private async Task Validate(UserCredential credential, string password) { if (credential == null) { throw new FriendlyException("ValidateCredential.UserNotFound", "User not found"); } if (string.IsNullOrEmpty(credential.Password)) { throw new FriendlyException("ValidateCredential.IncorrectPassword", "Incorrect Password"); } if (credential.AttemptCount >= PASSWORD_ATTEMPT_MAX_COUNT && credential.FirstAttemptDate >= DateTime.UtcNow.AddMinutes(-PASSWORD_ATTEMPT_MINUTE_WINDOW)) { throw new FriendlyException("ValidateCredential.PasswordAttemptsExceeded", "Too many password attempts, please wait before trying again"); } string hashedPassword = HashAndSaltPassword(password, credential.PasswordSalt, out string salt); if (credential.Password != hashedPassword) { // Record invalid try. if (credential.FirstAttemptDate == null) { credential.FirstAttemptDate = DateTime.UtcNow; credential.AttemptCount = 1; } else { if (credential.FirstAttemptDate < DateTime.UtcNow.AddMinutes(-PASSWORD_ATTEMPT_MINUTE_WINDOW)) { credential.AttemptCount = 1; credential.FirstAttemptDate = DateTime.UtcNow; } else { credential.AttemptCount++; } } credential = await UserCredentialLogic.Update(credential); throw new FriendlyException("ValidateCredential.IncorrectPassword", "Incorrect Password"); } }
public async Task <string> CreateEmptyCredentialsWithResetToken(int userId, string username) { var userLoginLogic = new UserLoginLogic(AuthContext); var userCredential = await userLoginLogic.CreateEmptyLogin(userId, username); userCredential.ResetToken = GenerateResetToken(); userCredential.ResetExpiration = DateTime.UtcNow.AddMinutes(RESET_TIME_IN_MINUTES); var userCredentialLogic = new UserCredentialLogic(AuthContext); await userCredentialLogic.Update(userCredential); return(userCredential.ResetToken); }
private async Task ResetPassword(UserCredentialLogic userCredentialLogic, UserCredential userCredential) { if (userCredential == null) { throw new FriendlyException("PasswordReset.UserNotFound", "User does not exist"); } userCredential.ResetToken = GenerateResetToken(); userCredential.ResetExpiration = DateTime.UtcNow.AddMinutes(RESET_TIME_IN_MINUTES); await userCredentialLogic.Update(userCredential); //var message = new PasswordReset //{ // UserId = userCredential.UserId, // ResetToken = userCredential.ResetToken //}; //await QueueSender.SendMessage<PasswordReset>(message); }