public PasswordChangeResponse ChangePassword(int UserID, string oldPassword, string newPassword)
{
PasswordChangeResponse response = new PasswordChangeResponse();
User user = _userRepository.Get(t => t.ID == UserID && t.Password == Cryptor.sha512encrypt(oldPassword)).FirstOrDefault();
if (user == null)
{
response.SetStatus(Constants.ResponseCode.INVALID_USERNAME_OR_PASSWORD);
return(response);
}
try
{
user.Password = Cryptor.sha512encrypt(newPassword);
_userRepository.Update(user);
_unitOfWork.SaveChanges();
response.SetStatus(Constants.ResponseCode.SUCCESS);
return(response);
}
catch (Exception)
{
response.SetStatus(Constants.ResponseCode.SYSTEM_ERROR);
return(response);
}
}
public PasswordChangeResponse ChangePassword(string Email, string Code, string newPassword)
{
PasswordChangeResponse response = CheckPasswordChangeCode(Email, Code);
try
{
if (response.Code == (int)Constants.ResponseCode.SUCCESS)
{
User user = _userRepository.Get(t => t.Email == Email).FirstOrDefault();
user.Password = Cryptor.sha512encrypt(newPassword);
_userRepository.Update(user);
_unitOfWork.SaveChanges();
response.SetStatus(Constants.ResponseCode.SUCCESS);
return(response);
}
else
{
response.SetStatus(Constants.ResponseCode.FAILED);
return(response);
}
}
catch (Exception)
{
response.SetStatus(Constants.ResponseCode.SYSTEM_ERROR);
return(response);
}
}
public PasswordChangeResponse CheckPasswordChangeCode(string Email, string Code)
{
PasswordChangeResponse response = new PasswordChangeResponse();
if (Email == null || Email == "" || Code == null || Code == "")
{
response.SetStatus(Constants.ResponseCode.FAILED);
return(response);
}
User user = _userRepository.Get(t => t.Email == Email).FirstOrDefault();
if (user == null)
{
response.SetStatus(Constants.ResponseCode.FAILED);
return(response);
}
if (user.PasswordChanges.LastOrDefault().ChangeCode != Code)
{
response.SetStatus(Constants.ResponseCode.FAILED);
return(response);
}
if (user.PasswordChanges.FirstOrDefault(t => t.ChangeCode == Code).IsExpired())
{
response.SetStatus(Constants.ResponseCode.EXPIRED_CODE);
return(response);
}
response.Email = user.Email;
response.PassChangeCode = user.PasswordChanges.FirstOrDefault(t => t.ChangeCode == Code).ChangeCode;
response.SetStatus(Constants.ResponseCode.SUCCESS);
return(response);
}
public async Task <PasswordChangeResponse> ChangePassword(PasswordChangeRequest request)
{
var response = new PasswordChangeResponse();
var user = await _userRepository.Select(x => x.Id == request.CurrentUserId);
if (user.IsNotExist())
{
response.SetInvalid();
response.ErrorMessages.Add("user_not_found");
return(response);
}
if (!user.IsActive)
{
response.ErrorMessages.Add("user_is_not_active");
response.Status = ResponseStatus.Invalid;
return(response);
}
if (user.PasswordHash != _cryptoHelper.Hash(request.OldPassword, user.ObfuscationSalt))
{
response.ErrorMessages.Add("old_password_is_not_right");
response.Status = ResponseStatus.Failed;
return(response);
}
var passwordHash = _cryptoHelper.Hash(request.NewPassword, user.ObfuscationSalt);
var revisions = await _userRepository.SelectRevisions(user.Id);
var last2Password = revisions.ToList().Select(x => x.Entity.PasswordHash).Distinct().Take(2);
if (last2Password.Contains(passwordHash))
{
response.ErrorMessages.Add("choose_other_password_different_then_last_2");
response.Status = ResponseStatus.Failed;
return(response);
}
user.PasswordHash = passwordHash;
user.LoginTryCount = 0;
user.PasswordResetRequestedAt = null;
user.PasswordResetToken = null;
var result = await _userRepository.Update(user.Id, user);
if (result)
{
//todo:send email
response.Status = ResponseStatus.Success;
return(response);
}
response.SetFailed();
return(response);
}
public PasswordChangeResponse SendPasswordChangeCode(string Email)
{
PasswordChangeResponse response = new PasswordChangeResponse();
if (Email == null || Email == "")
{
response.SetStatus(Constants.ResponseCode.FAILED);
return(response);
}
User user = _userRepository.Get(t => t.Email == Email).FirstOrDefault();
if (user == null)
{
response.SetStatus(Constants.ResponseCode.FAILED);
return(response);
}
string PassChangeCode = RandomGenerator.Generate(6);
MailRequest mailRequest = new MailRequest
{
ToMail = user.Email,
ToName = user.FullName(),
Subject = "B-Commerce Şifre Yenileme",
Body = $"Şifre yenileme kodunuz: {PassChangeCode}",
ProjectCode = "123456"
};
HttpClient httpClient = new HttpClient();
httpClient.BaseAddress = new Uri(Constants.NOTIFICATION_API_BASE_URI);
Task <HttpResponseMessage> httpResponse = httpClient.PostAsJsonAsync(Constants.NOTIFICATION_API_MAIL_URI, mailRequest);
if (!httpResponse.Result.IsSuccessStatusCode)
{
response.SetStatus(Constants.ResponseCode.FAILED);
return(response);
}
try
{
user.PasswordChanges.Add(new PasswordChange
{
ChangeCode = PassChangeCode,
Email = user.Email
});
_unitOfWork.SaveChanges();
response.Email = user.Email;
response.SetStatus(Constants.ResponseCode.SUCCESS);
return(response);
}
catch (Exception)
{
response.SetStatus(Constants.ResponseCode.SYSTEM_ERROR);
return(response);
}
}