public IHttpActionResult ResetPassword(SendActivationReq req) { try { string currentUsrEmail = HttpUtilities.GetUserNameFromToken(this.Request); byte[] salt = AuthorizationUtilities.generateSalt(); User user = _context.Users.FirstOrDefault(i => i.Id == req.UserId); // if (user.IsActiveUser == false) ValidationUtilities.ValidateUserforNewPassword(req.UserId, user); string generatedPassword = AuthorizationUtilities.GeneratePassword(); AuthorizationUtilities.SendPasswordtoUser(user.Email, generatedPassword); byte[] pwdhash = AuthorizationUtilities.hash(generatedPassword, user.Salt); // user.Salt = salt; user.Password = pwdhash;//AuthorizationUtilities.hash(generatedPassword, salt); user.ModifiedBy = currentUsrEmail; // user.UpdatedAt = DateTimeOffset.UtcNow; _context.Entry(user).State = System.Data.Entity.EntityState.Modified; _context.SaveChanges(); return(Ok()); } catch (HttpResponseException ex) { throw ex; } catch (Exception ex) { LGSELogger.Error(ex); return(InternalServerError(ex)); } }
/// <summary> /// Compare user entered password with the password saved in Db /// </summary> /// <param name="oldPassword"></param> /// <returns> /// true: if passwords are same /// false: if password are not same /// </returns> private bool IsPasswordCorrect(string oldPassword, User account = null) { if (account == null) { account = GetLoggedInUser(); } byte[] exisingPassword = account.Password; byte[] oldPasswordSalted = AuthorizationUtilities.hash(oldPassword, account.Salt); //compare old password return(Utilities.Utilities.slowEquals(oldPasswordSalted, exisingPassword)); }
public IHttpActionResult ForgotPassword(ActivationRequest request) { try { var user = DbUtilities.GetUserByEmail(request.Email); if (user != null) { string validStatus = ValidationUtilities.ValidateForActivation(request, user, true); if (validStatus == Constants.SUCCESS_MSG) { User account = _context.Users.Where(a => a.Email == request.Email).SingleOrDefault(); //if (IsPasswordCorrect(request.Password, account)) // return BadRequest(ErrorCodes.PASSWORD_ALREADY_USED.ToString()); byte[] pwdhash = AuthorizationUtilities.hash(request.Password, account.Salt); // account.UpdatedAt = DateTime.UtcNow; account.ModifiedBy = request.Email; account.IsActivated = true; account.OTPCode = ""; //add the new password to the database account.Password = pwdhash; account.PwdStartDate = DateTimeOffset.UtcNow; account.IsLocked = false; _context.SaveChanges(); return(Ok(HttpUtilities.CustomResp(ErrorCodes.PWD_UPDATED.ToString()))); } else { return(BadRequest(validStatus)); } } else { //user doesn't exists return(BadRequest(ErrorCodes.INVALID_USER.ToString())); } } catch (Exception ex) { LGSELogger.Error(ex); return(InternalServerError(ex)); } }
public IHttpActionResult ChangePassword(ChangePasswordRequest request) { try { //get user details from request _context User account = GetLoggedInUser(); if (account != null) { //compare old password with the one saved in Db if (IsPasswordCorrect(request.OldPassword)) { if (IsPasswordCorrect(request.NewPassword)) { return(BadRequest(ErrorCodes.PASSWORD_ALREADY_USED.ToString())); } byte[] pwdhash = AuthorizationUtilities.hash(request.NewPassword, account.Salt); // account.UpdatedAt = DateTime.UtcNow; account.ModifiedBy = account.Email; account.Password = pwdhash; account.PwdStartDate = DateTimeOffset.UtcNow; // _context.Entry(account).State = System.Data.Entity.EntityState.Modified; _context.SaveChanges(); return(Ok(HttpUtilities.CustomResp(ErrorCodes.PWD_CHANGED.ToString()))); } else { return(BadRequest(ErrorCodes.OLD_PWD_NOTMATCHED.ToString())); } } else { return(BadRequest(ErrorCodes.INVALID_USER.ToString())); } //return Ok(); } catch (Exception ex) { //Services.Log.Error(ex); LGSELogger.Error(ex); return(InternalServerError(ex)); } }
