Example #1
0
        VerifyByEmailAndPasswordAsync(
            string email,
            string password)
        {
            if (String.IsNullOrWhiteSpace(email))
            {
                throw new ArgumentNullException(nameof(email));
            }

            var result = new UserAccountVerificationResult();

            UserAccount userAccount = await this._userAccountStore
                                      .LoadByEmailAsync(email);

            if (userAccount == null)
            {
                return(result);
            }

            if (userAccount.HasPassword())
            {
                result.IsLocalAccount = true;

                result.IsPasswordValid = this.VerifiyPasswordHash(
                    userAccount, password);
            }

            result.UserAccount    = userAccount;
            result.IsLoginAllowed = userAccount.IsLoginAllowed;

            // TODO: validate if user need a password change, eg. time expired
            // or explicit flag is set.
            result.NeedChangePassword = false;

            // In case user tries to login and has external accounts
            //if (!result.IsPasswordValid && !result.IsLocalAccount)
            //{
            //    result.Hints = userAccount.Accounts
            //        .Select(s => s.Provider).ToArray();
            //}

            return(result);
        }
        VerifyByEmailAndPasswordAsync(
            string email,
            string password)
        {
            if (String.IsNullOrWhiteSpace(email))
            {
                throw new ArgumentNullException(nameof(email));
            }

            var result = new UserAccountVerificationResult();

            UserAccount userAccount = await userAccountStore
                                      .LoadByEmailAsync(email.ToLower());

            if (userAccount == null)
            {
                return(result);
            }

            if (userAccount.HasPassword())
            {
                result.IsLocalAccount = true;

                result.IsPasswordValid = crypto.VerifyPasswordHash(
                    userAccount.PasswordHash,
                    password,
                    applicationOptions.PasswordHashingIterationCount
                    );
            }

            result.UserAccount        = userAccount;
            result.IsLoginAllowed     = userAccount.IsLoginAllowed;
            result.NeedChangePassword = false;

            if (!result.IsPasswordValid && !result.IsLocalAccount)
            {
                string[] hints = userAccount.Accounts
                                 .Select(s => s.Provider).ToArray();
            }

            return(result);
        }