public async Task <User> ChangePassword(PasswordChangeRequest passwordChangeRequest)
{
var user = await _context.Users.FirstOrDefaultAsync(p => p.Id == passwordChangeRequest.Id);
if (user == null || !_authService.VerifyPasswordHash(passwordChangeRequest.CurrentPassword, user.PasswordHash, user.PasswordSalt))
{
return(null);
}
byte[] passwordHash, passwordSalt;
_authService.CreatePasswordHash(passwordChangeRequest.ConfirmPassword, out passwordHash, out passwordSalt);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
await _context.SaveChangesAsync();
return(user);
}
public async Task ChangePassword(PasswordChangeRequest data, string userId)
{
await ExecuteAsync(false, AuditTrailOperations.ChangePassword, _unitOfWork, async() =>
{
var user = _userRepo.GetById(userId);
var re = await _userManager.ChangePasswordAsync(user, data.CurrentPassword, data.NewPassword);
if (!re.Succeeded && re.Errors.Count() > 0)
{
throw new ApplicationException(string.Join("\n", re.Errors.Select(err => err.Description)));
}
if (user.IsTemporaryPassword)
{
user.IsTemporaryPassword = false;
_userRepo.Update(user);
}
return(string.Empty);
});
}
public async Task <User> ChangePassword(int id, PasswordChangeRequest request)
{
var fullUrl = _apiUrl + "/changepassword/" + id;
try
{
var result = await fullUrl.PostJsonAsync(request).ReceiveJson <User>();
return(result);
}
catch (FlurlHttpException ex)
{
var message = await GetErrorMessage(ex);
await Application.Current.MainPage.DisplayAlert(Constants.Error, message, Constants.OK);
throw;
}
}
public async Task <IActionResult> ChangePassword(ChangePasswordModel model)
{
if (model.IsNotValid())
{
model.SetInputModelValues();
return(View(model));
}
var request = new PasswordChangeRequest(CurrentUser.Id, model.OldPassword, model.NewPassword);
var response = await OrganizationService.ChangePassword(request);
if (response.Status.IsNotSuccess)
{
model.MapMessages(response);
return(View(model));
}
CurrentUser.IsActionSucceed = true;
return(Redirect("/User/ChangePasswordDone"));
}
public async Task <IActionResult> ChangePassword([FromBody] PasswordChangeRequest request)
{
try
{
var issuedAt = AuthService.TokenIssueDateTime(Request.Headers["Authorization"]);
//Tries to create an user entry.
var response = await _authService.ChangePassword(request, issuedAt);
return(StatusCode(response.Code ?? 200, response));
}
catch (Exception)
{
return(BadRequest(new GenericResponse
{
Code = (int)HttpStatusCode.BadRequest,
Status = (int)Model.Transient.StatusCode.UnknowException,
Message = "Generic error in request."
}));
}
}
public void ChangeOwnPassword_returns_success_response_when_request_is_valid([Frozen] IPasswordPolicy policy,
[Frozen] IPasswordAuthenticationService authService,
[LoggedIn] User currentUser,
PasswordChanger sut,
PasswordChangeRequest request)
{
// Arrange
Mock.Get(authService)
.Setup(x => x.Authenticate(It.IsAny <IPassword>()))
.Returns(Mock.Of <CSF.Security.Authentication.IAuthenticationResult>(x => x.Success == true));
Mock.Get(policy)
.Setup(x => x.IsPasswordOk(request.NewPassword, currentUser))
.Returns(true);
request.ConfirmNewPassword = request.NewPassword;
// Act
var result = sut.ChangeOwnPassword(request);
// Assert
Assert.IsTrue(result.Success);
}
public async Task <bool> UpdatePassword(PasswordChangeRequest request)
{
if (request.NewPassword != request.NewPasswordConfirm)
{
throw new BadRequestException(ErrorCode.ValidationErrorGeneric, "Confirm password does not match new password");
}
User current = await Fetch(request.UserId);
if (request.CurrentPassword != current.Password)
{
throw new BadRequestException(ErrorCode.ValidationErrorGeneric, "Please enter the corrent current password");
}
if (request.NewPassword == current.Password)
{
return(true);
}
current.Password = request.NewPassword;
await Update(current);
return(true);
}
public async Task <IActionResult> ChangePassword(int id, [FromBody] PasswordChangeRequest request)
{
var user = await _userManager.FindByIdAsync(id.ToString());
if (request.NewPassword == request.ConfirmPassword)
{
var result = await _userManager.ChangePasswordAsync(user, request.CurrentPassword, request.NewPassword);
if (result.Succeeded)
{
