From 36632a99578ea1fe29757e6a8a37f7fd76ac8b9e Mon Sep 17 00:00:00 2001 From: Syndamia Date: Fri, 18 Dec 2020 08:40:26 +0200 Subject: Removed password hash from JWT --- src/DevHive.Services/Services/UserService.cs | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'src/DevHive.Services/Services') diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs index af8a6f0..0fa41e8 100644 --- a/src/DevHive.Services/Services/UserService.cs +++ b/src/DevHive.Services/Services/UserService.cs @@ -40,7 +40,7 @@ namespace DevHive.Services.Services if (user.PasswordHash != GeneratePasswordHash(loginModel.Password)) throw new ArgumentException("Incorrect password!"); - return new TokenModel(WriteJWTSecurityToken(user.UserName, user.PasswordHash, user.Roles)); + return new TokenModel(WriteJWTSecurityToken(user.UserName, user.Roles)); } public async Task RegisterUser(RegisterServiceModel registerModel) @@ -64,7 +64,7 @@ namespace DevHive.Services.Services await this._userRepository.AddAsync(user); - return new TokenModel(WriteJWTSecurityToken(user.UserName, user.PasswordHash, user.Roles)); + return new TokenModel(WriteJWTSecurityToken(user.UserName, user.Roles)); } public async Task GetUserById(Guid id) @@ -110,14 +110,13 @@ namespace DevHive.Services.Services return string.Join(string.Empty, SHA512.HashData(Encoding.ASCII.GetBytes(password))); } - private string WriteJWTSecurityToken(string userName, string passwordHash, IList roles) + private string WriteJWTSecurityToken(string userName, IList roles) { byte[] signingKey = Encoding.ASCII.GetBytes(_jwtOptions.Secret); List claims = new() { new Claim(ClaimTypes.Name, userName), - new Claim(ClaimTypes.Hash, passwordHash) }; foreach(var role in roles) -- cgit v1.2.3