Updated dependencies and tests. Added xml docs and symbols

Author: scottbrady91

src/ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher/ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher.csproj

@@ -4,20 +4,23 @@
     <TargetFramework>netstandard2.0</TargetFramework>
     <AssemblyName>ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher</AssemblyName>
     <PackageId>ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher</PackageId>
-    <PackageVersion>1.1.0</PackageVersion>
     <Authors>Scott Brady</Authors>
     <Description>ASP.NET Core Identity IPasswordHasher implementation using Scrypt</Description>
     <Copyright>Copyright (c) 2017 Scott Brady</Copyright>
     <PackageTags>aspnetcore;identity;scrypt;password;hashing;hash;security</PackageTags>
     <PackageIconUrl>https://www.scottbrady91.com/img/logos/scottbrady91.png</PackageIconUrl>
     <PackageProjectUrl>https://github.com/scottbrady91/ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher</PackageProjectUrl>
     <PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>
+    <IncludeSymbols>true</IncludeSymbols>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <Version>1.3.0</Version>
     <PackageReleaseNotes>Updated ASP.NET Identity dependencies. Made methods virtual.</PackageReleaseNotes>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Identity.Core" Version="2.0.0" />
     <PackageReference Include="Scrypt.NET" Version="1.3.0" />
+    <PackageReference Include="Microsoft.Extensions.Identity.Core" Version="2.1.0" />
+    <PackageReference Include="SecurityCodeScan" Version="3.5.4" PrivateAssets="all" />
   </ItemGroup>
 
 </Project>

src/ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher/ScryptPasswordHasher.cs

@@ -5,27 +5,51 @@
 
 namespace ScottBrady91.AspNetCore.Identity
 {
+    /// <summary>
+    /// ASP.NET Core Identity password hasher using the scrypt password hashing algorithm.
+    /// </summary>
+    /// <typeparam name="TUser">your ASP.NET Core Identity user type (e.g. IdentityUser). User is not used by this implementation</typeparam>
     public class ScryptPasswordHasher<TUser> : IPasswordHasher<TUser> where TUser : class
     {
         private readonly ScryptPasswordHasherOptions options;
 
+        /// <summary>
+        /// Creates a new ScryptPasswordHasher.
+        /// </summary>
+        /// <param name="optionsAccessor">optional ScryptPasswordHasherOptions</param>
         public ScryptPasswordHasher(IOptions<ScryptPasswordHasherOptions> optionsAccessor = null)
         {
             options = optionsAccessor?.Value ?? new ScryptPasswordHasherOptions();
         }
 
+        /// <summary>
+        /// Hashes a password using scrypt.
+        /// </summary>
+        /// <param name="user">not used for this implementation</param>
+        /// <param name="password">plaintext password</param>
+        /// <returns>hashed password</returns>
+        /// <exception cref="ArgumentNullException">missing plaintext password</exception>
         public virtual string HashPassword(TUser user, string password)
         {
-            if (password == null) throw new ArgumentNullException(nameof(password));
+            if (string.IsNullOrWhiteSpace(password)) throw new ArgumentNullException(nameof(password));
 
             var encoder = new ScryptEncoder(options.IterationCount, options.BlockSize, options.ThreadCount);
             return encoder.Encode(password);
         }
 
+        /// <summary>
+        /// Verifies a plaintext password against a stored hash.
+        /// </summary>
+        /// <param name="user">not used for this implementation</param>
+        /// <param name="hashedPassword">the stored, hashed password</param>
+        /// <param name="providedPassword">the plaintext password to verify against the stored hash</param>
+        /// <returns>If the password matches the stored password</returns>
+        /// <exception cref="ArgumentNullException">missing plaintext password or hashed password</exception>
+
         public virtual PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword)
         {
-            if (hashedPassword == null) throw new ArgumentNullException(nameof(hashedPassword));
-            if (providedPassword == null) throw new ArgumentNullException(nameof(providedPassword));
+            if (string.IsNullOrWhiteSpace(hashedPassword)) throw new ArgumentNullException(nameof(hashedPassword));
+            if (string.IsNullOrWhiteSpace(providedPassword)) throw new ArgumentNullException(nameof(providedPassword));
 
             var encoder = new ScryptEncoder();
             var isValid = encoder.Compare(providedPassword, hashedPassword);

src/ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher/ScryptPasswordHasherOptions.cs

@@ -1,5 +1,8 @@
 namespace ScottBrady91.AspNetCore.Identity
 {
+    /// <summary>
+    /// Options for ScryptPasswordHasher.
+    /// </summary>
     public class ScryptPasswordHasherOptions
     {
         public int IterationCount { get; set; } = 16384;

test/ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher.Tests/ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher.Tests.csproj

@@ -1,18 +1,31 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp2.0;netcoreapp2.1;netcoreapp2.2;net461</TargetFrameworks>
+    <TargetFrameworks>netcoreapp2.1;netcoreapp3.1;net5.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="FluentAssertions" Version="5.6.0" />
+    <PackageReference Include="FluentAssertions" Version="5.10.3" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.8.3" />
     <PackageReference Include="xunit" Version="2.4.1" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.1">
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
       <PrivateAssets>all</PrivateAssets>
-      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
     </PackageReference>
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp2.1'">
+    <PackageReference Include="Microsoft.Extensions.Identity.Core" Version="2.1.6" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.1'">
+    <PackageReference Include="Microsoft.Extensions.Identity.Core" Version="3.1.12" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)' == 'net5.0'">
+    <PackageReference Include="Microsoft.Extensions.Identity.Core" Version="5.0.1" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\src\ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher\ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher.csproj" />
   </ItemGroup>

test/ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher.Tests/ScryptPasswordHasherTests.cs

