public ActionResult EditCredentials(EditCredentialsDTO request)
 {
     if (ModelState.IsValid)
     {
         if (request.CurrentPassword != request.NewPassword)
         {
             if (BinaryComparer.AreEqual(Account.Password, SHA512Hasher.Hash(request.CurrentPassword)))
             {
                 PartnerBLL partnerBLL = new PartnerBLL(WebApp.Connector);
                 Uri        requestUrl = Request.Url;
                 string     baseUrl    = new UriBuilder(requestUrl.Scheme, requestUrl.Host, requestUrl.Port).ToString();
                 partnerBLL.ChangePasswordEmailSubject  = LocalizationProvider["ChangePasswordEmailSubject"];
                 partnerBLL.ChangePasswordEmailTemplate = LocalizationProvider["ChangePasswordEmailTemplate"];
                 partnerBLL.ChangePassword(Account, request.NewPassword, baseUrl);
                 TempData["Result"] = "PasswordHasBeenChanged";
                 return(RedirectToAction("MyProfile"));
             }
             else
             {
                 AddError("CurrentPassword", "CurrentPasswordDoesntMatch");
                 return(View());
             }
         }
         else
         {
             AddError("NewPassword", "NewAndCurrentPasswordAreTheSame");
             return(View());
         }
     }
     else
     {
         return(BadRequestWithErrors());
     }
 }
Example #2
0
        public LoginResult Login(PartnerCredentialDTO credential, IPAddress ipAddress, bool keepOpened, out PartnerSessionDTO session)
        {
            Connector.IsTransaction = true;
            PartnerBLL partnerBLL = new PartnerBLL(Connector);
            PartnerDTO partner    = partnerBLL.ReadByUsername(credential.Username);

            if (partner != null)
            {
                if (!partner.IsLocked)
                {
                    byte[] credentialPassword = SHA512Hasher.Hash(credential.Password);
                    if (BinaryComparer.AreEqual(credentialPassword, partner.Password))
                    {
                        if (partner.HasEmailAddressBeenVerified)
                        {
                            DateTime loggedAt = DateTime.UtcNow;
                            session = new PartnerSessionDTO()
                            {
                                Partner   = partner,
                                IPAddress = ipAddress,
                                LoggedAt  = loggedAt
                            };
                            if (!keepOpened)
                            {
                                session.ExpiresOn = loggedAt.AddMinutes(16);
                            }
                            Create(session);
                            Connector.CommitTransaction();
                            return(LoginResult.OK);
                        }
                        else
                        {
                            Connector.RollbackTransaction();
                            session = null;
                            return(LoginResult.EmailAddressHasNotBeenVerified);
                        }
                    }
                    else
                    {
                        PartnerLoginAttemptBLL loginAttemptBLL = new PartnerLoginAttemptBLL(Connector);
                        PartnerLoginAttemptDTO loginAttempt    = new PartnerLoginAttemptDTO()
                        {
                            Partner   = partner,
                            IPAddress = ipAddress
                        };
                        loginAttemptBLL.Create(loginAttempt);
                        Guid partnerId = partner.Id;
                        PartnerSessionDTO             lastSession   = ReadLastByPartner(partnerId);
                        List <PartnerLoginAttemptDTO> loginAttempts = loginAttemptBLL.ReadByPartnerAndTimeStampAsDate(partnerId, lastSession?.LoggedAt ?? DateTime.UtcNow.Date).ToList();
                        if (loginAttempts.Count >= 3)
                        {
                            partnerBLL.Update(partnerId, new Dictionary <string, object>()
                            {
                                { "IsLocked", true }
                            });
                        }
                        Connector.CommitTransaction();
                        session = null;
                        return(LoginResult.PasswordDoesntMatch);
                    }
                }
                else
                {
                    Connector.RollbackTransaction();
                    session = null;
                    return(LoginResult.AccountIsLocked);
                }
            }
            else
            {
                Connector.RollbackTransaction();
                session = null;
                return(LoginResult.AccountDoesntExist);
            }
        }