return(Ok(new { response = "Password is sucesssfully changed!" }));
}
else
{
return(BadRequest("Current password is not correct"));
}
}
else
{
return(BadRequest("New password and confirm password are not equal"));
}
}
public void InitialData()
{
this.userStore = new UserStore(this.authenticationRepository);
this.userManagementHandler = new UserManagementHandler(this.userStore);
this.handlerWithMockedUserStore = new UserManagementHandler(this.mockedUserStore);
this.user = new User {
Id = "1",
Nickname = "gustavo.matos",
Username = "******",
Roles = new List <string> {
"Admin"
},
Email = "*****@*****.**",
Password = "******"
};
this.passwordChangeRequest = new PasswordChangeRequest {
OldPassword = "******",
NewPassword = "******",
NewPasswordConfirmation = "456789"
};
this.nicknameChangeRequest = new NicknameChangeRequest {
Password = "******",
NewNickname = "jureg"
};
this.oldPortalPasswordChangeRequest = new OldPortalPasswordChangeRequest {
Username = "******",
NewPassword = "******"
};
this.oldPortalNicknameChangeRequest = new OldPortalNicknameChangeRequest {
Username = "******",
NewNickname = "jureg"
};
}
public IActionResult ChangePW(Guid id, [FromBody] PasswordChangeRequest item)
{
if (item == null || item.newPassword == null)
{
return(BadRequest());
}
var user = _context.User.FirstOrDefault(t => t.Id.Equals(id));
if (user == null)
{
return(NotFound());
}
if (isUser(user))
{
user.Password = item.newPassword;
_context.User.Update(user);
_context.SaveChanges();
return(new OkResult());
}
return(Unauthorized());
}
public async Task PasswordChange(PasswordChangeRequest request)
{
var result = _requestValidator.Validate(request);
if (!result.IsValid)
{
throw new InvalidValueException(result.Errors.Select(e => e.ErrorMessage).ToArray());
}
var user = await _dataContext.Users.Where(u => u.PasswordRecoveryToken == request.Token).SingleOrDefaultAsync();
if (user == null)
{
throw new AccessException("Password recovery session is invalid.");
}
user.Password = Utils.PasswordToHash(request.Password);
user.PasswordRecoveryToken = "";
await _dataContext.SaveChangesAsync();
await _mailer.SendPasswordChanged(user.Email, $"{user.FirstName} {user.LastName}");
}
public IHttpActionResult ResetPassword(String code, PasswordChangeRequest request)
{
BaseViewModel viewmodel = new BaseViewModel();
UserDataController dataCtrl = new UserDataController();
try
{
var user = dataCtrl.GetItems().SingleOrDefault(x => x.PasswordReset == code);
if (user == null)
{
return(Warning(viewmodel, "Der Link ist abgelaufen."));
}
String newPwd = PasswordHelper.ChangePassword(user, request.Password1, request.Password2);
dataCtrl.ChangePassword(user.ID, newPwd);
}
catch (Exception ex)
{
return(Error(viewmodel, ex));
}
return(Ok(viewmodel, "Dein Passwort wurde gesetzt."));
}
public IActionResult ChangePassword(PasswordChangeRequest passwordChangeRequest)
{
IActionResult response;
using (
IDbContextTransaction scope = _userDBAuthenticator.GetScope()
)
{
User user = _userDBAuthenticator.AuthenticateAndGetUser(
passwordChangeRequest.Uid,
passwordChangeRequest.OldPassword
);
if (user != null)
{
if (_userDBAuthenticator.ChangePassword(user, passwordChangeRequest.NewPassword))
{
response = NoContent();
}
else
{
response = BadRequest();
}
}
else
{
_logger.LogWarning(
"Unauthorized attempt to change the password of user "
+ passwordChangeRequest.Uid
);
response = Unauthorized();
}
scope.Commit();
}
return(response);
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
using (_log.NewTrace())
{
WcfClientUtils.VerifyParameter("username", username);
WcfClientUtils.VerifyParameter("oldPassword", oldPassword);
WcfClientUtils.VerifyParameter("newPassword", newPassword);
try
{
PasswordChangeRequest request = new PasswordChangeRequest();
request.NewPassword = newPassword;
request.OldPassword = oldPassword;
request.UserName = username;
PasswordChangeReply response = _membershipService.CredentialChangePassword(request);
return(response.Status == ActionStatus.OK && response.ResultStatus == true);
}
catch (Exception ex)
{
throw WcfUtils.Extract(ex);
}
}
}
public IActionResult ChangeMasterPassword([FromBody] PasswordChangeRequest model)
{
if (!ModelState.IsValid)
{
