using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace OwinFramework.InterfacesV1.Facilities
{
///
/// This POCO is returned when the user chooses a new password and the
/// password is checked to see if it meets the password complexity policy
///
public class PasswordCheckResult
{
///
/// Contains true if the password is allowed under the password
/// complexity policy
///
public bool IsAllowed { get; set; }
///
/// If the IsAllowed property is False, then this property contains
/// a description of why the password is not acceptable. This
/// description must be suitably worded for display in the UI
///
public string ValidationError { get; set; }
///
/// Returns an HTML description of the password policy. This will
/// be displayed in teh UI when the user changes their password.
///
public string PasswordPolicy { get; set; }
}
///
/// You can implement this interface in your application to add a custom
/// password hashing scheme for a specific version of stored passwords.
/// This is particularly useful when migrating users from a prior system
/// and you do not want to force all the users to reset their password.
///
public interface IPasswordHashingScheme
{
///
/// Computes a hash for a password
///
/// The password to hash
/// If you pass salt in then it will be appended to
/// the password prior to hashing. If you pass null for the salt, then
/// the hashing scheme should generate random salt and return it.
///
byte[] ComputeHash(string password, ref byte[] salt);
}
///
/// Defines a facility for hashing passwords so that they can be safely
/// stored and checked later.
///
public interface IPasswordHasher
{
///
/// Tests a potential password to see if it meets the requirements for
/// password complexity.
///
/// The identity of the user who is setting the
/// password. This is passed as a parameter to enable identity specific
/// password complexity rules - such as you can not use the same password
/// again.
/// The password that the user wants to set
/// Results of checking their password against the policy
PasswordCheckResult CheckPasswordAllowed(string identity, string password);
///
/// Computes the hash for a password so that it can be stored as the new
/// password for the identity
///
/// The identity whos password is being set. This is passed in
/// case the implementation uses different versions of the hashing scheme for different
/// types of identity
/// The password that the user chose
/// You can pass in a version to use that hashing scheme or pass null
/// for the most recent version. Outputs the version of the password hashing scheme that
/// was actually used, never returns null.
/// Outputs the random salt that was added to the password before hashing
/// Outputs the password hash that can be safely stored
void ComputeHash(string identity, string password, ref int? version, out byte[] salt, out byte[] hash);
///
/// Computes the hash for a password so that it can be compared to the stored
/// hash during the login process
///
/// The login password supplied by the user
/// The version of the password hashing scheme that
/// was employed when the password was originally hashed
/// The random salt that was originally appended to the
/// password before hashing
/// Outputs a hash that can be compared to the stored
/// hash to see if the user supplied the correct password.
void ComputeHash(string password, int version, byte[] salt, out byte[] hash);
///
/// Sets the password hashing scheme for a specific version number.
///
/// The version number that this scheme applies to
/// The hashing scheme
void SetHashingScheme(int version, IPasswordHashingScheme scheme);
///
/// Gets a specific version of the password hashing scheme
///
/// The version number to get
/// The hashing scheme used for this version of the hash
IPasswordHashingScheme GetHashingScheme(int version);
}
}