguration.CreateDefault(); var pwSalt = AuthCryptoHelper.GetRandomSalt(64); var encryptedPassword = AuthCryptoHelper.CalculateUserPasswordHash(signupParams.Password, pwSalt, cryptoConf); //Create user newUserRecord = new RegisteredUser { Identifier = Guid.NewGuid(), Username = signupParams.Username, CryptoSalt = pwSalt, PasswordCryptoConfiguration = cryptoConf, PasswordKey = encryptedPassword, }; //Add the user to the database registeredUsers.Insert(newUserRecord); //Index database registeredUsers.EnsureIndex(x => x.Identifier); } return(newUserRecord); }
public bool CheckPassword(string password, RegisteredUser userRecord) { //Calculate hash and compare var pwKey = AuthCryptoHelper.CalculateUserPasswordHash(password, userRecord.CryptoSalt, userRecord.PasswordCryptoConfiguration); return(StructuralComparisons.StructuralEqualityComparer.Equals(pwKey, userRecord.PasswordKey)); }