public ActionResult EditCredentials(EditCredentialsDTO request) { if (ModelState.IsValid) { if (request.CurrentPassword != request.NewPassword) { if (BinaryComparer.AreEqual(Account.Password, SHA512Hasher.Hash(request.CurrentPassword))) { PartnerBLL partnerBLL = new PartnerBLL(WebApp.Connector); Uri requestUrl = Request.Url; string baseUrl = new UriBuilder(requestUrl.Scheme, requestUrl.Host, requestUrl.Port).ToString(); partnerBLL.ChangePasswordEmailSubject = LocalizationProvider["ChangePasswordEmailSubject"]; partnerBLL.ChangePasswordEmailTemplate = LocalizationProvider["ChangePasswordEmailTemplate"]; partnerBLL.ChangePassword(Account, request.NewPassword, baseUrl); TempData["Result"] = "PasswordHasBeenChanged"; return(RedirectToAction("MyProfile")); } else { AddError("CurrentPassword", "CurrentPasswordDoesntMatch"); return(View()); } } else { AddError("NewPassword", "NewAndCurrentPasswordAreTheSame"); return(View()); } } else { return(BadRequestWithErrors()); } }
public LoginResult Login(PartnerCredentialDTO credential, IPAddress ipAddress, bool keepOpened, out PartnerSessionDTO session) { Connector.IsTransaction = true; PartnerBLL partnerBLL = new PartnerBLL(Connector); PartnerDTO partner = partnerBLL.ReadByUsername(credential.Username); if (partner != null) { if (!partner.IsLocked) { byte[] credentialPassword = SHA512Hasher.Hash(credential.Password); if (BinaryComparer.AreEqual(credentialPassword, partner.Password)) { if (partner.HasEmailAddressBeenVerified) { DateTime loggedAt = DateTime.UtcNow; session = new PartnerSessionDTO() { Partner = partner, IPAddress = ipAddress, LoggedAt = loggedAt }; if (!keepOpened) { session.ExpiresOn = loggedAt.AddMinutes(16); } Create(session); Connector.CommitTransaction(); return(LoginResult.OK); } else { Connector.RollbackTransaction(); session = null; return(LoginResult.EmailAddressHasNotBeenVerified); } } else { PartnerLoginAttemptBLL loginAttemptBLL = new PartnerLoginAttemptBLL(Connector); PartnerLoginAttemptDTO loginAttempt = new PartnerLoginAttemptDTO() { Partner = partner, IPAddress = ipAddress }; loginAttemptBLL.Create(loginAttempt); Guid partnerId = partner.Id; PartnerSessionDTO lastSession = ReadLastByPartner(partnerId); List <PartnerLoginAttemptDTO> loginAttempts = loginAttemptBLL.ReadByPartnerAndTimeStampAsDate(partnerId, lastSession?.LoggedAt ?? DateTime.UtcNow.Date).ToList(); if (loginAttempts.Count >= 3) { partnerBLL.Update(partnerId, new Dictionary <string, object>() { { "IsLocked", true } }); } Connector.CommitTransaction(); session = null; return(LoginResult.PasswordDoesntMatch); } } else { Connector.RollbackTransaction(); session = null; return(LoginResult.AccountIsLocked); } } else { Connector.RollbackTransaction(); session = null; return(LoginResult.AccountDoesntExist); } }