public async Task <bool> ValidateUser(string username, string password)
{
var user = await GetUser(username);
if (user == null)
{
return(false);
}
if (user.Value.DeactivatedAt.HasValue)
{
return(false);
}
var userCreds = new UserAuthentication.UserCredentials(user.Value.HashedPassword,
user.Value.Salt, user.Value.HashingIterations);
return(await(UserAuthentication.ConfirmUserPassword(userCreds, password)));
}
public async Task UpdateUserPassword(string username, string oldPassword, string newPassword)
{
if (!await ValidateUser(username, oldPassword))
{
throw new ArgumentException("Specified username/oldPassword is not correct.");
}
using (var transactionScope = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled))
{
var user = (await UserDAO.GetByUserName(DbConnection, username)).Value;
string resetToken = await UserDAO.GeneratePasswordResetToken(DbConnection, user.Id);
var newUserIdentity = await UserAuthentication.GenerateUserCreds(username, newPassword);
Log.Info(string.Format("Updating password for user " + username));
await UserDAO.UpdatePassword(DbConnection, user.Id, resetToken, newUserIdentity.HashedPassword,
newUserIdentity.Salt, newUserIdentity.HashingIterations);
transactionScope.Complete();
}
}