throw new AuthenticationException(ModelState.Values.SelectMany(x => x.Errors.Select(xx => xx.ErrorMessage)).ToString());
}
var authUser = _userService.GetById(GetUserIdFromJwtToken());
if (!_userService.VerifyPasswordHash(model.Password, Convert.FromBase64String(authUser.Password), Convert.FromBase64String(authUser.PasswordSalt)))
{
throw new AuthenticationException("Password is incorrect.");
}
// odszyfrowac starym i zaszyfrowac nowym haslem
var isSuccess = _userService.ChangeMasterPassword(model.Password, model.NewPassword, GetUserIdFromJwtToken().ToString());
return(Ok(new ApiResponse
{
Success = true,
Messages = new string[] { "Password has been successfully changed." }
}));
}
public ActionResult <LoginResponse> ChangePassword(PasswordChangeRequest request)
{
if (request == null)
{
return(BadRequest());
}
var id = long.Parse(User.HasClaim(c => c.Type == "id")
? User.Claims.First(c => c.Type == "id").Value
: "-1");
var lehrer = _context.Lehrer.Find(id);
if (lehrer == null)
{
return(NotFound());
}
using (var sha = SHA256.Create())
{
var hash = Convert.ToBase64String(sha.ComputeHash(Encoding.UTF8.GetBytes(request.oldPassword + SALT)));
if (lehrer.Password == hash)
{
lehrer.Password =
Convert.ToBase64String(sha.ComputeHash(Encoding.UTF8.GetBytes(request.newPassword + SALT)));
lehrer.PasswordGeaendert = true;
_context.Lehrer.Update(lehrer);
return(Ok(LoginResponse.FromTeacher(lehrer)));
}
return(Unauthorized());
}
}
public PasswordChangeResponse CheckPasswordChangeCode(PasswordChangeRequest passwordChangeRequest)
{
return(_loginService.CheckPasswordChangeCode(passwordChangeRequest.Email, passwordChangeRequest.PassChangeCode));
}
public async Task <IActionResult> ChangeMyPassword(PasswordChangeRequest userPassViewModel)
{
var a = await _userFacade.ChangeCurrentUserPasswordAsync(HttpContext.User.FindFirst(ClaimTypes.Hash).Value, userPassViewModel);
return(Redirect("/"));
}
public async Task <IActionResult> PasswordChange([FromBody] PasswordChangeRequest request)
{
if (request == null)
{
return(BadRequest(
new AuthFailedResponse
{
Errors = new List <string>()
{
"Empty Request."
}
}
));
}
var oldUser = await _userService.GetUserByUserNameAsync(request.UserName).ConfigureAwait(false);
if (oldUser == null)
{
return(NotFound(
new AuthFailedResponse
{
Errors = new List <string>()
{
"Could not find this User."
}
}
));
}
var userId = HttpContext.GetUserId();
var user = await _userService.GetUserByIdAsync(userId).ConfigureAwait(false);
if (user.UserName != request.UserName)
{
return(Unauthorized(
new AuthFailedResponse
{
Errors = new List <string>()
{
"You are not Authorized to edit this User."
}
}
));
}
var passCheck = await _identityService.CheckUserPasswordAsync(user, request.OldPassword).ConfigureAwait(false);
if (!passCheck.Success)
{
return(Unauthorized(
new AuthFailedResponse
{
Errors = passCheck.Errors
}));
}
var passUpdated = await _identityService.UpdatePasswordAsync(user, request.NewPassword).ConfigureAwait(false);
if (!passUpdated.Success)
{
return(StatusCode(500,
new AuthFailedResponse
{
Errors = passUpdated.Errors
}));
}
return(NotFound());
}
public void ChangeOwnPassword_returns_failure_result_if_new_passwords_do_not_meet_policy([Frozen] IPasswordPolicy policy,
[Frozen] IPasswordAuthenticationService authService,
[LoggedIn] User currentUser,
PasswordChanger sut,
PasswordChangeRequest request)
{
// Arrange
Mock.Get(authService)
.Setup(x => x.Authenticate(It.IsAny <IPassword>()))
.Returns(Mock.Of <CSF.Security.Authentication.IAuthenticationResult>(x => x.Success == true));
Mock.Get(policy)
.Setup(x => x.IsPasswordOk(request.NewPassword, currentUser))
.Returns(false);
request.ConfirmNewPassword = request.NewPassword;
// Act
var result = sut.ChangeOwnPassword(request);
// Assert
Assert.IsFalse(result.Success);
}
public async Task <IResponse> ChangePassword(PasswordChangeRequest request, DateTime issuedAt)
{
if (string.IsNullOrEmpty(request.email) || string.IsNullOrEmpty(request.OldPassword))
{
return new GenericResponse
{
Code = (int)HttpStatusCode.BadRequest,
Status = (int)StatusCode.EmailPasswordMissing
}
}
;
var user = await _context.Users.SingleOrDefaultAsync(x => x.Email == request.email);
//Check if the user exists.
