//Local register //Input: registerDTO //Output: clientId public static string registerClientLocal(registerDTO body) { SwapDbConnection db = new SwapDbConnection(); client client = db.clients.FirstOrDefault(c => c.email == body.email && (c.platform == "local")); string id = ""; if (client == null) { id = IdService.generateID("client"); HashSalt hs = HashSalt.GenerateSaltedHash(body.password); client new_client = new client() { client_id = id, email = body.email, birthday_date = body.birthday, creation_date = DateTime.Now, first_name = body.first_name, last_login = DateTime.Now, last_name = body.last_name, phone = body.phone, sex = body.sex, password = hs.Hash, salt = hs.Salt, platform = "local" }; db.clients.Add(new_client); db.SaveChanges(); } return(id); }
//Authentication //Input: loginDTO //Output: client public static client checkUserLogin(loginDTO body) { SwapDbConnection db = new SwapDbConnection(); client user = db.clients.FirstOrDefault(x => x.email == body.email && x.platform == "local"); if (user == null || !HashSalt.VerifyPassword(body.password, user.password, user.salt)) { return(null); } user.last_login = DateTime.Now; db.SaveChanges(); return(user); }
//Generate SaltedHash //Input: password //Output: HashSalt object public static HashSalt GenerateSaltedHash(string password) { var saltBytes = new byte[16]; var provider = new RNGCryptoServiceProvider(); provider.GetNonZeroBytes(saltBytes); var salt = Convert.ToBase64String(saltBytes); var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltBytes, 10000); var hashPassword = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(64)); HashSalt hashSalt = new HashSalt { Hash = hashPassword, Salt = salt }; return(hashSalt); }
//Generate new password //Input: id, password //Output: string result public static string NewPassword(string id, string password) { SwapDbConnection db = new SwapDbConnection(); client client = db.clients.FirstOrDefault(c => c.client_id == id); HashSalt hashSalt; if (client == null || client.platform != "local") { return("false"); } if (HashSalt.VerifyPassword(password, client.password, client.salt)) { return("same"); } hashSalt = HashSalt.GenerateSaltedHash(password); client.password = hashSalt.Hash; client.salt = hashSalt.Salt; db.SaveChanges(); return("ok"); }
//Change user password //Input: clientId,password //Output: boolean result if the operation is successful public static bool ChangePassword(string clientId, string password) { SwapDbConnection db = new SwapDbConnection(); HashSalt newPasswordSalt; client user = db.clients.FirstOrDefault(c => c.client_id == clientId); if (user == null) { return(false); } if (user.platform != "local") { return(false); } newPasswordSalt = HashSalt.GenerateSaltedHash(password); user.salt = newPasswordSalt.Salt; user.password = newPasswordSalt.Hash; db.SaveChanges(); return(true); }