public bool ChangePassword(int userId, string userName, string oldPassword, string newPassword)
{
if (oldPassword == newPassword)
{
throw new NewPasswordCannotBeAsOneOfOldPasswordsException();
}
Users user = GetUserById(userId);
if (user == null)
{
throw new NoEntryFoundException(userId, typeof(Users).Name);
}
Credentials credentials = CredentialsRepository.FindByUserNameAndUserId(userId, userName);
if (credentials == null)
{
throw new NoEntryFoundException(userId, typeof(Credentials).Name);
}
bool validPassword = CheckUserPassword(credentials, oldPassword);
if (!validPassword)
{
throw new InvalidPasswordException();
}
bool value = CheckForPasswordHistory(userId, credentials.Id, newPassword);
if (!value)
{
return(false);
}
UserPasswordsHistory history = new UserPasswordsHistory
{
CredentialsId = credentials.Id,
UserId = user.Id,
PasswordHash = credentials.PasswordHash,
PasswordSalt = credentials.PasswordSalt,
ExpiredOn = DateTime.UtcNow
};
ArchiveRepository.Add(history);
HashedAndSaltedPassword newPasswordHash = PasswordHelper.CryptPassword(newPassword);
credentials.PasswordHash = newPasswordHash.PasswordHash;
credentials.PasswordSalt = newPasswordHash.PasswordSalt;
CredentialsRepository.Update(credentials);
return(true);
}
private bool CheckUserPassword(Credentials credentials, string password)
{
HashedAndSaltedPassword passwordHash = new
HashedAndSaltedPassword
{
PasswordHash = credentials.PasswordHash,
PasswordSalt = credentials.PasswordSalt
};
return(PasswordHelper.PasswordCompare(passwordHash, password));
}
private bool CheckForPasswordHistory(int userId, int credentialsId, string newPassword)
{
List <UserPasswordsHistory> userHistory =
ArchiveRepository.GetByUserIdAndCredentialsId(userId, credentialsId).ToList();
HashedAndSaltedPassword hash = new HashedAndSaltedPassword();
foreach (UserPasswordsHistory history in userHistory)
{
hash.PasswordHash = history.PasswordHash;
hash.PasswordSalt = history.PasswordSalt;
bool check = PasswordHelper.PasswordCompare(hash, newPassword);
if (check)
{
throw new NewPasswordCannotBeAsOneOfOldPasswordsException();
}
}
return(true);
}
public bool AssignUserCredentials(int userId, string userName, string password)
{
Users user = GetUserById(userId);
if (user == null)
{
throw new NoEntryFoundException(userId, typeof(Users).Name);
}
Credentials existingCredentials = CredentialsRepository.FindByUserId(userId);
if (existingCredentials != null)
{
throw new ExistingCredentialsFoundException(userId, existingCredentials.Id);
}
existingCredentials = CredentialsRepository.FindByUserName(userName);
if (existingCredentials != null)
{
throw new ExistingCredentialsFoundException(userName);
}
HashedAndSaltedPassword hashAndSaltPassword =
PasswordHelper.CryptPassword(password);
Credentials newCredentials = new Credentials
{
UserId = userId,
UserName = userName,
PasswordHash = hashAndSaltPassword.PasswordHash,
PasswordSalt = hashAndSaltPassword.PasswordSalt
};
CredentialsRepository.Add(newCredentials);
return(true);
}
