public IActionResult UpdatePassword(int userId, PasswordUpdateDto passwordUpdateDto) { if (userId != User.Claims.GetUserId().Data) { return(BadRequest()); } var oldUserResult = _userService.GetById(userId); if (oldUserResult.IsSuccessful) { var verifyPassword = new UserForPasswordDto { Password = passwordUpdateDto.OldPassword, PasswordHash = oldUserResult.Data.PasswordHash, PasswordSalt = oldUserResult.Data.PasswordSalt }; if (!HashingHelper.VerifyPasswordHash(verifyPassword)) { return(BadRequest(Messages.UpdatePasswordError)); } IResult result = _userService.UpdatePassword(oldUserResult.Data, passwordUpdateDto.NewPassword); if (result.IsSuccessful) { return(Ok(result.Message)); } return(this.ServerError(result.Message)); } return(NotFound(oldUserResult.Message)); }
public IDataResult <User> Register(UserForRegisterDto userForRegisterDto) { Validation <UserForRegisterValidator> validation = new Validation <UserForRegisterValidator>(); validation.Validate(userForRegisterDto); var user = _mapper.Map <User>(userForRegisterDto); if (!UserExists(userForRegisterDto.Email).IsSuccessful) { UserForPasswordDto userForPasswordDto = new UserForPasswordDto { Password = userForRegisterDto.Password }; HashingHelper.CreatePasswordHash(userForPasswordDto); user.PasswordHash = userForPasswordDto.PasswordHash; user.PasswordSalt = userForPasswordDto.PasswordSalt; user.IsActive = false; IDataResult <User> result = _userService.Add(user); if (!result.IsSuccessful) { return(new ErrorDataResult <User>(result.Message, user)); } return(new SuccessDataResult <User>(result.Message, result.Data)); } return(new ErrorDataResult <User>(Messages.UserAlreadyExists, null)); }
public static void CreatePasswordHash(UserForPasswordDto userForPasswordDto) { using (var hmac = new System.Security.Cryptography.HMACSHA512()) { userForPasswordDto.PasswordSalt = hmac.Key; userForPasswordDto.PasswordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(userForPasswordDto.Password)); } }
public static bool VerifyPasswordHash(UserForPasswordDto userForPasswordDto) { using (var hmac = new System.Security.Cryptography.HMACSHA512(userForPasswordDto.PasswordSalt)) { var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(userForPasswordDto.Password)); for (int i = 0; i < computedHash.Length; i++) { if (computedHash[i] != userForPasswordDto.PasswordHash[i]) { return(false); } } } return(true); }
public IDataResult <User> UpdatePassword(User user, string password) { _validation = new Validation <UserValidator>(); _validation.Validate(user); if (!string.IsNullOrEmpty(password)) { UserForPasswordDto userForPasswordDto = new UserForPasswordDto { Password = password }; HashingHelper.CreatePasswordHash(userForPasswordDto); user.PasswordHash = userForPasswordDto.PasswordHash; user.PasswordSalt = userForPasswordDto.PasswordSalt; _userDal.Update(user); return(new SuccessDataResult <User>(user)); } return(new ErrorDataResult <User>(Messages.PasswordIsNull, user)); }
public IDataResult <User> Login(UserForLoginDto userForLoginDto) { IDataResult <User> result = _userService.GetByEmail(userForLoginDto.Email); if (result.Data != null) { UserForPasswordDto userForPasswordDto = new UserForPasswordDto { Password = userForLoginDto.Password, PasswordHash = result.Data.PasswordHash, PasswordSalt = result.Data.PasswordSalt }; if (!HashingHelper.VerifyPasswordHash(userForPasswordDto)) { return(new ErrorDataResult <User>(Messages.PasswordError, result.Data)); } return(new SuccessDataResult <User>(Messages.SuccessfulLogin, result.Data)); } return(new ErrorDataResult <User>(Messages.PasswordAndUsernameError, result.Data)); }