Beispiel #1
0
        /// <summary>
        /// Update a user's password and send notification email.
        /// </summary>
        /// <param name="user">User to reset password</param>
        /// <param name="newPassword">New password</param>
        /// <returns>True if reset token was found</returns>
        public void ResetPassword(User user, string newPassword)
        {
            if (String.IsNullOrEmpty(newPassword))
            {
                throw new Exception("New password cannot be empty.");
            }

            // Update password
            user.Salt               = HashSalt.GenerateSalt();
            user.HashedPassword     = HashSalt.HashPassword(newPassword, user.Salt);
            user.ResetPasswordToken = null;
            _userRepository.SaveAndEvict(user);

            // Send notification email
            _notificationService.Notify(user, new NotificationTemplate(
                                            _configService.AppSettings("NotificationTemplatePath"), "PasswordReset"),
                                        null);
        }
Beispiel #2
0
        /// <summary>
        /// Check credentials and log a user into the system.
        /// </summary>
        /// <param name="email">Email to authenticate</param>
        /// <param name="password">Password to authenticate</param>
        /// <returns>True if user was successfully logged in.</returns>
        public User Authenticate(string email, string password)
        {
            var user = GetUserByEmail(email);

            if (user == null)
            {
                return(null);
            }
            var hashedPassword = HashSalt.HashPassword(password, user.Salt);

            if (!ByteArraysEqual(user.HashedPassword, hashedPassword))
            {
                return(null);
            }

            // Do not allow deleted users to authenticate
            if (user.Status == UserStatus.Deleted)
            {
                return(null);
            }

            // Create new auth token
            if (user.AuthToken != null)
            {
                _authTokenRepository.Delete(user.AuthToken);
            }
            user.AuthToken = new AuthToken
            {
                Token   = Convert.ToBase64String(HashSalt.GenerateSalt()),
                Expires = DateTime.UtcNow.AddHours(24)
            };
            _authTokenRepository.Save(user.AuthToken);

            _userRepository.Save(user);
            return(user);
        }
Beispiel #3
0
 /// <summary>
 /// Generate an encrypted password for the specified user.
 /// </summary>
 /// <param name="user">User to generate password for</param>
 /// <param name="plainTextPassword">Password to encrypt.</param>
 public void GenerateUserPassword(User user, string plainTextPassword)
 {
     user.Salt           = HashSalt.GenerateSalt();
     user.HashedPassword = HashSalt.HashPassword(plainTextPassword, user.Salt);
 }