public IActionResult PasswordReset(string token, [FromBody] ResetPasswordDataModel model)
{
//http://stackoverflow.com/questions/25372035/not-able-to-validate-json-web-token-with-net-key-to-short
if (ModelState.IsValid)
{
if (model.NewPassword == null || model.NewPassword == "")
{
return(BadRequest("Password is required"));
}
if (model.NewPassword != model.ConfirmPassword)
{
return(BadRequest("Passwords do not match"));
}
if (!UserHelper.IsValidPassword(model.NewPassword))
{
return(BadRequest("Password is not complex enough."));
}
PasswordRecoveryToken recoveryToken = TokenHelper.DecodeStandardJwtToken <PasswordRecoveryToken>(token);
User user = UserHelper.GetUserById(recoveryToken.UserId);
string newSalt = UserHelper.CreatUserSalt();
string newPasswordHash = HasherHelper.GetHash(model.NewPassword + newSalt);
var updatePasswordAndSalt = Builders <User> .Update
.Set(u => u.Salt, newSalt)
.Set(u => u.Password, newPasswordHash);
user.Salt = newSalt;
user.Password = newPasswordHash;
db.Users.Update(user);
return(Ok());
}
else
{
return(BadRequest(ModelState));
}
}
public IActionResult ChangePassword(string id, [FromBody] ChangePasswordDataModel model)
{
if (ModelState.IsValid)
{
User user = UserHelper.GetUserById(User.Identity.Name);
//Ensure that the requesting user is changing their own password. Change this to allow administrators to modify passwords.
if (user?.Id != id)
{
return(BadRequest("Invalid Permissions"));
}
if (model.NewPassword == null || model.NewPassword == "")
{
return(BadRequest("Password is required"));
}
//Password confirm must match
if (model.NewPassword != model.ConfirmPassword)
{
return(BadRequest("Password and Confirmation must match"));
}
//Validate that the password meets the complexity requirements.
if (!UserHelper.IsValidPassword(model.NewPassword))
{
return(BadRequest("Password is not strong enough"));
}
//Ensure they passed the old password
if (model.OldPassword == null)
{
return(BadRequest("Invalid Password"));
}
//Check that they know the existing password
string password = HasherHelper.GetHash(model.OldPassword + user.Salt);
if (user.Password == password)
{
}
else
{
return(BadRequest("Invalid Password"));
}
//Change password is difficult, just remove the password and then add a new password based on the user input.
string newSalt = UserHelper.CreatUserSalt();
string newPasswordHash = HasherHelper.GetHash(model.NewPassword + newSalt);
user.Salt = newSalt;
user.Password = newPasswordHash;
db.Users.Update(user);
return(Ok());
}
else
{
return(BadRequest(ModelState));
}
}
public IActionResult CreateUser([FromBody] RegisterDataModel model)
{
if (ModelState.IsValid)
{
if (model.Email == null || model.Email == "")
{
return(BadRequest("Email is required"));
}
if (ValidationHelper.ValidateEmail(model.Email) == false)
{
return(BadRequest("Valid email address is required"));
}
User existing = UserHelper.GetUserByEmail(model.Email);
if (existing != null)
{
return(BadRequest("Email address already used."));
}
if (model.Password == null || model.Password == "")
{
return(BadRequest("Password is required"));
}
if (model.Password != model.ConfirmPassword)
{
return(BadRequest("Passwords do not match"));
}
if (!UserHelper.IsValidPassword(model.Password))
{
return(BadRequest("Password is not complex enough."));
}
//Create the user
User user = new User();
user.Email = model.Email;
user.Salt = UserHelper.CreatUserSalt();
user.Password = HasherHelper.GetHash(model.Password + user.Salt);
//As part of this demo, manually activate the account here. There are activation services available - just finish tying in the email logic.
user.EmailValidated = true;
bool result = UserHelper.CreateUser(user);
if (result)
{
return(Ok(new IdResponse()
{
Id = user.Id
}));
}
else
{
return(BadRequest("Could not create user profile."));
}
}
else
{
return(BadRequest("Invalid data"));
}
}