public void ImplementStrategy(string accountId, string newPasswordPlain) { Account account = null; try { //Get account from db account = _accountRepo.Find(a => a.AccountId == accountId).SingleOrDefault(); //Password string salt = _passwordSaltGenerator.Generate(); string passHashed = _passwordHashHelper.GenerateHash(salt + newPasswordPlain); //Update account data UpdateDefinition <Account> updDef = Builders <Account> .Update .Set(x => x.PasswordStatus, PasswordStatus.Set) .Set(x => x.PasswordLastChanged, DateTime.Now) .Set(x => x.Salt, salt) .Set(x => x.Password, passHashed); _accountRepo.UpdateOne(x => x.AccountId == accountId, updDef); } catch (Exception ex) { //Log error _logger.LogError("UserAssignedPasswordSetStrategy.ImplementStrategy", "Exception was thrown", new { AccountId = accountId, Account = account, Exception = ex }); throw; } }
public async Task ImplementConfirmation(string accountId) { Account account = null; try { // Get account from db. account = _accountRepo.Find(a => a.AccountId == accountId).SingleOrDefault(); // Generate confirmation code and it's hash string emailConfirmCodePlain = _emailConfirmCodeGenerator.Generate(); string emailConirmCodeHashed = _hashHelper.GenerateHash(emailConfirmCodePlain); // Will be saved in db. ConfirmEmailRequest confirmEmailRequest = new ConfirmEmailRequest() { Id = Guid.NewGuid().ToString("n"), AccountId = account.AccountId, Code = emailConirmCodeHashed, Email = account.Email, CreateDate = DateTime.Now, Status = ConfirmEmailRequestStatus.NotResolved }; _requestRepo.InsertOne(confirmEmailRequest); // Will be sent to user's email. EmailConfirmationByLinkRequestEvent confMail = new EmailConfirmationByLinkRequestEvent() { CorrelationId = Guid.NewGuid().ToString(), Issuer = "AuthServer.UserSystem.Services.Strategies.ConfirmLinkEmailConfirmationStrategy", IssuerSystem = "AuthServer.UserSystem", EventDate = DateTime.Now, Username = account.Username, Email = account.Email, ConfirmationUrl = string.Format(_confirmLinkUrl, emailConfirmCodePlain) }; await Publish(confMail); } catch (Exception ex) { // Log error. _logger.LogError("ConfirmLinkEmailConfirmationStrategy.ImplementConfirmation", "Exception was thrown.", new { Account = account, Exception = ex }); throw; } }
public void ImplementStrategy(string accountId, string newPasswordPlain) { Account account = null; try { // Get account from db. account = _accountRepo.Find(a => a.AccountId == accountId).SingleOrDefault(); if (account.EmailStatus != EmailStatus.Confirmed) { return; } // Prepare the password. string passwordPlain = _passwordGenerator.Generate(); string salt = _passwordSaltGenerator.Generate(); string passHashed = _passwordHashHelper.GenerateHash(account.Salt + passwordPlain); // Update account data. UpdateDefinition <Account> updDef = Builders <Account> .Update .Set(x => x.PasswordStatus, PasswordStatus.Set) .Set(x => x.PasswordLastChanged, DateTime.Now) .Set(x => x.Salt, salt) .Set(x => x.Password, passHashed); _accountRepo.UpdateOne(x => x.AccountId == accountId, updDef); // Publish event that may be used, for example, to email the password to the user. Publish(new DirectPasswordSetEvent() { Email = account.Email, Username = account.Username, PasswordPlain = passwordPlain }); } catch (Exception ex) { // Log error. _logger.LogError("DirectPasswordSetStrategy.ImplementStrategy", "Exception was thrown", new { AccountId = accountId, Account = account, Exception = ex }); throw; } }
public async Task Execute(string accountId, PasswordChangeModel model, IValidator validator) { try { //Validate input _validationStrategy.Validate(model, validator); if (validator.HasErrors) { return; } //Validate old password and find account Account account = await _accountRepo.Find(x => x.AccountId == accountId && x.AccountStatus != AccountStatus.Inactive).SingleOrDefaultAsync(); if (account == null || account.PasswordStatus == PasswordStatus.Empty || !_secretHashHelper.ValidateSecret(account.Salt + model.OldPassword, account.Password)) { validator.AddError("Wrong old password", "OldPassword"); return; } //Generate new salt string newSalt = _passwordSaltGenerator.Generate(); //Generate new hashed password string newHashedPass = _secretHashHelper.GenerateHash(newSalt + model.NewPassword); //Save in db _accountRepo.UpdateOne(x => x.AccountId == accountId, CreateUpdateDef(newHashedPass, newSalt)); //Raise a PasswordChanged event PasswordChangedEvent passwordChangedEvent = CreatePasswordChangedEvent(account); await Publish(passwordChangedEvent); return; } catch (Exception ex) { await _logger.LogErrorAsync("ChangeAccountPasswordCommand.Execute", "Exception occurred", new { Exception = ex }); throw; } }
public async Task <bool> Execute(string code) { ConfirmEmailRequest request = null; string codeHashed = null; try { codeHashed = _codeHashHelper.GenerateHash(code); DateTime maxDate = DateTime.Now.AddDays(-_daysToExpire); request = (await _emailConfirmCollection.FindAsync(x => x.Code == codeHashed && x.Status == ConfirmEmailRequestStatus.NotResolved && x.CreateDate > maxDate)).SingleOrDefault(); if (request == null) { return(false); } var account = (await _accountRepo.FindAsync(x => x.AccountId == request.AccountId)).SingleOrDefault(); if (request.Email != account.Email) { await _logger.LogInfoAsync("ConfirmEmailCommand.ConfirmEmail", "Request email and account email are different", new { RequestEmail = request.Email, AccountEmail = account.Email }); return(false); } if (account.EmailStatus == EmailStatus.Confirmed) { return(false); } //update account and save _accountRepo.UpdateOne(x => x.AccountId == account.AccountId, Builders <Account> .Update.Set(x => x.EmailStatus, EmailStatus.Confirmed)); //update request and save var updDef = Builders <ConfirmEmailRequest> .Update.Set(x => x.Status, ConfirmEmailRequestStatus.Resolved) .Set(x => x.ResolveDate, DateTime.Now); await _emailConfirmCollection.UpdateOneAsync(x => x.Id == request.Id, updDef); //log and return await _logger.LogEventAsync("ConfirmEmailCommand.ConfirmEmail", "Successfully confirmed", new { CodeHashed = codeHashed, ConfirmEmailRequest = request }); return(true); } catch (Exception ex) { await _logger.LogErrorAsync("ConfirmEmailCommand.ConfirmEmail", "Exception occurred", new { Exception = ex, CodeHashed = codeHashed, ConfirmEmailRequest = request }); throw; } }