Beispiel #1
0
        public void ChangePassword(int userId, string oldPasswordValue, string newPasswordValue)
        {
            var user = _userManager.GetUserById(userId);

            var oldPassword = user.Credentials.Passwords.First(p => p.IsActive);

            if (oldPassword.Value != oldPasswordValue)
            {
                throw new OldPasswordWrongException("Old password is wrong");
            }

            if (_passwordPolicy.SatisfiesPolicy(user, newPasswordValue))
            {
                throw new NewPasswordDoesNotApplyPolicyException("New password does not apply password policy.");
            }


            var newPassword = new Password();

            newPassword.Value          = _passwordHasher.GetHash(newPasswordValue);
            newPassword.ExpirationDate = DateTimeOffset.Now.AddYears(1);
            newPassword.Credentials    = user.Credentials;
            newPassword.IsActive       = true;
            user.Credentials.Passwords.Add(newPassword);

            oldPassword.IsActive = false;

            _userManager.UpdateUser();
        }
        public void RecoverPassword(string newPasswordValue, string codeValue)
        {
            _confirmationCodeService.ValidateCode(codeValue);

            var user = _confirmationCodeService.GetRelatedUser(codeValue);

            if (_passwordPolicy.SatisfiesPolicy(user, newPasswordValue))
            {
                newPasswordValue = _passwordHasher.GetHash(newPasswordValue);
                user.UpdatePassword(newPasswordValue);
                _confirmationCodeService.DeactivateCode(codeValue);
            }
        }
        public void RecoverPassword(string newPasswordValue, string codeValue)
        {
            _confirmationCodeService.ValidateCode(codeValue, Models.ConfirmationCodeType.PasswordRecovery);

            var user = _confirmationCodeService.GetRelatedUser(codeValue);

            if (!_passwordPolicy.SatisfiesPolicy(user, newPasswordValue))
            {
                throw new PasswordDoesNotSatisfyPolicyException("Password does not satisfy policy.");
            }

            newPasswordValue = _passwordHasher.GetHash(newPasswordValue);
            user.UpdatePassword(newPasswordValue);
            _confirmationCodeService.DeactivateCode(codeValue);
        }