if (user == null)
{
return new GenericResponse
{
Code = (int)HttpStatusCode.BadRequest,
Status = (int)StatusCode.UserMissing
}
}
;
//Checks if the old password is right.
if (!IsPasswordHashValid(request.OldPassword, user.PasswordHash, user.PasswordSalt))
{
return new GenericResponse
{
Code = (int)HttpStatusCode.BadRequest,
Status = (int)StatusCode.EmailPasswordInvalid
}
}
;
//Checks if the new password meets a criteria.
if (!IsPasswordValid(request.NewPassword))
{
return new GenericResponse
{
Code = (int)HttpStatusCode.BadRequest,
Status = (int)StatusCode.NewPasswordInvalid
}
}
;
if (user.PasswordLastUpdatedUtc > issuedAt)
{
return new GenericResponse
{
Code = (int)HttpStatusCode.BadRequest,
Status = (int)StatusCode.AccessTokenInvalid
}
}
;
//Hash and save the new password.
CreatePasswordHash(user, request.NewPassword);
await RevokeAllTokensFrom(user);
_context.Users.Update(user);
await _context.SaveChangesAsync();
//Log-in again?
return(new GenericResponse
{
Code = (int)HttpStatusCode.OK,
Status = (int)StatusCode.OkWithNoContent
});
}
public async Task <ActionResult <User> > UpdatePassword([FromBody] PasswordChangeRequest passwordRequest)
{
await repo.UpdatePassword(passwordRequest);
return(Ok());
}
public void ChangeOwnPassword_stores_updated_password_when_when_request_is_valid([Frozen] IPasswordPolicy policy,
[Frozen] IPasswordAuthenticationService authService,
[LoggedIn] User currentUser,
[Frozen] IUserPasswordUpdater updater,
PasswordChanger sut,
PasswordChangeRequest request)
{
// Arrange
Mock.Get(authService)
.Setup(x => x.Authenticate(It.IsAny <IPassword>()))
.Returns(Mock.Of <CSF.Security.Authentication.IAuthenticationResult>(x => x.Success == true));
Mock.Get(policy)
.Setup(x => x.IsPasswordOk(request.NewPassword, currentUser))
.Returns(true);
request.ConfirmNewPassword = request.NewPassword;
// Act
sut.ChangeOwnPassword(request);
// Assert
Mock.Get(updater)
.Verify(x => x.ChangePassword(currentUser, request.NewPassword), Times.Once());
}
public async Task <IActionResult> PasswordChange([FromBody] PasswordChangeRequest request)
{
await _loginService.PasswordChange(request);
return(Ok());
}
public async Task <User> ChangePassword(int id, [FromBody] PasswordChangeRequest request)
{
return(await _authService.ChangePassword(id, request));
}
protected void ReceivePasswordChangeRequest(PacketHeader header, Connection connection, PasswordChangeRequest request)
{
// ########################################################################
// This method requires authentication.
// If user is not authorized then send UnAuthorized and end method.
if (!Authorized(connection))
{
TCPConnection.GetConnection(connection.ConnectionInfo).SendObject(
PacketName.ReUnauthorized.ToString(), 1);
return;
}
// ########################################################################
if (Administrator(connection))
{
accountRepository.UpdatePassword(request.accountId, Security.PasswordHasher.HashPassword(request.password));
TCPConnection.GetConnection(connection.ConnectionInfo).SendObject(
PacketName.ReUpdatePassword.ToString(), GenericResponse.Success);
}
}
public static void SendUpdateAccountPassword(long accountId, string password)
{
PasswordChangeRequest passwordChangeRequest = new PasswordChangeRequest(accountId, password);
Send(PacketName.RequestUpdatePassword.ToString(), passwordChangeRequest);
}
public IActionResult ChangeCurrentUserPassword([FromBody] PasswordChangeRequest request)
{
var currentUserID = HttpContext.User.GetUserID();
return(Ok(UsersService.ChangePassword(currentUserID, request)));
}
public PasswordChangeResponse SendPasswordChangeCode(PasswordChangeRequest passwordChangeRequest)
{
return(_loginService.SendPasswordChangeCode(passwordChangeRequest.Email));
}
public async Task <bool> Post([FromBody] PasswordChangeRequest data)
{
var result = await userManager.UpdatePassword(Token.UserId, data.Password);
return(result);
}
