|
@@ -37,11 +37,11 @@ namespace UnivateProperties_API.Repository.Users
|
37
|
37
|
|
38
|
38
|
// check if username exists
|
39
|
39
|
if (user == null)
|
40
|
|
- return null;
|
|
40
|
+ throw new AppException("Username is incorrect");
|
41
|
41
|
|
42
|
42
|
// check if password is correct
|
43
|
|
- if (!VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt))
|
44
|
|
- return null;
|
|
43
|
+ if (!MyCommon.VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt))
|
|
44
|
+ throw new AppException("Password is incorrect");
|
45
|
45
|
|
46
|
46
|
// authentication successful
|
47
|
47
|
return user;
|
|
@@ -57,7 +57,7 @@ namespace UnivateProperties_API.Repository.Users
|
57
|
57
|
throw new AppException("Username \"" + user.Username + "\" is already taken");
|
58
|
58
|
|
59
|
59
|
byte[] passwordHash, passwordSalt;
|
60
|
|
- CreatePasswordHash(password, out passwordHash, out passwordSalt);
|
|
60
|
+ MyCommon.CreatePasswordHash(password, out passwordHash, out passwordSalt);
|
61
|
61
|
|
62
|
62
|
user.PasswordHash = passwordHash;
|
63
|
63
|
user.PasswordSalt = passwordSalt;
|
|
@@ -105,18 +105,12 @@ namespace UnivateProperties_API.Repository.Users
|
105
|
105
|
throw new AppException("Individual \"" + individual.Username + "\" is already taken");
|
106
|
106
|
byte[] passwordHash, passwordSalt;
|
107
|
107
|
|
108
|
|
- CreatePasswordHash(individual.Password, out passwordHash, out passwordSalt);
|
|
108
|
+ MyCommon.CreatePasswordHash(individual.Password, out passwordHash, out passwordSalt);
|
|
109
|
+
|
|
110
|
+ User createUser = new User(individual.Username, individual.Password);
|
109
|
111
|
|
110
|
|
- User createUser = new User()
|
111
|
|
- {
|
112
|
|
- Username = individual.Username,
|
113
|
|
- PasswordHash = passwordHash,
|
114
|
|
- PasswordSalt = passwordSalt
|
115
|
|
- };
|
116
|
112
|
Create(createUser, individual.Password, save);
|
117
|
|
- Person person = new Person()
|
118
|
|
- {
|
119
|
|
- };
|
|
113
|
+
|
120
|
114
|
if (personType == PersonType.Agent)
|
121
|
115
|
{
|
122
|
116
|
Agent agent = new Agent()
|
|
@@ -171,7 +165,7 @@ namespace UnivateProperties_API.Repository.Users
|
171
|
165
|
if (!string.IsNullOrWhiteSpace(password))
|
172
|
166
|
{
|
173
|
167
|
byte[] passwordHash, passwordSalt;
|
174
|
|
- CreatePasswordHash(password, out passwordHash, out passwordSalt);
|
|
168
|
+ MyCommon.CreatePasswordHash(password, out passwordHash, out passwordSalt);
|
175
|
169
|
|
176
|
170
|
user.PasswordHash = passwordHash;
|
177
|
171
|
user.PasswordSalt = passwordSalt;
|
|
@@ -248,36 +242,5 @@ namespace UnivateProperties_API.Repository.Users
|
248
|
242
|
{
|
249
|
243
|
_dbContext.SaveChanges();
|
250
|
244
|
}
|
251
|
|
-
|
252
|
|
- private static void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
|
253
|
|
- {
|
254
|
|
- if (password == null) throw new ArgumentNullException("password");
|
255
|
|
- if (string.IsNullOrWhiteSpace(password)) throw new ArgumentException("Value cannot be empty or whitespace only string.", "password");
|
256
|
|
-
|
257
|
|
- using (var hmac = new System.Security.Cryptography.HMACSHA512())
|
258
|
|
- {
|
259
|
|
- passwordSalt = hmac.Key;
|
260
|
|
- passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
|
261
|
|
- }
|
262
|
|
- }
|
263
|
|
-
|
264
|
|
- private static bool VerifyPasswordHash(string password, byte[] storedHash, byte[] storedSalt)
|
265
|
|
- {
|
266
|
|
- if (password == null) throw new ArgumentNullException("password");
|
267
|
|
- if (string.IsNullOrWhiteSpace(password)) throw new ArgumentException("Value cannot be empty or whitespace only string.", "password");
|
268
|
|
- if (storedHash.Length != 64) throw new ArgumentException("Invalid length of password hash (64 bytes expected).", "passwordHash");
|
269
|
|
- if (storedSalt.Length != 128) throw new ArgumentException("Invalid length of password salt (128 bytes expected).", "passwordHash");
|
270
|
|
-
|
271
|
|
- using (var hmac = new System.Security.Cryptography.HMACSHA512(storedSalt))
|
272
|
|
- {
|
273
|
|
- var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
|
274
|
|
- for (int i = 0; i < computedHash.Length; i++)
|
275
|
|
- {
|
276
|
|
- if (computedHash[i] != storedHash[i]) return false;
|
277
|
|
- }
|
278
|
|
- }
|
279
|
|
-
|
280
|
|
- return true;
|
281
|
|
- }
|
282
|
245
|
}
|
283
|
246
|
}
|