public void UsersPasswordChangeTest() { var updateInfo = new UpdateUserPasswordDTO { Password = "******", UserID = new Guid("e4eec242-58fb-4952-a78d-a65501281276") }; using (var db = new DataContext()) { //Update the password var user = db.Users.Find(updateInfo.UserID); string newHash = updateInfo.Password.ComputeHash(); DateTimeOffset dateBack = DateTimeOffset.UtcNow.AddDays(ConfigurationManager.AppSettings["PreviousDaysPasswordRestriction"].ToInt32() * -1); int previousUses = ConfigurationManager.AppSettings["PreviousPasswordUses"].ToInt32(); var param = new LastUsedPasswordCheckParams { User = user, DateRange = dateBack, NumberOfEntries = previousUses, Hash = newHash }; var query = new LastUsedPasswordCheckQuery(db); if (user.PasswordHash == newHash || query.Execute(param)) { Assert.Fail("The password has already been used previously"); } } }
public async Task <IActionResult> UpdateUserPassword([FromBody] UpdateUserPasswordDTO updateUserPasswordDTO) { string userId = HttpContext.User.Claims.FirstOrDefault(c => c.Type == System.Security.Claims.ClaimTypes.Sid).Value; updateUserPasswordDTO.UserId = userId; DBStatus status = await userService.UpdateUserPasswordAsync(updateUserPasswordDTO); ResponseStatusDTO responseStatusDTO = new ResponseStatusDTO((int)status, status.ToString()); if (status == DBStatus.NotFound) { return(NotFound()); } else if (status == DBStatus.Forbidden) { return(Forbid()); } else if (status == DBStatus.NotModified) { return(BadRequest(new BadResponseDTO { Status = (int)status, Errors = new Errors { Message = new List <string> { status.ToString() } } })); } else { return(Ok(responseStatusDTO)); } }
public async Task ChangePassword(UpdateUserPasswordDTO userPasswordDTO) { IdentityUser user = await GetUserByCredentials(userPasswordDTO.Email, userPasswordDTO.OldPassword); IdentityResult result = await _userManager.ChangePasswordAsync( user, userPasswordDTO.OldPassword, userPasswordDTO.NewPassword ); CheckAndThrowIdentityErrors(result); }
public async Task <IActionResult> UpdateUserPassword(UpdateUserPasswordDTO dto, string otp) { var updateResult = await _otpRepository.UpdateUserPassword(otp, dto.NewPassword); if (updateResult) { return(Ok()); } else { return(BadRequest("Cannot update user password. OTP chould be invalid")); } }
public async Task <DBStatus> UpdateUserPasswordAsync(UpdateUserPasswordDTO passwordDTO) { User user = await blogContext.Users.FirstOrDefaultAsync(user => user.UserId == passwordDTO.UserId && user.PasswordHash == passwordDTO.OldPassword); if (user == null) { return(DBStatus.NotFound); } user.PasswordHash = passwordDTO.NewPassword; int status = await blogContext.SaveChangesAsync(); return(status == 0 ? DBStatus.NotModified : DBStatus.Modified); }
public Task <DBStatus> UpdateUserPasswordAsync(UpdateUserPasswordDTO passwordDTO) { passwordDTO.NewPassword = ConverterSuit.ByteArrayToHex(HashSuit.ComputeSha256(Encoding.UTF8.GetBytes(passwordDTO.NewPassword))); passwordDTO.OldPassword = ConverterSuit.ByteArrayToHex(HashSuit.ComputeSha256(Encoding.UTF8.GetBytes(passwordDTO.OldPassword))); return(userRepository.UpdateUserPasswordAsync(passwordDTO)); }