feat: Implement configurable BCrypt work factor in UserService #9
Description
Description
Currently, the UserService class uses BCrypt for password hashing with the default work factor (10). To improve security configuration flexibility, we should make this work factor configurable.
Implementation Details
- Modify UserService constructor to accept IConfiguration
- Read BCrypt work factor from configuration (e.g., "PasswordSecurity:BCryptWorkFactor")
- Use this configured value in the HashPassword method
- Add appropriate default configuration in appsettings.json
Example Implementation
// Add to constructor
private readonly int _bcryptWorkFactor;
public UserService(ITokenService tokenService, IRoleRepository roleRepository,
IUserRepository userRepository, IMapper mapper, IConfiguration configuration)
{
// Other initializations...
_bcryptWorkFactor = configuration.GetValue<int>("PasswordSecurity:BCryptWorkFactor") ?? 12;
}
private string HashPassword(string password)
{
return BCrypt.Net.BCrypt.HashPassword(password, _bcryptWorkFactor);
}Configuration (appsettings.json)
{
"PasswordSecurity": {
"BCryptWorkFactor": 12
}
}Related PR
This was identified during review of #8
Benefit
This change allows adjusting security parameters without recompiling, making it possible to:
- Increase the work factor as hardware gets faster (to maintain security)
- Adjust based on server performance capabilities
- Change it without recompilation
Metadata
Metadata
Assignees
Labels
No labels