public async Task <ResponseModelBase> ChangeForgottenPassword([FromBody] ForgotPasswordDoChangeRequestModel model) { if (!ModelState.IsValid) { return(ErrorModel.Of("invalid_request")); } if (model.NewPassword.Length < 8) { return(ErrorModel.Of("password_too_short")); } //Change their password var user = await ldb.FindByUniqueId(model.UserId); //validate user if (user == null) { return(ErrorModel.Of("user_not_found")); } //and code if (user.UniqueConfirmationCode != model.ConfirmationCode) { return(ErrorModel.Of("email_confirmation_code_incorrect")); } user.PasswordHashes = await Task.Run(() => PasswordHasher.GenerateHashPermutations(model.NewPassword)); user.UniqueConfirmationCode = Guid.NewGuid(); //Clear all sessions ldb.DBContext.Sessions.RemoveRange(user.ActiveSessions); user.ActiveSessions.Clear(); //And login tokens ldb.DBContext.ServerTokens.RemoveRange(user.ActiveServerTokens); user.ActiveServerTokens.Clear(); //And save await ldb.UpdateUser(user); return(Models.OkModel.Of("password_changed")); }
public async Task <ResponseModelBase> ChangePassword([FromBody] ChangePasswordRequestModel model) { if (!ModelState.IsValid) { return(ErrorModel.Of("invalid_request")); } if (!await ldb.ValidateAccount(model.EmailAddress, model.OldPassword)) { return(ErrorModel.Of("username_or_password_incorrect")); } if (model.NewPassword.Length < 8) { return(ErrorModel.Of("password_too_short")); } //Change their password var user = await ldb.FindByEmailAddress(model.EmailAddress); if (user == null) { return(ErrorModel.Of("user_not_found")); } user.PasswordHashes = await Task.Run(() => PasswordHasher.GenerateHashPermutations(model.NewPassword)); //Clear all sessions ldb.DBContext.Sessions.RemoveRange(user.ActiveSessions); user.ActiveSessions.Clear(); //And login tokens ldb.DBContext.ServerTokens.RemoveRange(user.ActiveServerTokens); user.ActiveServerTokens.Clear(); //Update await ldb.UpdateUser(user); return(OkModel.Of("password_changed")); }
public async Task <ResponseModelBase> CreateAccount([FromBody] CreateAccountRequestModel model) { if (!ModelState.IsValid) { return(ErrorModel.Of("invalid_request")); } var um = new UserModel(); um.AccountCreationDate = DateTime.UtcNow; um.EmailAddress = model.EmailAddress; um.UniqueConfirmationCode = Guid.NewGuid(); um.EmailConfirmationSent = DateTime.UtcNow; um.PasswordHashes = PasswordHasher.GenerateHashPermutations(model.Password); um.UniqueId = Guid.NewGuid(); um.Username = model.Username.Trim(); //And validate the email address if (!EmailAddressVerifier.IsValidEmail(model.EmailAddress)) //valid address { return(ErrorModel.Of("email_invalid")); } if (await ldb.FindByEmailAddress(model.EmailAddress) != null) //in use { return(ErrorModel.Of("email_in_use")); } //Username if (await ldb.FindByUsername(model.Username) != null) //also in use { return(ErrorModel.Of("username_in_use")); } if (um.Username.Length < 5) { return(ErrorModel.Of("username_invalid")); } if (!new Regex(@"[a-zA-Z0-9\s_-]").IsMatch(um.Username)) { return(ErrorModel.Of("username_invalid")); } //Password if (model.Password.ToLower().Contains("password")) { return(ErrorModel.Of("password_too_simple")); } if (model.Password.ToLower().StartsWith("1234")) { return(ErrorModel.Of("password_too_simple")); } if (model.Password.Length < 8) { return(ErrorModel.Of("password_too_short")); } //And check the question/answer section if (!AccountTests.ValidateChallenge(model.ChallengeId, model.ChallengeAnswer)) { return(ErrorModel.Of("validation_incorrect")); } //Send the registration email await EmailSender.SendEmail(um, EmailSender.RegistrationTemplate); //Save user in the DB await ldb.AddUser(um); return(Models.OkModel.Of("account_created")); }