Added BCrypt.Net - password hashing

AirportAutomation/AirportAutomationInfrastructure/Data/createDB.sql

@@ -87,7 +87,7 @@ FOREIGN KEY (FlightId) REFERENCES Flight (Id)
 CREATE TABLE ApiUser (
 ApiUserId int NOT NULL  IDENTITY(1,1),
 UserName nvarchar(50) NOT NULL,
-Password nvarchar(50) NOT NULL,
+Password nvarchar(100) NOT NULL,
 Roles nvarchar(50) NOT NULL,
 PRIMARY KEY (ApiUserId )
 );
@@ -210,10 +210,11 @@ VALUES
     (1000.00, '2023-06-15', 11, 9, 3, 9),
     (1100.00, '2023-06-16', 2, 10, 1, 10);
 
+-- Usernmae and Password are the same!
 INSERT INTO ApiUser (UserName, Password, Roles)
 VALUES 
-    ('og', 'og', 'Admin'),
-    ('aa', 'aa', 'User');    
+    ('og', '$2a$12$G5TIfsl2VIYnN00LwaCOSOcm5MIQIP36ukJ23KxNgqZt4u7Gpm6n2', 'Admin'),
+    ('aa', '$2a$12$wrWz/NXOYXmr6MNEciCQW.4Z4.HujMtFPm0p0X44NbC4CG0XkGr9q', 'User');    
 
 COMMIT TRANSACTION;
 

AirportAutomation/AirportАutomationApi/AirportАutomation.Api.csproj

@@ -21,6 +21,7 @@
     <PackageReference Include="AspNetCore.HealthChecks.UI.Client" Version="8.0.0" />
     <PackageReference Include="AspNetCoreRateLimit" Version="5.0.0" />
     <PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="12.0.1" />
+    <PackageReference Include="BCrypt.Net-Next" Version="4.0.3" />
     <PackageReference Include="DateOnlyTimeOnly.AspNet" Version="2.1.1" />
     <PackageReference Include="DateOnlyTimeOnly.AspNet.Swashbuckle" Version="2.1.1" />
     <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.2.9" />

AirportAutomation/AirportАutomationApi/Authentication/AuthenticationController.cs

@@ -2,6 +2,7 @@
 using AirportAutomation.Core.Entities;
 using AirportАutomation.Api.Controllers;
 using AutoMapper;
+using BCrypt.Net;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.IdentityModel.Tokens;
@@ -43,11 +44,11 @@ public AuthenticationController(IAuthenticationRepository authenticationReposito
 		public ActionResult<string> Authenticate(ApiUserDto apiUserDto)
 		{
 			var apiUser = _mapper.Map<ApiUserEntity>(apiUserDto);
-			var user = _authenticationRepository.ValidateUser(apiUser.UserName, apiUser.Password);
+			var user = _authenticationRepository.GetUserByUsername(apiUser.UserName);
 
-			if (user is null)
+			if (user is null || !BCrypt.Net.BCrypt.Verify(apiUser.Password, user.Password))
 			{
-				_logger.LogInformation("User with username: {UserName} and password: {Password} don’t have permission to access this resource",
+				_logger.LogError("User with username: {UserName} and password: {Password} don’t have permission to access this resource",
 					apiUser.UserName, apiUser.Password);
 				return Unauthorized("Provided username or password is incorrect.");
 			}

AirportAutomation/AirportАutomationApi/Authentication/AuthenticationRepository.cs

@@ -12,9 +12,9 @@ public AuthenticationRepository(DatabaseContext context)
 			_context = context ?? throw new ArgumentNullException(nameof(context));
 		}
 
-		public ApiUserEntity ValidateUser(string username, string password)
+		public ApiUserEntity GetUserByUsername(string username)
 		{
-			return _context.ApiUser.FirstOrDefault(user => user.UserName.Equals(username) && user.Password == password);
+			return _context.ApiUser.FirstOrDefault(user => user.UserName.Equals(username));
 		}
 		public void Dispose()
 		{

AirportAutomation/AirportАutomationApi/Authentication/IAuthenticationRepository.cs

@@ -4,7 +4,7 @@ namespace AirportАutomation.Api.Authentication
 {
 	public interface IAuthenticationRepository
 	{
-		public ApiUserEntity ValidateUser(string username, string password);
+		public ApiUserEntity GetUserByUsername(string username);
 
 	}
 }