internal static void RaiseOnBeforeLogon(UpdateAccountArgs args)
{
if(BeforeLogon != null) BeforeLogon(Core.HttpApplication, args);
}
internal static void RaiseOnBeforeResetPassword(UpdateAccountArgs args)
{
if (BeforeResetPassword != null) BeforeResetPassword(Core.HttpApplication, args);
}
internal static void RaiseOnAfterChangePassword(UpdateAccountArgs args)
{
if (AfterChangePassword != null) AfterChangePassword(Core.HttpApplication, args);
}
internal static void RaiseOnAfterLogon(UpdateAccountArgs args)
{
if (AfterLogon != null) AfterLogon(Core.HttpApplication, args);
}
public static JsonResponse ResetPassword(string logon)
{
var salt = BCrypt.GenerateSalt();
var newPassword = Convert.ToBase64String(Guid.NewGuid().ToByteArray()).ToLower().Substring(1, 10);
var newDigestPassword = BCrypt.HashPassword(newPassword, salt);
var current = Session.Current;
var j = new JsonResponse();
var args = new UpdateAccountArgs(current, current.Account, "", false, j);
RaiseOnBeforeResetPassword(args);
if(!args.AbortDefault) {
// @NewDigestPassword @Logon
var query = GetResString("/Sql/ResetPassword.sql");
using(var cmd = new SqlCommand(query, Sql.Connection)) {
cmd.Parameters.Add("@Logon", SqlDbType.UniqueIdentifier).Value = logon;
cmd.Parameters.Add("@NewDigestPassword", SqlDbType.VarChar).Value = newDigestPassword;
using(var r = cmd.ExecuteReader()) {
r.Read();
j.Error = r.GetInt32(0);
j.Message = r.GetString(1);
}
}
}
RaiseOnAfterResetPassword(args);
return j;
}
public static JsonResponse Logon(string logon, string password)
{
var current = Session.Current;
var j = new JsonResponse();
var query = GetResString("/Sql/LogonSession.sql");
var args = new UpdateAccountArgs(current, current.Account, password, false, j);
RaiseOnBeforeLogon(args);
if(!args.AbortDefault) {
var nonce = GetNonce(logon);
var digestPassword = BCrypt.HashPassword(password, nonce);
// @Logon @DigestPassword @SessionId
using(var cmd = new SqlCommand(query, Sql.Connection)) {
cmd.Parameters.Add("@Logon", SqlDbType.VarChar).Value = logon;
cmd.Parameters.Add("@DigestPassword", SqlDbType.VarChar).Value = digestPassword;
cmd.Parameters.Add("@SessionId", SqlDbType.UniqueIdentifier).Value = current.Id;
using(SqlDataReader r = cmd.ExecuteReader()) {
r.Read();
// Result 1 @AccountId,'Logged On';
current.AccountId = r.GetGuid(0);
j.Message = r.GetString(1);
// Result 2 occurs when AccountId != Guid.Empty
if(current.AccountId == Guid.Empty) {
// logon failed
j.Error = 1;
}
}
}
}
RaiseOnAfterLogon(args);
return j;
}
public static JsonResponse Logoff()
{
var current = Session.Current;
var j = new JsonResponse();
var args = new UpdateAccountArgs(current, current.Account, "", false, j);
RaiseOnBeforeLogoff(args);
if(!args.AbortDefault) {
var query = GetResString("/Sql/LogoffSession.sql");
using(var cmd = new SqlCommand(query, Sql.Connection)) {
cmd.Parameters.Add("@SessionId", SqlDbType.UniqueIdentifier).Value = current.Id;
cmd.ExecuteNonQuery();
}
// run another query to update the session data
current.Refresh();
}
RaiseOnAfterLogoff(args);
return j;
}
public static JsonResponse CreateAccount(string logon, string password)
{
var j = new JsonResponse();
var current = Session.Current;
var nonce = BCrypt.GenerateSalt();
var query = GetResString("/Sql/CreateAccount.sql");
var digestPassword = BCrypt.HashPassword(password, nonce);
var args = new UpdateAccountArgs(current, Session.AnonymousAccount, password, false, j);
RaiseOnBeforeCreateAccount(args);
if(!args.AbortDefault) {
// @AccountId, @Logon, @DigestPassword
using(var cmd = new SqlCommand(query, Sql.Connection)) {
cmd.Parameters.Add("@Logon", SqlDbType.VarChar).Value = logon;
cmd.Parameters.Add("@DigestPassword", SqlDbType.VarChar).Value = digestPassword;
cmd.Parameters.Add("@Nonce", SqlDbType.VarChar).Value = nonce;
using(var r = cmd.ExecuteReader()) {
r.Read();
current.AccountId = r.GetGuid(0);
j.Message = r.GetString(1);
if(current.AccountId == Guid.Empty) {
j.Error = 1;
}
}
}
}
RaiseOnAfterCreateAccount(args);
return j;
}
public static JsonResponse ChangePassword(string logon, string oldPassword, string newPassword)
{
var j = new JsonResponse();
var oldNonce = GetNonce(logon);
var newNonce = BCrypt.GenerateSalt();
var current = Session.Current;
var oldDigestPassword = BCrypt.HashPassword(oldPassword, oldNonce);
var newDigestPassword = BCrypt.HashPassword(newPassword, newNonce);
var args = new UpdateAccountArgs(current, current.Account, oldPassword, false, j) {NewPassword = newPassword};
RaiseOnBeforeChangePassword(args);
if(!args.AbortDefault) {
var query = GetResString("/Sql/ChangePassword.sql");
// @NewDigestPassword @AccountId @DigestPassword
using(var cmd = new SqlCommand(query, Sql.Connection)) {
cmd.Parameters.Add("@Logon", SqlDbType.UniqueIdentifier).Value = logon;
cmd.Parameters.Add("@DigestPassword", SqlDbType.VarChar).Value = oldDigestPassword;
cmd.Parameters.Add("@NewDigestPassword", SqlDbType.VarChar).Value = newDigestPassword;
cmd.Parameters.Add("@NewNonce", SqlDbType.VarChar).Value = newNonce;
cmd.Parameters.Add("@OldNonce", SqlDbType.VarChar).Value = oldNonce;
using(var r = cmd.ExecuteReader()) {
r.Read();
j.Error = r.GetInt32(0);
j.Message = r.GetString(1);
}
}
}
RaiseOnAfterChangePassword(args);
return j;
}
