/// <summary>
        /// Change password
        /// </summary>
        /// <param name="request">Request</param>
        /// <returns>Result</returns>
        public virtual async Task <ChangePasswordResult> ChangePassword(ChangePasswordRequest request)
        {
            if (request == null)
            {
                throw new ArgumentNullException("request");
            }

            var result = new ChangePasswordResult();

            if (String.IsNullOrWhiteSpace(request.Email))
            {
                result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.EmailIsNotProvided"));
                return(result);
            }
            if (String.IsNullOrWhiteSpace(request.NewPassword))
            {
                result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.PasswordIsNotProvided"));
                return(result);
            }

            var customer = await _customerService.GetCustomerByEmail(request.Email);

            if (customer == null)
            {
                result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.EmailNotFound"));
                return(result);
            }

            if (request.ValidateRequest)
            {
                string oldPwd = "";
                switch (customer.PasswordFormat)
                {
                case PasswordFormat.Encrypted:
                    oldPwd = _encryptionService.EncryptText(request.OldPassword);
                    break;

                case PasswordFormat.Hashed:
                    oldPwd = _encryptionService.CreatePasswordHash(request.OldPassword, customer.PasswordSalt, _customerSettings.HashedPasswordFormat);
                    break;

                default:
                    oldPwd = request.OldPassword;
                    break;
                }

                if (oldPwd != customer.Password)
                {
                    result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.OldPasswordDoesntMatch"));
                    return(result);
                }
            }

            //check for duplicates
            if (_customerSettings.UnduplicatedPasswordsNumber > 0)
            {
                //get some of previous passwords
                var previousPasswords = await _customerService.GetPasswords(customer.Id, passwordsToReturn : _customerSettings.UnduplicatedPasswordsNumber);

                var newPasswordMatchesWithPrevious = previousPasswords.Any(password => PasswordMatch(password, request));
                if (newPasswordMatchesWithPrevious)
                {
                    result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.PasswordMatchesWithPrevious"));
                    return(result);
                }
            }

            switch (request.NewPasswordFormat)
            {
            case PasswordFormat.Clear:
            {
                customer.Password = request.NewPassword;
            }
            break;

            case PasswordFormat.Encrypted:
            {
                customer.Password = _encryptionService.EncryptText(request.NewPassword);
            }
            break;

            case PasswordFormat.Hashed:
            {
                string saltKey = _encryptionService.CreateSaltKey(5);
                customer.PasswordSalt = saltKey;
                customer.Password     = _encryptionService.CreatePasswordHash(request.NewPassword, saltKey, _customerSettings.HashedPasswordFormat);
            }
            break;

            default:
                break;
            }
            customer.PasswordChangeDateUtc = DateTime.UtcNow;
            customer.PasswordFormat        = request.NewPasswordFormat;
            await _customerService.UpdateCustomer(customer);

            await _customerService.InsertCustomerPassword(customer);

            return(result);
        }
Example #2
0
        /// <summary>
        /// Change password
        /// </summary>
        /// <param name="request">Request</param>
        /// <returns>Result</returns>
        public virtual ChangePasswordResult ChangePassword(ChangePasswordRequest request)
        {
            if (request == null)
            {
                throw new ArgumentNullException("request");
            }

            var result = new ChangePasswordResult();

            if (String.IsNullOrWhiteSpace(request.Email))
            {
                result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.EmailIsNotProvided"));
                return(result);
            }
            if (String.IsNullOrWhiteSpace(request.NewPassword))
            {
                result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.PasswordIsNotProvided"));
                return(result);
            }

            var customer = _customerService.GetCustomerByEmail(request.Email);

            if (customer == null)
            {
                result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.EmailNotFound"));
                return(result);
            }


            var requestIsValid = false;

            if (request.ValidateRequest)
            {
                //password
                string oldPwd = "";
                switch (customer.PasswordFormat)
                {
                case PasswordFormat.Encrypted:
                    oldPwd = _encryptionService.EncryptText(request.OldPassword);
                    break;

                case PasswordFormat.Hashed:
                    oldPwd = _encryptionService.CreatePasswordHash(request.OldPassword, customer.PasswordSalt, _customerSettings.HashedPasswordFormat);
                    break;

                default:
                    oldPwd = request.OldPassword;
                    break;
                }

                bool oldPasswordIsValid = oldPwd == customer.Password;
                if (!oldPasswordIsValid)
                {
                    result.AddError(_localizationService.GetResource("Account.ChangePassword.Errors.OldPasswordDoesntMatch"));
                }

                if (oldPasswordIsValid)
                {
                    requestIsValid = true;
                }
            }
            else
            {
                requestIsValid = true;
            }


            //at this point request is valid
            if (requestIsValid)
            {
                switch (request.NewPasswordFormat)
                {
                case PasswordFormat.Clear:
                {
                    customer.Password = request.NewPassword;
                }
                break;

                case PasswordFormat.Encrypted:
                {
                    customer.Password = _encryptionService.EncryptText(request.NewPassword);
                }
                break;

                case PasswordFormat.Hashed:
                {
                    string saltKey = _encryptionService.CreateSaltKey(5);
                    customer.PasswordSalt = saltKey;
                    customer.Password     = _encryptionService.CreatePasswordHash(request.NewPassword, saltKey, _customerSettings.HashedPasswordFormat);
                }
                break;

                default:
                    break;
                }
                customer.PasswordFormat = request.NewPasswordFormat;
                _customerService.UpdateCustomer(customer);
            }

            return(result);
        }