private PasswordVerificationResult VerifyPassword(AuthenticateUserCredentialsQuery query, User dbUser)
{
if (dbUser == null)
{
throw new ArgumentNullException(nameof(dbUser));
}
var verificationResult = _userAuthenticationHelper.VerifyPassword(dbUser, query.Password);
switch (verificationResult)
{
case PasswordVerificationResult.Failed:
_logger.LogDebug("Authentication failed for user {UserId}", dbUser.UserId);
break;
case PasswordVerificationResult.SuccessRehashNeeded:
_logger.LogDebug("Authentication success for user {UserId} (rehash needed)", dbUser.UserId);
break;
case PasswordVerificationResult.Success:
_logger.LogDebug("Authentication success for user {UserId}", dbUser.UserId);
break;
default:
throw new InvalidOperationException("Unrecognised PasswordVerificationResult: " + verificationResult);
}
return(verificationResult);
}
private async Task AuthenticateAsync(UpdateCurrentUserPasswordCommand command, User user)
{
if (_userAuthenticationHelper.VerifyPassword(user, command.OldPassword) == PasswordVerificationResult.Failed)
{
var logFailedAttemptCommand = new LogFailedAuthenticationAttemptCommand(user.UserAreaCode, user.Username);
await _domainRepository.ExecuteCommandAsync(logFailedAttemptCommand);
UserValidationErrors.Authentication.InvalidPassword.Throw(nameof(command.OldPassword));
}
}