public IActionResult UpdatePassword(int userId, PasswordUpdateDto passwordUpdateDto)
{
if (userId != User.Claims.GetUserId().Data)
{
return(BadRequest());
}
var oldUserResult = _userService.GetById(userId);
if (oldUserResult.IsSuccessful)
{
var verifyPassword = new UserForPasswordDto
{
Password = passwordUpdateDto.OldPassword,
PasswordHash = oldUserResult.Data.PasswordHash,
PasswordSalt = oldUserResult.Data.PasswordSalt
};
if (!HashingHelper.VerifyPasswordHash(verifyPassword))
{
return(BadRequest(Messages.UpdatePasswordError));
}
IResult result = _userService.UpdatePassword(oldUserResult.Data, passwordUpdateDto.NewPassword);
if (result.IsSuccessful)
{
return(Ok(result.Message));
}
return(this.ServerError(result.Message));
}
return(NotFound(oldUserResult.Message));
}
public IDataResult <User> Register(UserForRegisterDto userForRegisterDto)
{
Validation <UserForRegisterValidator> validation = new Validation <UserForRegisterValidator>();
validation.Validate(userForRegisterDto);
var user = _mapper.Map <User>(userForRegisterDto);
if (!UserExists(userForRegisterDto.Email).IsSuccessful)
{
UserForPasswordDto userForPasswordDto = new UserForPasswordDto
{
Password = userForRegisterDto.Password
};
HashingHelper.CreatePasswordHash(userForPasswordDto);
user.PasswordHash = userForPasswordDto.PasswordHash;
user.PasswordSalt = userForPasswordDto.PasswordSalt;
user.IsActive = false;
IDataResult <User> result = _userService.Add(user);
if (!result.IsSuccessful)
{
return(new ErrorDataResult <User>(result.Message, user));
}
return(new SuccessDataResult <User>(result.Message, result.Data));
}
return(new ErrorDataResult <User>(Messages.UserAlreadyExists, null));
}
public static void CreatePasswordHash(UserForPasswordDto userForPasswordDto)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
userForPasswordDto.PasswordSalt = hmac.Key;
userForPasswordDto.PasswordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(userForPasswordDto.Password));
}
}
public static bool VerifyPasswordHash(UserForPasswordDto userForPasswordDto)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512(userForPasswordDto.PasswordSalt))
{
var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(userForPasswordDto.Password));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != userForPasswordDto.PasswordHash[i])
{
return(false);
}
}
}
return(true);
}
public IDataResult <User> UpdatePassword(User user, string password)
{
_validation = new Validation <UserValidator>();
_validation.Validate(user);
if (!string.IsNullOrEmpty(password))
{
UserForPasswordDto userForPasswordDto = new UserForPasswordDto
{
Password = password
};
HashingHelper.CreatePasswordHash(userForPasswordDto);
user.PasswordHash = userForPasswordDto.PasswordHash;
user.PasswordSalt = userForPasswordDto.PasswordSalt;
_userDal.Update(user);
return(new SuccessDataResult <User>(user));
}
return(new ErrorDataResult <User>(Messages.PasswordIsNull, user));
}
public IDataResult <User> Login(UserForLoginDto userForLoginDto)
{
IDataResult <User> result = _userService.GetByEmail(userForLoginDto.Email);
if (result.Data != null)
{
UserForPasswordDto userForPasswordDto = new UserForPasswordDto
{
Password = userForLoginDto.Password,
PasswordHash = result.Data.PasswordHash,
PasswordSalt = result.Data.PasswordSalt
};
if (!HashingHelper.VerifyPasswordHash(userForPasswordDto))
{
return(new ErrorDataResult <User>(Messages.PasswordError, result.Data));
}
return(new SuccessDataResult <User>(Messages.SuccessfulLogin, result.Data));
}
return(new ErrorDataResult <User>(Messages.PasswordAndUsernameError, result.Data));
}
