protected internal abstract void RemovePasswordResetSecret(PasswordResetSecret item);
public virtual void AddPasswordResetSecret(Guid accountID, string password, string question, string answer)
{
Tracing.Information("[UserAccountService.AddPasswordResetSecret] called: {0}", accountID);
if (String.IsNullOrWhiteSpace(password))
{
Tracing.Error("[UserAccountService.AddPasswordResetSecret] failed -- null oldPassword");
throw new ValidationException(Resources.ValidationMessages.InvalidPassword);
}
if (String.IsNullOrWhiteSpace(question))
{
Tracing.Error("[UserAccountService.AddPasswordResetSecret] failed -- null question");
throw new ValidationException(Resources.ValidationMessages.SecretQuestionRequired);
}
if (String.IsNullOrWhiteSpace(answer))
{
Tracing.Error("[UserAccountService.AddPasswordResetSecret] failed -- null answer");
throw new ValidationException(Resources.ValidationMessages.SecretAnswerRequired);
}
var account = this.GetByID(accountID);
if (account == null) throw new ArgumentException("Invalid AccountID");
if (!Authenticate(account, password, AuthenticationPurpose.VerifyPassword))
{
Tracing.Error("[UserAccountService.AddPasswordResetSecret] failed -- failed authN");
throw new ValidationException(Resources.ValidationMessages.InvalidPassword);
}
if (account.PasswordResetSecrets.Any(x=>x.Question == question))
{
Tracing.Error("[UserAccountService.AddPasswordResetSecret] failed -- question already exists");
throw new ValidationException(Resources.ValidationMessages.SecretQuestionAlreadyInUse);
}
var secret = new PasswordResetSecret {
ID = Guid.NewGuid(),
Question = question,
Answer = CryptoHelper.Hash(answer)
};
account.PasswordResetSecrets.Add(secret);
account.AddEvent(new PasswordResetSecretAddedEvent { Account = account, Secret = secret });
Update(account);
}
protected internal abstract void RemovePasswordResetSecret(PasswordResetSecret item);