v6.3.0 - quick token hash

Author: stanac

HISTORY.md

@@ -1,13 +1,16 @@
-## v6.2
-- Added QuickEncryption (~3000x faster encryption and ~5500x faster decryption for small data)
+## v6.3.0
+- Added overload for `HashToken` in `TokenGenerator` for quick hash
 
-## v6.1
+## v6.2.0
+- Added `QuickEncryption` (~3000x faster encryption and ~5500x faster decryption for small data)
+
+## v6.1.0
 - Added target framework 8 (6 and 7 are still supported)
 
-## v6.0
+## v6.0.0
 - Changed framework dependency from netstandard1.6 to net6.0
 
-## v5.0
+## v5.0.0
 - Removed code marked as obsolete in previous versions
 
 ## v4.5.0

README.md

@@ -317,7 +317,10 @@ string GenerateToken(int length)
 // Hashes token (with random salt) so you don't have to store plain text token
 string HashToken(string token)
 
-// Validates token hash that is created by calling HashToken(string)
+// Hashes token with SHA256 if quickHash is true (suitable for long random tokens with short expiry time), if false it works the same as HashToken(string)
+string HashToken(string token, bool quickHash)
+
+// Validates token hash that is created by calling HashToken(string) or HashToken(string, bool)
 bool ValidateTokenHash(string token, string hash)
 ```
 

src/EasyCrypto/EasyCrypto.csproj

@@ -5,7 +5,7 @@
 		<ImplicitUsings>enable</ImplicitUsings>
 		<Nullable>disable</Nullable>
 		<LangVersion>11</LangVersion>
-		<Version>6.2.0</Version>
+		<Version>6.3.0</Version>
 		<PackageLicenseExpression>MIT</PackageLicenseExpression>
 
 		<GeneratePackageOnBuild>True</GeneratePackageOnBuild>

src/EasyCrypto/TokenGenerator.cs

@@ -7,9 +7,9 @@ namespace EasyCrypto;
 /// </summary>
 public class TokenGenerator
 {
-    private static readonly CryptoRandom _rand = new CryptoRandom();
-    private static readonly PasswordHasher _hasher = new PasswordHasher(16, 500);
-
+    private readonly CryptoRandom _rand = new();
+    private readonly PasswordHasher _hasher = new(16, 500);
+    
     /// <summary>
     /// Characters allowed in generated token by default
     /// </summary>
@@ -88,6 +88,22 @@ public string HashToken(string token)
         return "00" + _hasher.HashPasswordAndGenerateEmbeddedSaltAsString(token).BeautifyBase64();
     }
 
+    /// <summary>
+    /// Hashes token
+    /// </summary>
+    /// <param name="token">Token to hash</param>
+    /// <param name="quickHash">True for quick hash (SHA256, suitable for long random token with short expiry time), false to use old method</param>
+    /// <returns>Hashed token with embedded salt</returns>
+    public string HashToken(string token, bool quickHash)
+    {
+        if (quickHash)
+        {
+            return "01" + HashSha256(token);
+        }
+
+        return HashToken(token);
+    }
+
     /// <summary>
     /// Validates token hash
     /// </summary>
@@ -104,6 +120,19 @@ public bool ValidateTokenHash(string token, string hash)
             return _hasher.ValidatePasswordWithEmbeddedSalt(token, hash.UglifyBase64());
         }
 
+        if (version == "01")
+        {
+            string hash2 = HashSha256(token);
+            return hash == hash2;
+        }
+
         throw new InvalidOperationException("Unknown hash version, please update reference of EasyCrypto.");
     }
+
+    private static string HashSha256(string token)
+    {
+        SHA256 sha = SHA256.Create();
+        byte[] hash = sha.ComputeHash(Encoding.UTF8.GetBytes(token));
+        return Convert.ToBase64String(hash);
+    }
 }

tests/EasyCrypto.Tests/TokenGeneratorTests.cs

@@ -46,4 +46,15 @@ public void NotValidHashedToken_Validate_ReturnsFalse()
         bool isValid = tokenGen.ValidateTokenHash(token, hash);
         Assert.False(isValid);
     }
+
+    [Fact]
+    public void QuickHash_Verify_ReturnsTrue()
+    {
+        var tokenGen = new TokenGenerator();
+        string token = tokenGen.GenerateToken(30);
+        string hash = tokenGen.HashToken(token, true);
+
+        bool isValid = tokenGen.ValidateTokenHash(token, hash);
+        Assert.True(isValid);
+    }
 }