Example #1
0
        public IActionResult PasswordReset(string token, [FromBody] ResetPasswordDataModel model)
        {
            //http://stackoverflow.com/questions/25372035/not-able-to-validate-json-web-token-with-net-key-to-short

            if (ModelState.IsValid)
            {
                if (model.NewPassword == null || model.NewPassword == "")
                {
                    return(BadRequest("Password is required"));
                }

                if (model.NewPassword != model.ConfirmPassword)
                {
                    return(BadRequest("Passwords do not match"));
                }

                if (!UserHelper.IsValidPassword(model.NewPassword))
                {
                    return(BadRequest("Password is not complex enough."));
                }

                PasswordRecoveryToken recoveryToken = TokenHelper.DecodeStandardJwtToken <PasswordRecoveryToken>(token);

                User user = UserHelper.GetUserById(recoveryToken.UserId);

                string newSalt         = UserHelper.CreatUserSalt();
                string newPasswordHash = HasherHelper.GetHash(model.NewPassword + newSalt);

                var updatePasswordAndSalt = Builders <User> .Update
                                            .Set(u => u.Salt, newSalt)
                                            .Set(u => u.Password, newPasswordHash);

                user.Salt     = newSalt;
                user.Password = newPasswordHash;

                db.Users.Update(user);

                return(Ok());
            }
            else
            {
                return(BadRequest(ModelState));
            }
        }
Example #2
0
        public IActionResult ChangePassword(string id, [FromBody] ChangePasswordDataModel model)
        {
            if (ModelState.IsValid)
            {
                User user = UserHelper.GetUserById(User.Identity.Name);

                //Ensure that the requesting user is changing their own password. Change this to allow administrators to modify passwords.
                if (user?.Id != id)
                {
                    return(BadRequest("Invalid Permissions"));
                }

                if (model.NewPassword == null || model.NewPassword == "")
                {
                    return(BadRequest("Password is required"));
                }

                //Password confirm must match
                if (model.NewPassword != model.ConfirmPassword)
                {
                    return(BadRequest("Password and Confirmation must match"));
                }

                //Validate that the password meets the complexity requirements.
                if (!UserHelper.IsValidPassword(model.NewPassword))
                {
                    return(BadRequest("Password is not strong enough"));
                }

                //Ensure they passed the old password
                if (model.OldPassword == null)
                {
                    return(BadRequest("Invalid Password"));
                }

                //Check that they know the existing password
                string password = HasherHelper.GetHash(model.OldPassword + user.Salt);
                if (user.Password == password)
                {
                }
                else
                {
                    return(BadRequest("Invalid Password"));
                }

                //Change password is difficult, just remove the password and then add a new password based on the user input.
                string newSalt         = UserHelper.CreatUserSalt();
                string newPasswordHash = HasherHelper.GetHash(model.NewPassword + newSalt);


                user.Salt     = newSalt;
                user.Password = newPasswordHash;

                db.Users.Update(user);

                return(Ok());
            }
            else
            {
                return(BadRequest(ModelState));
            }
        }
Example #3
0
        public IActionResult CreateUser([FromBody] RegisterDataModel model)
        {
            if (ModelState.IsValid)
            {
                if (model.Email == null || model.Email == "")
                {
                    return(BadRequest("Email is required"));
                }

                if (ValidationHelper.ValidateEmail(model.Email) == false)
                {
                    return(BadRequest("Valid email address is required"));
                }

                User existing = UserHelper.GetUserByEmail(model.Email);
                if (existing != null)
                {
                    return(BadRequest("Email address already used."));
                }

                if (model.Password == null || model.Password == "")
                {
                    return(BadRequest("Password is required"));
                }

                if (model.Password != model.ConfirmPassword)
                {
                    return(BadRequest("Passwords do not match"));
                }

                if (!UserHelper.IsValidPassword(model.Password))
                {
                    return(BadRequest("Password is not complex enough."));
                }



                //Create the user
                User user = new User();
                user.Email    = model.Email;
                user.Salt     = UserHelper.CreatUserSalt();
                user.Password = HasherHelper.GetHash(model.Password + user.Salt);

                //As part of this demo, manually activate the account here. There are activation services available - just finish tying in the email logic.
                user.EmailValidated = true;

                bool result = UserHelper.CreateUser(user);
                if (result)
                {
                    return(Ok(new IdResponse()
                    {
                        Id = user.Id
                    }));
                }
                else
                {
                    return(BadRequest("Could not create user profile."));
                }
            }
            else
            {
                return(BadRequest("Invalid data"));
            }
        }