public ActionResult EditCredentials(EditCredentialsDTO request)
{
if (ModelState.IsValid)
{
if (request.CurrentPassword != request.NewPassword)
{
if (BinaryComparer.AreEqual(Account.Password, SHA512Hasher.Hash(request.CurrentPassword)))
{
PartnerBLL partnerBLL = new PartnerBLL(WebApp.Connector);
Uri requestUrl = Request.Url;
string baseUrl = new UriBuilder(requestUrl.Scheme, requestUrl.Host, requestUrl.Port).ToString();
partnerBLL.ChangePasswordEmailSubject = LocalizationProvider["ChangePasswordEmailSubject"];
partnerBLL.ChangePasswordEmailTemplate = LocalizationProvider["ChangePasswordEmailTemplate"];
partnerBLL.ChangePassword(Account, request.NewPassword, baseUrl);
TempData["Result"] = "PasswordHasBeenChanged";
return(RedirectToAction("MyProfile"));
}
else
{
AddError("CurrentPassword", "CurrentPasswordDoesntMatch");
return(View());
}
}
else
{
AddError("NewPassword", "NewAndCurrentPasswordAreTheSame");
return(View());
}
}
else
{
return(BadRequestWithErrors());
}
}
public LoginResult Login(PartnerCredentialDTO credential, IPAddress ipAddress, bool keepOpened, out PartnerSessionDTO session)
{
Connector.IsTransaction = true;
PartnerBLL partnerBLL = new PartnerBLL(Connector);
PartnerDTO partner = partnerBLL.ReadByUsername(credential.Username);
if (partner != null)
{
if (!partner.IsLocked)
{
byte[] credentialPassword = SHA512Hasher.Hash(credential.Password);
if (BinaryComparer.AreEqual(credentialPassword, partner.Password))
{
if (partner.HasEmailAddressBeenVerified)
{
DateTime loggedAt = DateTime.UtcNow;
session = new PartnerSessionDTO()
{
Partner = partner,
IPAddress = ipAddress,
LoggedAt = loggedAt
};
if (!keepOpened)
{
session.ExpiresOn = loggedAt.AddMinutes(16);
}
Create(session);
Connector.CommitTransaction();
return(LoginResult.OK);
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.EmailAddressHasNotBeenVerified);
}
}
else
{
PartnerLoginAttemptBLL loginAttemptBLL = new PartnerLoginAttemptBLL(Connector);
PartnerLoginAttemptDTO loginAttempt = new PartnerLoginAttemptDTO()
{
Partner = partner,
IPAddress = ipAddress
};
loginAttemptBLL.Create(loginAttempt);
Guid partnerId = partner.Id;
PartnerSessionDTO lastSession = ReadLastByPartner(partnerId);
List <PartnerLoginAttemptDTO> loginAttempts = loginAttemptBLL.ReadByPartnerAndTimeStampAsDate(partnerId, lastSession?.LoggedAt ?? DateTime.UtcNow.Date).ToList();
if (loginAttempts.Count >= 3)
{
partnerBLL.Update(partnerId, new Dictionary <string, object>()
{
{ "IsLocked", true }
});
}
Connector.CommitTransaction();
session = null;
return(LoginResult.PasswordDoesntMatch);
}
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.AccountIsLocked);
}
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.AccountDoesntExist);
}
}