public bool ResetPassword(string passwordResetToken, string newPassword)
{
if (string.IsNullOrEmpty(newPassword))
{
return(false);
}
var user = GetById(GetUserIdFromPasswordResetToken(passwordResetToken));
if (user == null)
{
return(false);
}
if (!Token.IsTokenValid(passwordResetToken))
{
throw new Exception("Token inválido");
}
if (user.PasswordVerificationToken != passwordResetToken)
{
return(false);
}
var newHashedPassword = PasswordAssertionConcern.ComputeHash(newPassword, "SHA512", null);
user.Password = newHashedPassword;
user.LastPasswordChangedDate = DateTime.UtcNow;
BeginTransaction();
_userRepository.Update(user);
Commit();
return(true);
}
public string Create(string email, string password, string confirmPassword, string firstName, string lastName, bool requireConfirmationToken = false)
{
if (string.IsNullOrEmpty(email))
{
throw new Exception("Login inválido");
}
if (string.IsNullOrEmpty(password))
{
throw new Exception("Senha inválida");
}
if (!string.IsNullOrEmpty(password) && password.Length < User.MinRequiredPasswordLength)
{
throw new Exception($"A senha deve ter no mínimo {User.MinRequiredPasswordLength} caracteres");
}
if (password != confirmPassword)
{
throw new Exception("Senhas não conferem");
}
if (User.RequiresUniqueEmail && EmailExists(email))
{
throw new Exception("Email duplicado");
}
var hashedPassword = PasswordAssertionConcern.ComputeHash(password, "SHA512", null);
var token = string.Empty;
var privateKey = string.Empty;
if (requireConfirmationToken)
{
var time = DateTime.UtcNow.AddMinutes(Token._expirationMinutes);
privateKey = Token.GenerateToken($"{email}{Token._TestCedro_PRIVATE_KEY}", time.Ticks);
token = Token.GenerateToken(email, time.Ticks);
}
var user = new User
{
UserId = Guid.NewGuid(),
FirstName = firstName,
LastName = lastName,
Password = hashedPassword,
IsApproved = !requireConfirmationToken,
Email = email,
CreationDate = DateTime.UtcNow,
LastPasswordChangedDate = DateTime.UtcNow,
PasswordFailuresSinceLastSuccess = 0,
LastLoginDate = DateTime.UtcNow,
LastActivityDate = DateTime.UtcNow,
LastLockoutDate = DateTime.UtcNow,
IsLockedOut = false,
LastPasswordFailureDate = DateTime.UtcNow,
ConfirmationToken = token,
PrivateKey = privateKey
};
BeginTransaction();
_userRepository.Add(user);
Commit();
return(user.ConfirmationToken);
}
public bool ChangePassword(string email, string currentPassword, string newPassword)
{
if (string.IsNullOrEmpty(email))
{
return(false);
}
if (string.IsNullOrEmpty(currentPassword))
{
return(false);
}
if (string.IsNullOrEmpty(newPassword))
{
return(false);
}
var user = GetByUserEmail(email);
if (user == null)
{
return(false);
}
var hashedPassword = user.Password;
var verificationSucceeded = hashedPassword != null && PasswordAssertionConcern.VerifyHash(currentPassword, hashedPassword);
if (verificationSucceeded)
{
user.PasswordFailuresSinceLastSuccess = 0;
}
else
{
var failures = user.PasswordFailuresSinceLastSuccess;
if (failures < User.MaxInvalidPasswordAttempts)
{
user.PasswordFailuresSinceLastSuccess += 1;
user.LastPasswordFailureDate = DateTime.UtcNow;
}
else if (failures >= User.MaxInvalidPasswordAttempts)
{
user.LastPasswordFailureDate = DateTime.UtcNow;
user.LastLockoutDate = DateTime.UtcNow;
user.IsLockedOut = true;
}
BeginTransaction();
_userRepository.Update(user);
Commit();
return(false);
}
var newHashedPassword = PasswordAssertionConcern.ComputeHash(newPassword, "SHA512", null);
user.Password = newHashedPassword;
user.LastPasswordChangedDate = DateTime.UtcNow;
BeginTransaction();
_userRepository.Update(user);
Commit();
return(true);
}
public static void Initialize()
{
using (MainContext context = new MainContext())
{
context.Database.EnsureCreated();
if (context.Users.Any(x => x.Email == "*****@*****.**"))
{
return;
}
var users = new[]
{
new User
{
FirstName = "User",
LastName = "Client",
Email = "*****@*****.**",
IsApproved = true,
PasswordFailuresSinceLastSuccess = 0,
LastPasswordFailureDate = null,
LastActivityDate = null,
LastLockoutDate = null,
LastLoginDate = null,
ConfirmationToken = null,
CreationDate = DateTime.Now,
IsLockedOut = false,
LastPasswordChangedDate = null,
PasswordVerificationToken = null,
PrivateKey = null,
PasswordVerificationTokenExpirationDate = null,
PictureUrl = null,
Comment = null,
Password = PasswordAssertionConcern.ComputeHash("123456")
}
};
context.Users.AddRange(users);
context.SaveChanges();
}
}
public string EncryptPassword(string password)
{
return(PasswordAssertionConcern.ComputeHash(password));
}
