public void UsersPasswordChangeTest()
{
var updateInfo = new UpdateUserPasswordDTO {
Password = "******", UserID = new Guid("e4eec242-58fb-4952-a78d-a65501281276")
};
using (var db = new DataContext())
{
//Update the password
var user = db.Users.Find(updateInfo.UserID);
string newHash = updateInfo.Password.ComputeHash();
DateTimeOffset dateBack = DateTimeOffset.UtcNow.AddDays(ConfigurationManager.AppSettings["PreviousDaysPasswordRestriction"].ToInt32() * -1);
int previousUses = ConfigurationManager.AppSettings["PreviousPasswordUses"].ToInt32();
var param = new LastUsedPasswordCheckParams {
User = user, DateRange = dateBack, NumberOfEntries = previousUses, Hash = newHash
};
var query = new LastUsedPasswordCheckQuery(db);
if (user.PasswordHash == newHash || query.Execute(param))
{
Assert.Fail("The password has already been used previously");
}
}
}
public async Task <IActionResult> UpdateUserPassword([FromBody] UpdateUserPasswordDTO updateUserPasswordDTO)
{
string userId = HttpContext.User.Claims.FirstOrDefault(c => c.Type == System.Security.Claims.ClaimTypes.Sid).Value;
updateUserPasswordDTO.UserId = userId;
DBStatus status = await userService.UpdateUserPasswordAsync(updateUserPasswordDTO);
ResponseStatusDTO responseStatusDTO = new ResponseStatusDTO((int)status, status.ToString());
if (status == DBStatus.NotFound)
{
return(NotFound());
}
else if (status == DBStatus.Forbidden)
{
return(Forbid());
}
else if (status == DBStatus.NotModified)
{
return(BadRequest(new BadResponseDTO {
Status = (int)status, Errors = new Errors {
Message = new List <string> {
status.ToString()
}
}
}));
}
else
{
return(Ok(responseStatusDTO));
}
}
public async Task ChangePassword(UpdateUserPasswordDTO userPasswordDTO)
{
IdentityUser user = await GetUserByCredentials(userPasswordDTO.Email, userPasswordDTO.OldPassword);
IdentityResult result = await _userManager.ChangePasswordAsync(
user,
userPasswordDTO.OldPassword,
userPasswordDTO.NewPassword
);
CheckAndThrowIdentityErrors(result);
}
public async Task <IActionResult> UpdateUserPassword(UpdateUserPasswordDTO dto, string otp)
{
var updateResult = await _otpRepository.UpdateUserPassword(otp, dto.NewPassword);
if (updateResult)
{
return(Ok());
}
else
{
return(BadRequest("Cannot update user password. OTP chould be invalid"));
}
}
public async Task <DBStatus> UpdateUserPasswordAsync(UpdateUserPasswordDTO passwordDTO)
{
User user = await blogContext.Users.FirstOrDefaultAsync(user => user.UserId == passwordDTO.UserId && user.PasswordHash == passwordDTO.OldPassword);
if (user == null)
{
return(DBStatus.NotFound);
}
user.PasswordHash = passwordDTO.NewPassword;
int status = await blogContext.SaveChangesAsync();
return(status == 0 ? DBStatus.NotModified : DBStatus.Modified);
}
public Task <DBStatus> UpdateUserPasswordAsync(UpdateUserPasswordDTO passwordDTO)
{
passwordDTO.NewPassword = ConverterSuit.ByteArrayToHex(HashSuit.ComputeSha256(Encoding.UTF8.GetBytes(passwordDTO.NewPassword)));
passwordDTO.OldPassword = ConverterSuit.ByteArrayToHex(HashSuit.ComputeSha256(Encoding.UTF8.GetBytes(passwordDTO.OldPassword)));
return(userRepository.UpdateUserPasswordAsync(passwordDTO));
}
