public void ImplementStrategy(string accountId, string newPasswordPlain)
{
Account account = null;
try
{
//Get account from db
account = _accountRepo.Find(a => a.AccountId == accountId).SingleOrDefault();
//Password
string salt = _passwordSaltGenerator.Generate();
string passHashed = _passwordHashHelper.GenerateHash(salt + newPasswordPlain);
//Update account data
UpdateDefinition <Account> updDef = Builders <Account> .Update
.Set(x => x.PasswordStatus, PasswordStatus.Set)
.Set(x => x.PasswordLastChanged, DateTime.Now)
.Set(x => x.Salt, salt)
.Set(x => x.Password, passHashed);
_accountRepo.UpdateOne(x => x.AccountId == accountId, updDef);
}
catch (Exception ex)
{
//Log error
_logger.LogError("UserAssignedPasswordSetStrategy.ImplementStrategy", "Exception was thrown", new
{
AccountId = accountId,
Account = account,
Exception = ex
});
throw;
}
}
public async Task ImplementConfirmation(string accountId)
{
Account account = null;
try
{
// Get account from db.
account = _accountRepo.Find(a => a.AccountId == accountId).SingleOrDefault();
// Generate confirmation code and it's hash
string emailConfirmCodePlain = _emailConfirmCodeGenerator.Generate();
string emailConirmCodeHashed = _hashHelper.GenerateHash(emailConfirmCodePlain);
// Will be saved in db.
ConfirmEmailRequest confirmEmailRequest = new ConfirmEmailRequest()
{
Id = Guid.NewGuid().ToString("n"),
AccountId = account.AccountId,
Code = emailConirmCodeHashed,
Email = account.Email,
CreateDate = DateTime.Now,
Status = ConfirmEmailRequestStatus.NotResolved
};
_requestRepo.InsertOne(confirmEmailRequest);
// Will be sent to user's email.
EmailConfirmationByLinkRequestEvent confMail = new EmailConfirmationByLinkRequestEvent()
{
CorrelationId = Guid.NewGuid().ToString(),
Issuer = "AuthServer.UserSystem.Services.Strategies.ConfirmLinkEmailConfirmationStrategy",
IssuerSystem = "AuthServer.UserSystem",
EventDate = DateTime.Now,
Username = account.Username,
Email = account.Email,
ConfirmationUrl = string.Format(_confirmLinkUrl, emailConfirmCodePlain)
};
await Publish(confMail);
}
catch (Exception ex)
{
// Log error.
_logger.LogError("ConfirmLinkEmailConfirmationStrategy.ImplementConfirmation", "Exception was thrown.", new
{
Account = account,
Exception = ex
});
throw;
}
}
public void ImplementStrategy(string accountId, string newPasswordPlain)
{
Account account = null;
try
{
// Get account from db.
account = _accountRepo.Find(a => a.AccountId == accountId).SingleOrDefault();
if (account.EmailStatus != EmailStatus.Confirmed)
{
return;
}
// Prepare the password.
string passwordPlain = _passwordGenerator.Generate();
string salt = _passwordSaltGenerator.Generate();
string passHashed = _passwordHashHelper.GenerateHash(account.Salt + passwordPlain);
// Update account data.
UpdateDefinition <Account> updDef = Builders <Account> .Update
.Set(x => x.PasswordStatus, PasswordStatus.Set)
.Set(x => x.PasswordLastChanged, DateTime.Now)
.Set(x => x.Salt, salt)
.Set(x => x.Password, passHashed);
_accountRepo.UpdateOne(x => x.AccountId == accountId, updDef);
// Publish event that may be used, for example, to email the password to the user.
Publish(new DirectPasswordSetEvent()
{
Email = account.Email,
Username = account.Username,
PasswordPlain = passwordPlain
});
}
catch (Exception ex)
{
// Log error.
_logger.LogError("DirectPasswordSetStrategy.ImplementStrategy", "Exception was thrown", new
{
AccountId = accountId,
Account = account,
Exception = ex
});
throw;
}
}
public async Task Execute(string accountId, PasswordChangeModel model, IValidator validator)
{
try
{
//Validate input
_validationStrategy.Validate(model, validator);
if (validator.HasErrors)
{
return;
}
//Validate old password and find account
Account account = await _accountRepo.Find(x => x.AccountId == accountId && x.AccountStatus != AccountStatus.Inactive).SingleOrDefaultAsync();
if (account == null ||
account.PasswordStatus == PasswordStatus.Empty ||
!_secretHashHelper.ValidateSecret(account.Salt + model.OldPassword, account.Password))
{
validator.AddError("Wrong old password", "OldPassword");
return;
}
//Generate new salt
string newSalt = _passwordSaltGenerator.Generate();
//Generate new hashed password
string newHashedPass = _secretHashHelper.GenerateHash(newSalt + model.NewPassword);
//Save in db
_accountRepo.UpdateOne(x => x.AccountId == accountId, CreateUpdateDef(newHashedPass, newSalt));
//Raise a PasswordChanged event
PasswordChangedEvent passwordChangedEvent = CreatePasswordChangedEvent(account);
await Publish(passwordChangedEvent);
return;
}
catch (Exception ex)
{
await _logger.LogErrorAsync("ChangeAccountPasswordCommand.Execute", "Exception occurred", new
{
Exception = ex
});
throw;
}
}
public async Task <bool> Execute(string code)
{
ConfirmEmailRequest request = null;
string codeHashed = null;
try
{
codeHashed = _codeHashHelper.GenerateHash(code);
DateTime maxDate = DateTime.Now.AddDays(-_daysToExpire);
request = (await _emailConfirmCollection.FindAsync(x => x.Code == codeHashed && x.Status == ConfirmEmailRequestStatus.NotResolved && x.CreateDate > maxDate)).SingleOrDefault();
if (request == null)
{
return(false);
}
var account = (await _accountRepo.FindAsync(x => x.AccountId == request.AccountId)).SingleOrDefault();
if (request.Email != account.Email)
{
await _logger.LogInfoAsync("ConfirmEmailCommand.ConfirmEmail", "Request email and account email are different", new
{
RequestEmail = request.Email,
AccountEmail = account.Email
});
return(false);
}
if (account.EmailStatus == EmailStatus.Confirmed)
{
return(false);
}
//update account and save
_accountRepo.UpdateOne(x => x.AccountId == account.AccountId, Builders <Account> .Update.Set(x => x.EmailStatus, EmailStatus.Confirmed));
//update request and save
var updDef = Builders <ConfirmEmailRequest> .Update.Set(x => x.Status, ConfirmEmailRequestStatus.Resolved)
.Set(x => x.ResolveDate, DateTime.Now);
await _emailConfirmCollection.UpdateOneAsync(x => x.Id == request.Id, updDef);
//log and return
await _logger.LogEventAsync("ConfirmEmailCommand.ConfirmEmail", "Successfully confirmed", new
{
CodeHashed = codeHashed,
ConfirmEmailRequest = request
});
return(true);
}
catch (Exception ex)
{
await _logger.LogErrorAsync("ConfirmEmailCommand.ConfirmEmail", "Exception occurred", new
{
Exception = ex,
CodeHashed = codeHashed,
ConfirmEmailRequest = request
});
throw;
}
}
