From 3f7807e0a8512a47f0d4c68548d18bce4e4fc24d Mon Sep 17 00:00:00 2001
From: Ognjen Andjelic <andjelicb.ognjen@gmail.com>
Date: Wed, 18 Sep 2024 14:42:38 +0200
Subject: [PATCH] Added BCrypt.Net - password hashing

---
 .../AirportAutomationInfrastructure/Data/createDB.sql      | 7 ++++---
 .../Airport\320\220utomation.Api.csproj"                   | 1 +
 .../Authentication/AuthenticationController.cs"            | 7 ++++---
 .../Authentication/AuthenticationRepository.cs"            | 4 ++--
 .../Authentication/IAuthenticationRepository.cs"           | 2 +-
 5 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/AirportAutomation/AirportAutomationInfrastructure/Data/createDB.sql b/AirportAutomation/AirportAutomationInfrastructure/Data/createDB.sql
index 27a5ac6..6d345f8 100644
--- a/AirportAutomation/AirportAutomationInfrastructure/Data/createDB.sql
+++ b/AirportAutomation/AirportAutomationInfrastructure/Data/createDB.sql
@@ -87,7 +87,7 @@ FOREIGN KEY (FlightId) REFERENCES Flight (Id)
 CREATE TABLE ApiUser (
 ApiUserId int NOT NULL  IDENTITY(1,1),
 UserName nvarchar(50) NOT NULL,
-Password nvarchar(50) NOT NULL,
+Password nvarchar(100) NOT NULL,
 Roles nvarchar(50) NOT NULL,
 PRIMARY KEY (ApiUserId )
 );
@@ -210,10 +210,11 @@ VALUES
     (1000.00, '2023-06-15', 11, 9, 3, 9),
     (1100.00, '2023-06-16', 2, 10, 1, 10);
 
+-- Usernmae and Password are the same!
 INSERT INTO ApiUser (UserName, Password, Roles)
 VALUES 
-    ('og', 'og', 'Admin'),
-    ('aa', 'aa', 'User');    
+    ('og', '$2a$12$G5TIfsl2VIYnN00LwaCOSOcm5MIQIP36ukJ23KxNgqZt4u7Gpm6n2', 'Admin'),
+    ('aa', '$2a$12$wrWz/NXOYXmr6MNEciCQW.4Z4.HujMtFPm0p0X44NbC4CG0XkGr9q', 'User');    
 
 COMMIT TRANSACTION;
 
diff --git "a/AirportAutomation/Airport\320\220utomationApi/Airport\320\220utomation.Api.csproj" "b/AirportAutomation/Airport\320\220utomationApi/Airport\320\220utomation.Api.csproj"
index 08b78ec..f16b0b3 100644
--- "a/AirportAutomation/Airport\320\220utomationApi/Airport\320\220utomation.Api.csproj"
+++ "b/AirportAutomation/Airport\320\220utomationApi/Airport\320\220utomation.Api.csproj"
@@ -21,6 +21,7 @@
     <PackageReference Include="AspNetCore.HealthChecks.UI.Client" Version="8.0.0" />
     <PackageReference Include="AspNetCoreRateLimit" Version="5.0.0" />
     <PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="12.0.1" />
+    <PackageReference Include="BCrypt.Net-Next" Version="4.0.3" />
     <PackageReference Include="DateOnlyTimeOnly.AspNet" Version="2.1.1" />
     <PackageReference Include="DateOnlyTimeOnly.AspNet.Swashbuckle" Version="2.1.1" />
     <PackageReference Include="Microsoft.AspNet.WebApi.OwinSelfHost" Version="5.2.9" />
diff --git "a/AirportAutomation/Airport\320\220utomationApi/Authentication/AuthenticationController.cs" "b/AirportAutomation/Airport\320\220utomationApi/Authentication/AuthenticationController.cs"
index 15c4a29..6e468ea 100644
--- "a/AirportAutomation/Airport\320\220utomationApi/Authentication/AuthenticationController.cs"
+++ "b/AirportAutomation/Airport\320\220utomationApi/Authentication/AuthenticationController.cs"
@@ -2,6 +2,7 @@
 using AirportAutomation.Core.Entities;
 using AirportАutomation.Api.Controllers;
 using AutoMapper;
+using BCrypt.Net;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.IdentityModel.Tokens;
@@ -43,11 +44,11 @@ public AuthenticationController(IAuthenticationRepository authenticationReposito
 		public ActionResult<string> Authenticate(ApiUserDto apiUserDto)
 		{
 			var apiUser = _mapper.Map<ApiUserEntity>(apiUserDto);
-			var user = _authenticationRepository.ValidateUser(apiUser.UserName, apiUser.Password);
+			var user = _authenticationRepository.GetUserByUsername(apiUser.UserName);
 
-			if (user is null)
+			if (user is null || !BCrypt.Net.BCrypt.Verify(apiUser.Password, user.Password))
 			{
-				_logger.LogInformation("User with username: {UserName} and password: {Password} don’t have permission to access this resource",
+				_logger.LogError("User with username: {UserName} and password: {Password} don’t have permission to access this resource",
 					apiUser.UserName, apiUser.Password);
 				return Unauthorized("Provided username or password is incorrect.");
 			}
diff --git "a/AirportAutomation/Airport\320\220utomationApi/Authentication/AuthenticationRepository.cs" "b/AirportAutomation/Airport\320\220utomationApi/Authentication/AuthenticationRepository.cs"
index 17b9c0a..2564bd0 100644
--- "a/AirportAutomation/Airport\320\220utomationApi/Authentication/AuthenticationRepository.cs"
+++ "b/AirportAutomation/Airport\320\220utomationApi/Authentication/AuthenticationRepository.cs"
@@ -12,9 +12,9 @@ public AuthenticationRepository(DatabaseContext context)
 			_context = context ?? throw new ArgumentNullException(nameof(context));
 		}
 
-		public ApiUserEntity ValidateUser(string username, string password)
+		public ApiUserEntity GetUserByUsername(string username)
 		{
-			return _context.ApiUser.FirstOrDefault(user => user.UserName.Equals(username) && user.Password == password);
+			return _context.ApiUser.FirstOrDefault(user => user.UserName.Equals(username));
 		}
 		public void Dispose()
 		{
diff --git "a/AirportAutomation/Airport\320\220utomationApi/Authentication/IAuthenticationRepository.cs" "b/AirportAutomation/Airport\320\220utomationApi/Authentication/IAuthenticationRepository.cs"
index 78ee4f1..ec82df4 100644
--- "a/AirportAutomation/Airport\320\220utomationApi/Authentication/IAuthenticationRepository.cs"
+++ "b/AirportAutomation/Airport\320\220utomationApi/Authentication/IAuthenticationRepository.cs"
@@ -4,7 +4,7 @@ namespace AirportАutomation.Api.Authentication
 {
 	public interface IAuthenticationRepository
 	{
-		public ApiUserEntity ValidateUser(string username, string password);
+		public ApiUserEntity GetUserByUsername(string username);
 
 	}
 }