public bool ChangePassword(int userId, string userName, string oldPassword, string newPassword) { if (oldPassword == newPassword) { throw new NewPasswordCannotBeAsOneOfOldPasswordsException(); } Users user = GetUserById(userId); if (user == null) { throw new NoEntryFoundException(userId, typeof(Users).Name); } Credentials credentials = CredentialsRepository.FindByUserNameAndUserId(userId, userName); if (credentials == null) { throw new NoEntryFoundException(userId, typeof(Credentials).Name); } bool validPassword = CheckUserPassword(credentials, oldPassword); if (!validPassword) { throw new InvalidPasswordException(); } bool value = CheckForPasswordHistory(userId, credentials.Id, newPassword); if (!value) { return(false); } UserPasswordsHistory history = new UserPasswordsHistory { CredentialsId = credentials.Id, UserId = user.Id, PasswordHash = credentials.PasswordHash, PasswordSalt = credentials.PasswordSalt, ExpiredOn = DateTime.UtcNow }; ArchiveRepository.Add(history); HashedAndSaltedPassword newPasswordHash = PasswordHelper.CryptPassword(newPassword); credentials.PasswordHash = newPasswordHash.PasswordHash; credentials.PasswordSalt = newPasswordHash.PasswordSalt; CredentialsRepository.Update(credentials); return(true); }
private bool CheckUserPassword(Credentials credentials, string password) { HashedAndSaltedPassword passwordHash = new HashedAndSaltedPassword { PasswordHash = credentials.PasswordHash, PasswordSalt = credentials.PasswordSalt }; return(PasswordHelper.PasswordCompare(passwordHash, password)); }
private bool CheckForPasswordHistory(int userId, int credentialsId, string newPassword) { List <UserPasswordsHistory> userHistory = ArchiveRepository.GetByUserIdAndCredentialsId(userId, credentialsId).ToList(); HashedAndSaltedPassword hash = new HashedAndSaltedPassword(); foreach (UserPasswordsHistory history in userHistory) { hash.PasswordHash = history.PasswordHash; hash.PasswordSalt = history.PasswordSalt; bool check = PasswordHelper.PasswordCompare(hash, newPassword); if (check) { throw new NewPasswordCannotBeAsOneOfOldPasswordsException(); } } return(true); }
public bool AssignUserCredentials(int userId, string userName, string password) { Users user = GetUserById(userId); if (user == null) { throw new NoEntryFoundException(userId, typeof(Users).Name); } Credentials existingCredentials = CredentialsRepository.FindByUserId(userId); if (existingCredentials != null) { throw new ExistingCredentialsFoundException(userId, existingCredentials.Id); } existingCredentials = CredentialsRepository.FindByUserName(userName); if (existingCredentials != null) { throw new ExistingCredentialsFoundException(userName); } HashedAndSaltedPassword hashAndSaltPassword = PasswordHelper.CryptPassword(password); Credentials newCredentials = new Credentials { UserId = userId, UserName = userName, PasswordHash = hashAndSaltPassword.PasswordHash, PasswordSalt = hashAndSaltPassword.PasswordSalt }; CredentialsRepository.Add(newCredentials); return(true); }