perf tweak: using BCrypt.Verify instead of HashPassword again

mgroves · Oct 25, 2023 · 71464d4 · 71464d4
1 parent 374038a
commit 71464d4
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/Conduit/Conduit.Web/Users/Handlers/GetCurrentUserHandler.cs b/Conduit/Conduit.Web/Users/Handlers/GetCurrentUserHandler.cs
@@ -18,6 +18,8 @@ public GetCurrentUserHandler(IAuthService authService, IUserDataService userData
 
     public async Task<GetCurrentUserResult> Handle(GetCurrentUserRequest request, CancellationToken cancellationToken)
     {
+        // TODO: the whole user could be put into a JWT token, which would mean a database call could be skipped
+
         var usernameClaim = _authService.GetUsernameClaim(request.BearerToken);
         if (usernameClaim.IsNotFound)
             return new GetCurrentUserResult { IsInvalidToken = true };

diff --git a/Conduit/Conduit.Web/Users/Services/AuthService.cs b/Conduit/Conduit.Web/Users/Services/AuthService.cs
@@ -18,8 +18,6 @@ public AuthService(IOptions<JwtSecrets> jwtSecrets)
 
     public string GenerateJwtToken(string email, string username)
     {
-        // TODO: put username in claim too?
-
         var claims = new[]
         {
             new Claim(ClaimTypes.Email, email),
@@ -42,7 +40,7 @@ public string GenerateJwtToken(string email, string username)
 
     public bool DoesPasswordMatch(string submittedPassword, string passwordFromDatabase, string passwordSalt)
     {
-        return HashPassword(submittedPassword, passwordSalt) == passwordFromDatabase;
+        return BCrypt.Net.BCrypt.Verify(submittedPassword, passwordFromDatabase);
     }
 
     public string HashPassword(string password, string passwordSalt)