@@ -9,18 +9,46 @@ namespace ScottBrady91.AspNetCore.Identity.ScryptPasswordHasher.Tests
 {
     public class ScryptPasswordHasherTests
     {
+        private ScryptPasswordHasherOptions options = new ScryptPasswordHasherOptions();
+
+        private ScryptPasswordHasher<string> CreateSut() =>
+            new ScryptPasswordHasher<string>(
+                options != null ? new OptionsWrapper<ScryptPasswordHasherOptions>(options) : null);
+        
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        [InlineData(" ")]
+        public void HashPassword_WhenPasswordIsNullOrWhitespace_ExpectArgumentNullException(string password)
+        {
+            var sut = CreateSut();
+            Assert.Throws<ArgumentNullException>(() => sut.HashPassword(null, password));
+        }
+        
         [Fact]
         public void HashPassword_WithDefaultSettings_ExpectVerifiableHash()
         {
             var password = Guid.NewGuid().ToString();
 
-            var hasher = new ScryptPasswordHasher<string>();
-            var hashedPassword = hasher.HashPassword("", password);
+            var sut = CreateSut();
+            var hashedPassword = sut.HashPassword("", password);
 
             var encoder = new ScryptEncoder();
             encoder.Compare(password, hashedPassword).Should().BeTrue();
         }
 
+        [Fact]
+        public void HashPassword_WhenCalledMultipleTimesWithSamePlaintext_ExpectDifferentHash()
+        {
+            var password = Guid.NewGuid().ToString();
+
+            var sut = CreateSut();
+            var hashedPassword1 = sut.HashPassword("", password);
+            var hashedPassword2 = sut.HashPassword("", password);
+
+            hashedPassword1.Should().NotBe(hashedPassword2);
+        }
+
         [Fact]
         public void HashPassword_WithCustomSettings_ExpectVerifiableHash()
         {
@@ -31,14 +59,36 @@ public void HashPassword_WithCustomSettings_ExpectVerifiableHash()
 
             var password = Guid.NewGuid().ToString();
 
-            var hasher = new ScryptPasswordHasher<string>(
-                new OptionsWrapper<ScryptPasswordHasherOptions>(
-                    new ScryptPasswordHasherOptions {IterationCount = iterationCount, BlockSize = blockSize, ThreadCount = threadCount}));
-            var hashedPassword = hasher.HashPassword("", password);
+            options.IterationCount = iterationCount;
+            options.BlockSize = blockSize;
+            options.ThreadCount = threadCount;
+            var sut = CreateSut();
+            
+            var hashedPassword = sut.HashPassword("", password);
 
             var encoder = new ScryptEncoder();
             encoder.Compare(password, hashedPassword).Should().BeTrue();
         }
+        
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        [InlineData(" ")]
+        public void VerifyHashedPassword_WhenHashedPasswordIsNullOrWhitespace_ExpectArgumentNullException(string hashedPassword)
+        {
+            var sut = CreateSut();
+            Assert.Throws<ArgumentNullException>(() => sut.VerifyHashedPassword(null, hashedPassword, Guid.NewGuid().ToString()));
+        }
+
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        [InlineData(" ")]
+        public void VerifyHashedPassword_WhenPasswordIsNullOrWhitespace_ExpectArgumentNullException(string password)
+        {
+            var sut = CreateSut();
+            Assert.Throws<ArgumentNullException>(() => sut.VerifyHashedPassword(null, Guid.NewGuid().ToString(), password));
+        }
 
         [Fact]
         public void VerifyHashedPassword_WithDefaultSettings_ExpectSuccess()
@@ -47,9 +97,9 @@ public void VerifyHashedPassword_WithDefaultSettings_ExpectSuccess()
             var encoder = new ScryptEncoder();
             var hashedPassword = encoder.Encode(password);
 
-            var hasher = new ScryptPasswordHasher<string>();
+            var sut = CreateSut();
 
-            hasher.VerifyHashedPassword("", hashedPassword, password).Should().Be(PasswordVerificationResult.Success);
+            sut.VerifyHashedPassword("", hashedPassword, password).Should().Be(PasswordVerificationResult.Success);
         }
 
         [Fact]
@@ -64,9 +114,9 @@ public void VerifyHashedPassword_WithCustomSettings_ExpectSuccess()
             var encoder = new ScryptEncoder(iterationCount, blockSize, threadCount);
             var hashedPassword = encoder.Encode(password);
 
-            var hasher = new ScryptPasswordHasher<string>();
+            var sut = CreateSut();
 
-            hasher.VerifyHashedPassword("", hashedPassword, password).Should().Be(PasswordVerificationResult.Success);
+            sut.VerifyHashedPassword("", hashedPassword, password).Should().Be(PasswordVerificationResult.Success);
         }
 
         [Fact]
@@ -76,9 +126,9 @@ public void VerifyHashedPassword_WhenSuppliedPasswordDoesNotMatch_ExpectFailure(
             var encoder = new ScryptEncoder();
             var hashedPassword = encoder.Encode(Guid.NewGuid().ToString());
 
-            var hasher = new ScryptPasswordHasher<string>();
+            var sut = CreateSut();
 
-            hasher.VerifyHashedPassword("", hashedPassword, password).Should().Be(PasswordVerificationResult.Failed);
+            sut.VerifyHashedPassword("", hashedPassword, password).Should().Be(PasswordVerificationResult.Failed);
         }
     }
 }