/// <summary>
/// Updates user password but requires old password fo verification.
/// Throws InvalidPasswordException if old password verification is not valid.
/// </summary>
/// <param name="user"></param>
/// <param name="currentPassword"></param>
/// <param name="newPassword"></param>
public IdentityResult ChangePassword(ApplicationUser user, string currentPassword, string newPassword)
{
User entity = DB.db.Users.FirstOrDefault(x => x.Id == user.UserId);
if (!PasswordManager.ValidatePassword(currentPassword, entity.Password))
{
return(new IdentityResult("Inccorect current password"));
}
// check if the password was already used.
List <string> previousPasswords = entity.PasswordHistories.Select(x => x.Password).ToList();
if (previousPasswords.Any(x => PasswordManager.ValidatePassword(newPassword, x)))
{
return(new IdentityResult("Cannot use previous password."));
}
entity.Password = PasswordManager.HashPassword(newPassword);
DB.SaveChanges();
return(IdentityResult.Success);
}
public ApplicationUser(RegisterModel registerModel)
{
EmployeeId = registerModel.EmployeeId;
UserName = registerModel.UserName;
PasswordHash = PasswordManager.HashPassword(registerModel.Password);
}
