public bool ValidateUser(string userNameOrEmail, string password, out User foundUser)
{
logger.Log(LogLevel.Info, "Validating User");
CryptoService cryptoService = new CryptoService();
if (string.IsNullOrEmpty(userNameOrEmail))
{
throw CreateArgumentNullOrEmptyException("userNameOrEmail");
}
if (string.IsNullOrEmpty(password))
{
throw CreateArgumentNullOrEmptyException("password");
}
User user = null;
user = _ctx.Users
.Include("PaymentAccounts")
.FirstOrDefault(Usr => Usr.UserName == userNameOrEmail);
if (user == null)
{
logger.Log(LogLevel.Warn, "Unable to find user by user name. Check email address.");
user = _ctx.Users
.Include("PaymentAccounts")
.FirstOrDefault(Usr => Usr.EmailAddress == userNameOrEmail);
}
if (user == null)
{
logger.Log(LogLevel.Warn, "Unable to find user by email address. Check mobile number.");
user = _ctx.Users
.Include("PaymentAccounts")
.FirstOrDefault(Usr => Usr.MobileNumber == userNameOrEmail);
}
if (user == null)
{
logger.Log(LogLevel.Warn, "Unable to find user by user name.");
foundUser = null;
return false;
}
//if (!user.IsConfirmed)
//{
// foundUser = null;
// return false;
//}
var hashedPassword = securityService.Encrypt(password);
logger.Log(LogLevel.Info, "Verifying Hashed Passwords");
bool verificationSucceeded = false;
try
{
logger.Log(LogLevel.Info, string.Format("Passwords {0} {1}", user.Password, hashedPassword));
verificationSucceeded = (hashedPassword != null && hashedPassword.Equals(user.Password));
}
catch (Exception ex)
{
logger.Log(LogLevel.Info, String.Format("Exception Verifying Password Hash {0}", ex.Message));
}
logger.Log(LogLevel.Info, String.Format("Verifying Results {0}", verificationSucceeded.ToString()));
if (verificationSucceeded)
{
user.PasswordFailuresSinceLastSuccess = 0;
}
else
{
int failures = user.PasswordFailuresSinceLastSuccess;
if (failures != -1)
{
user.PasswordFailuresSinceLastSuccess += 1;
user.LastPasswordFailureDate = DateTime.UtcNow;
}
}
_ctx.SaveChanges();
if (verificationSucceeded)
{
foundUser = user;
return true;
}
else
{
foundUser = null;
return false;
}
}
public void UpdateUser(User user)
{
if (!String.IsNullOrEmpty(user.MobileNumber))
user.MobileNumber = formattingServices.RemoveFormattingFromMobileNumber(user.MobileNumber);
_ctx.SaveChanges();
}
private PaymentAccount GetAccount(User sender, string id)
{
Guid accountId;
Guid.TryParse(id, out accountId);
if (accountId == null)
return null;
foreach (var account in sender.PaymentAccounts)
{
if (account.Id == accountId)
return account;
}
return null;
}
public string GetSenderName(User sender)
{
_logger.Log(LogLevel.Debug, String.Format("Getting UserName {0}", sender.UserId));
if (!String.IsNullOrEmpty(sender.FirstName) || !String.IsNullOrEmpty(sender.LastName))
return sender.FirstName + " " + sender.LastName;
if(!String.IsNullOrEmpty(sender.SenderName))
return sender.SenderName;
if(!String.IsNullOrEmpty(sender.MobileNumber))
return formattingServices.FormatMobileNumber(sender.MobileNumber);
if (!String.IsNullOrEmpty(sender.EmailAddress))
return sender.EmailAddress;
return "PaidThx User";
}
public override string CreateAccount(string userName, string password, string email, string mobileNumber, string routingNumber, string accountNumber,
int accountType, out MembershipCreateStatus createStatus, bool requireConfirmationToken)
{
if (string.IsNullOrEmpty(password))
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
}
string hashedPassword = CodeFirstCrypto.HashPassword(password);
if (hashedPassword.Length > 128)
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
}
if (string.IsNullOrEmpty(userName))
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidUserName);
}
if (string.IsNullOrEmpty(email))
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidEmail);
}
using (Context context = new Context())
{
dynamic user = context.Users.FirstOrDefault(Usr => Usr.UserName == userName);
dynamic emailuser = context.Users.FirstOrDefault(Usr => Usr.EmailAddress == email);
if (user != null)
{
throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateUserName);
}
if (emailuser != null)
{
throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateEmail);
}
string token = null;
if (requireConfirmationToken)
{
token = CodeFirstCrypto.GenerateToken();
}
int defaultNumPasswordFailures = 0;
User NewUser = new User
{
MobileNumber = mobileNumber,
UserId = Guid.NewGuid(),
UserName = userName,
Password = hashedPassword,
SecurityPin = securityService.Encrypt("2589"),
IsConfirmed = !requireConfirmationToken,
EmailAddress = email,
ConfirmationToken = token,
CreateDate = DateTime.UtcNow,
PasswordChangedDate = DateTime.UtcNow,
PasswordFailuresSinceLastSuccess = defaultNumPasswordFailures,
LastPasswordFailureDate = DateTime.UtcNow,
PaymentAccounts = new Collection<PaymentAccount>()
{
new PaymentAccount() {
AccountNumber = securityService.Encrypt(accountNumber),
AccountType = (PaymentAccountType)accountType,
NameOnAccount= securityService.Encrypt("James Rhodes"),
RoutingNumber = securityService.Encrypt(routingNumber)
}
},
UserStatus = UserStatus.Pending,
LastLoggedIn = System.DateTime.Now,
Limit = 0
};
context.Users.Add(NewUser);
context.SaveChanges();
createStatus = MembershipCreateStatus.Success;
return token;
}
}