public IHttpActionResult ActivateUser(ActivationRequest request) { try { var dbUser = DbUtilities.GetUserByEmail(request.Email); if (dbUser != null) { string validStatus = DbUtilities.ValidateForActivation(request, dbUser, false); if (validStatus == Constants.SUCCESS_MSG) { //Need to get Oorg id based on domain byte[] salt = AuthorizationUtilities.generateSalt(); User account = _context.Users.SingleOrDefault(a => a.Email == request.Email); // account.UpdatedAt = DateTime.UtcNow; account.ModifiedBy = request.Email; account.Salt = salt; account.Password = AuthorizationUtilities.hash(request.Password, salt); account.IsActivated = true; account.OTPCode = ""; _context.SaveChanges(); return(Ok(HttpUtilities.CustomResp(ErrorCodes.USER_ACTIVATED.ToString()))); } else { return(BadRequest(validStatus)); } } else { return(BadRequest(ErrorCodes.INVALID_USER.ToString())); } } catch (Exception ex) { LGSELogger.Error(ex); return(InternalServerError(ex)); } }
public IHttpActionResult Login(LoginRequest request) { try { User account = _context.Users.Where(a => a.Email == request.Email).SingleOrDefault(); ValidationUtilities.ValidateUserForLogin(request, account); if (account != null) { if (account.IsActiveUser == false) { return(BadRequest(ErrorCodes.USER_DEACTIVATED_BY_ADMIN.ToString())); //var response = HttpUtilities.FrameHTTPResp(System.Net.HttpStatusCode.BadRequest, ErrorCodes.USER_DEACTIVATED_BY_ADMIN); // throw new HttpResponseException(response); } if (account.IsActivated == false) { return(BadRequest(ErrorCodes.USER_NOT_ACVTD.ToString())); } if (!account.IsLocked) { byte[] incoming = AuthorizationUtilities.hash(request.Password, account.Salt); if (Utilities.Utilities.slowEquals(incoming, account.Password)) { if (account.IsActivated) { //Audit Trial Entry. //DbUtilities.AuditTrialEntry(account, AuditTrialStatus.SUCCESS, AuditTrialOpType.LOGIN, this.Request); //Creating a Token ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(Constants.STR_FIRSTNAME, account.FirstName)); claimsIdentity.AddClaim(new Claim(Constants.STR_LASTNAME, account.LastName)); claimsIdentity.AddClaim(new Claim(ClaimTypes.Email, request.Email)); claimsIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Sub, request.Email)); claimsIdentity.AddClaim(new Claim("UserId", account.Id)); List <Role> roles = (from userMaps in _context.UserRoleMaps.ToList() join rol in _context.Roles.ToList() on userMaps.RoleId equals rol.Id where userMaps.UserId == account.Id && userMaps.Deleted == false select rol).ToList(); if (roles != null && roles.Count > 0) { foreach (var item in roles) { claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, item.RoleName)); //claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, item.RoleName + "|" + item.Id)); } } // Update user details: UpdateUserDetailsInLogin(account); JwtSecurityToken token = AuthorizationUtilities.GetAuthenticationTokenForUser(request.Email, claimsIdentity.Claims.ToArray()); return(Ok(new { Token = token.RawData, Username = request.Email, UserId = account.Id })); } else { return(BadRequest(ErrorCodes.USER_NOT_ACVTD.ToString())); } } else { //Audit Trial Entry. DbUtilities.AuditTrialEntry(account, AuditTrialStatus.FAILURE, AuditTrialOpType.LOGIN, this.Request); // return Unauthorized(); return(BadRequest(ErrorCodes.PASSWORD_NOTMATCHED.ToString())); } } else { return(BadRequest(ErrorCodes.ACCOUNT_LOCKED.ToString())); } } return(Unauthorized()); } catch (HttpResponseException ex) { throw ex; } catch (Exception ex) { LGSELogger.Error(ex); return(InternalServerError(ex)); } }