public IActionResult PasswordReset(string token, [FromBody] ResetPasswordDataModel model) { //http://stackoverflow.com/questions/25372035/not-able-to-validate-json-web-token-with-net-key-to-short if (ModelState.IsValid) { if (model.NewPassword == null || model.NewPassword == "") { return(BadRequest("Password is required")); } if (model.NewPassword != model.ConfirmPassword) { return(BadRequest("Passwords do not match")); } if (!UserHelper.IsValidPassword(model.NewPassword)) { return(BadRequest("Password is not complex enough.")); } PasswordRecoveryToken recoveryToken = TokenHelper.DecodeStandardJwtToken <PasswordRecoveryToken>(token); User user = UserHelper.GetUserById(recoveryToken.UserId); string newSalt = UserHelper.CreatUserSalt(); string newPasswordHash = HasherHelper.GetHash(model.NewPassword + newSalt); var updatePasswordAndSalt = Builders <User> .Update .Set(u => u.Salt, newSalt) .Set(u => u.Password, newPasswordHash); user.Salt = newSalt; user.Password = newPasswordHash; db.Users.Update(user); return(Ok()); } else { return(BadRequest(ModelState)); } }
public IActionResult ChangePassword(string id, [FromBody] ChangePasswordDataModel model) { if (ModelState.IsValid) { User user = UserHelper.GetUserById(User.Identity.Name); //Ensure that the requesting user is changing their own password. Change this to allow administrators to modify passwords. if (user?.Id != id) { return(BadRequest("Invalid Permissions")); } if (model.NewPassword == null || model.NewPassword == "") { return(BadRequest("Password is required")); } //Password confirm must match if (model.NewPassword != model.ConfirmPassword) { return(BadRequest("Password and Confirmation must match")); } //Validate that the password meets the complexity requirements. if (!UserHelper.IsValidPassword(model.NewPassword)) { return(BadRequest("Password is not strong enough")); } //Ensure they passed the old password if (model.OldPassword == null) { return(BadRequest("Invalid Password")); } //Check that they know the existing password string password = HasherHelper.GetHash(model.OldPassword + user.Salt); if (user.Password == password) { } else { return(BadRequest("Invalid Password")); } //Change password is difficult, just remove the password and then add a new password based on the user input. string newSalt = UserHelper.CreatUserSalt(); string newPasswordHash = HasherHelper.GetHash(model.NewPassword + newSalt); user.Salt = newSalt; user.Password = newPasswordHash; db.Users.Update(user); return(Ok()); } else { return(BadRequest(ModelState)); } }
public IActionResult CreateUser([FromBody] RegisterDataModel model) { if (ModelState.IsValid) { if (model.Email == null || model.Email == "") { return(BadRequest("Email is required")); } if (ValidationHelper.ValidateEmail(model.Email) == false) { return(BadRequest("Valid email address is required")); } User existing = UserHelper.GetUserByEmail(model.Email); if (existing != null) { return(BadRequest("Email address already used.")); } if (model.Password == null || model.Password == "") { return(BadRequest("Password is required")); } if (model.Password != model.ConfirmPassword) { return(BadRequest("Passwords do not match")); } if (!UserHelper.IsValidPassword(model.Password)) { return(BadRequest("Password is not complex enough.")); } //Create the user User user = new User(); user.Email = model.Email; user.Salt = UserHelper.CreatUserSalt(); user.Password = HasherHelper.GetHash(model.Password + user.Salt); //As part of this demo, manually activate the account here. There are activation services available - just finish tying in the email logic. user.EmailValidated = true; bool result = UserHelper.CreateUser(user); if (result) { return(Ok(new IdResponse() { Id = user.Id })); } else { return(BadRequest("Could not create user profile.")); } } else { return(BadRequest("Invalid data")); } }