Example #1
0
 protected internal abstract void RemovePasswordResetSecret(PasswordResetSecret item);
        public virtual void AddPasswordResetSecret(Guid accountID, string password, string question, string answer)
        {
            Tracing.Information("[UserAccountService.AddPasswordResetSecret] called: {0}", accountID);

            if (String.IsNullOrWhiteSpace(password))
            {
                Tracing.Error("[UserAccountService.AddPasswordResetSecret] failed -- null oldPassword");
                throw new ValidationException(Resources.ValidationMessages.InvalidPassword);
            }
            if (String.IsNullOrWhiteSpace(question))
            {
                Tracing.Error("[UserAccountService.AddPasswordResetSecret] failed -- null question");
                throw new ValidationException(Resources.ValidationMessages.SecretQuestionRequired);
            }
            if (String.IsNullOrWhiteSpace(answer))
            {
                Tracing.Error("[UserAccountService.AddPasswordResetSecret] failed -- null answer");
                throw new ValidationException(Resources.ValidationMessages.SecretAnswerRequired);
            }

            var account = this.GetByID(accountID);
            if (account == null) throw new ArgumentException("Invalid AccountID");

            if (!Authenticate(account, password, AuthenticationPurpose.VerifyPassword))
            {
                Tracing.Error("[UserAccountService.AddPasswordResetSecret] failed -- failed authN");
                throw new ValidationException(Resources.ValidationMessages.InvalidPassword);
            }

            if (account.PasswordResetSecrets.Any(x=>x.Question == question))
            {
                Tracing.Error("[UserAccountService.AddPasswordResetSecret] failed -- question already exists");
                throw new ValidationException(Resources.ValidationMessages.SecretQuestionAlreadyInUse);
            }

            var secret = new PasswordResetSecret {
                ID = Guid.NewGuid(),
                Question = question, 
                Answer = CryptoHelper.Hash(answer)
            };
            account.PasswordResetSecrets.Add(secret);
            account.AddEvent(new PasswordResetSecretAddedEvent { Account = account, Secret = secret });
            
            Update(account);
        }
 protected internal abstract void RemovePasswordResetSecret(PasswordResetSecret item);