/// <summary>
/// Mets à jour un utilisateur avec un nouveau mot de passe.
/// </summary>
/// <param name="id">L'id de l'utilisateur à mettre à jour.</param>
/// <param name="clearPassword">Le mot de passe en clair, avant encryption.</param>
/// <returns>Le résultat de la mise à jour.</returns>
public ReplaceOneResult UpdatePassword(Guid id, string clearPassword)
{
User user = this.Get(id);
string hashedPassword = CryptographicHelper.GetHash(clearPassword, this.appSettings.Security.HashSalt);
user.Password = hashedPassword;
return(this.Update(user));
}
/// <summary>
/// Crée un <see cref="UserPasswordResetToken"/>, avec gestion du hashage en base.
/// </summary>
/// <param name="elm">Le <see cref="UserPasswordResetToken"/> à créer.</param>
/// <returns>L'élément créé.</returns>
public override UserPasswordResetToken Create(UserPasswordResetToken elm)
{
// We are using a hash function for storing reset password token for security reasons.
// Basically it makes it more difficult for an attacker with a read access to the database to gain access to the user account.
// See https://security.stackexchange.com/questions/86913/should-password-reset-tokens-be-hashed-when-stored-in-a-database for more info.
string hash = CryptographicHelper.GetHash(elm?.Token);
elm.Token = hash;
return(base.Create(elm));
}
/// <summary>
/// Crée un <see cref="User"/>.
/// </summary>
/// <param name="elm">Les données de le <see cref="User"/> a créé.</param>
/// <returns>L'utilisateur créé.</returns>
public override User Create(User elm)
{
if (elm == null)
{
throw new ArgumentNullException(nameof(elm));
}
string hashedPassword = CryptographicHelper.GetHash(elm.Password, this.appSettings.Security.HashSalt);
elm.Password = hashedPassword;
return(base.Create(elm));
}
/// <summary>
/// Obtient un <see cref="UserPasswordResetToken"/>, basé sur la valeur du token.
/// Notez que le token est hashé avant d'être comparé en base.
/// </summary>
/// <param name="token">La valeur du token à rechercher.</param>
/// <returns>Le <see cref="UserPasswordResetToken"/>, si trouvé.</returns>
public UserPasswordResetToken GetByToken(string token)
{
if (string.IsNullOrEmpty(token))
{
throw new ArgumentNullException(nameof(token));
}
// We are using a hash function for storing reset password token for security reasons.
// Basically it makes it more difficult for an attacker with a read access to the database to gain access to the user account.
// See https://security.stackexchange.com/questions/86913/should-password-reset-tokens-be-hashed-when-stored-in-a-database for more info.
string hash = CryptographicHelper.GetHash(token);
return(this.Entities.Find(elm => elm.Token == hash).FirstOrDefault());
}
/// <summary>
/// Authentifie un <see cref="User"/>, basé sur le <see cref="UserAuthenticateModel"/> fourni.
/// </summary>
/// <param name="model">Le <see cref="UserAuthenticateModel"/> à utiliser pour authentifier l'<see cref="Utilisateur"/>.</param>
/// <returns>L'<see cref="User">Utilisateur</see> authentifié.</returns>
public User Authenticate(UserAuthenticateModel model)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
string hashedPassword = CryptographicHelper.GetHash(model.Password, this.appSettings.Security.HashSalt);
User user = this.Entities.Find(x => x.Username == model.Username && x.Password == hashedPassword).FirstOrDefault();
if (user == null)
{
return(null);
}
else
{
if (user.Active == false)
{
// Account is not active.
return(null);
}
// Generation du token JWT.
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(this.appSettings.Security.JWT.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.Id.ToString()),
new Claim(ClaimTypes.Email, user.Email.ToString(CultureInfo.InvariantCulture)),
}),
Expires = DateTime.UtcNow.AddDays(this.appSettings.Security.JWT.DurationInDays),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature),
};
SecurityToken token = tokenHandler.CreateToken(tokenDescriptor);
user.Token = tokenHandler.WriteToken(token);
return(user.WithoutPassword());
}
}
