public IHttpActionResult ResetPassword(SendActivationReq req)
{
try
{
string currentUsrEmail = HttpUtilities.GetUserNameFromToken(this.Request);
byte[] salt = AuthorizationUtilities.generateSalt();
User user = _context.Users.FirstOrDefault(i => i.Id == req.UserId);
// if (user.IsActiveUser == false)
ValidationUtilities.ValidateUserforNewPassword(req.UserId, user);
string generatedPassword = AuthorizationUtilities.GeneratePassword();
AuthorizationUtilities.SendPasswordtoUser(user.Email, generatedPassword);
byte[] pwdhash = AuthorizationUtilities.hash(generatedPassword, user.Salt);
// user.Salt = salt;
user.Password = pwdhash;//AuthorizationUtilities.hash(generatedPassword, salt);
user.ModifiedBy = currentUsrEmail;
// user.UpdatedAt = DateTimeOffset.UtcNow;
_context.Entry(user).State = System.Data.Entity.EntityState.Modified;
_context.SaveChanges();
return(Ok());
}
catch (HttpResponseException ex)
{
throw ex;
}
catch (Exception ex)
{
LGSELogger.Error(ex);
return(InternalServerError(ex));
}
}
/// <summary>
/// Compare user entered password with the password saved in Db
/// </summary>
/// <param name="oldPassword"></param>
/// <returns>
/// true: if passwords are same
/// false: if password are not same
/// </returns>
private bool IsPasswordCorrect(string oldPassword, User account = null)
{
if (account == null)
{
account = GetLoggedInUser();
}
byte[] exisingPassword = account.Password;
byte[] oldPasswordSalted = AuthorizationUtilities.hash(oldPassword, account.Salt);
//compare old password
return(Utilities.Utilities.slowEquals(oldPasswordSalted, exisingPassword));
}
public IHttpActionResult ForgotPassword(ActivationRequest request)
{
try
{
var user = DbUtilities.GetUserByEmail(request.Email);
if (user != null)
{
string validStatus = ValidationUtilities.ValidateForActivation(request, user, true);
if (validStatus == Constants.SUCCESS_MSG)
{
User account = _context.Users.Where(a => a.Email == request.Email).SingleOrDefault();
//if (IsPasswordCorrect(request.Password, account))
// return BadRequest(ErrorCodes.PASSWORD_ALREADY_USED.ToString());
byte[] pwdhash = AuthorizationUtilities.hash(request.Password, account.Salt);
// account.UpdatedAt = DateTime.UtcNow;
account.ModifiedBy = request.Email;
account.IsActivated = true;
account.OTPCode = "";
//add the new password to the database
account.Password = pwdhash;
account.PwdStartDate = DateTimeOffset.UtcNow;
account.IsLocked = false;
_context.SaveChanges();
return(Ok(HttpUtilities.CustomResp(ErrorCodes.PWD_UPDATED.ToString())));
}
else
{
return(BadRequest(validStatus));
}
}
else
{
//user doesn't exists
return(BadRequest(ErrorCodes.INVALID_USER.ToString()));
}
}
catch (Exception ex)
{
LGSELogger.Error(ex);
return(InternalServerError(ex));
}
}
public IHttpActionResult ChangePassword(ChangePasswordRequest request)
{
try
{
//get user details from request _context
User account = GetLoggedInUser();
if (account != null)
{
//compare old password with the one saved in Db
if (IsPasswordCorrect(request.OldPassword))
{
if (IsPasswordCorrect(request.NewPassword))
{
return(BadRequest(ErrorCodes.PASSWORD_ALREADY_USED.ToString()));
}
byte[] pwdhash = AuthorizationUtilities.hash(request.NewPassword, account.Salt);
// account.UpdatedAt = DateTime.UtcNow;
account.ModifiedBy = account.Email;
account.Password = pwdhash;
account.PwdStartDate = DateTimeOffset.UtcNow;
// _context.Entry(account).State = System.Data.Entity.EntityState.Modified;
_context.SaveChanges();
return(Ok(HttpUtilities.CustomResp(ErrorCodes.PWD_CHANGED.ToString())));
}
else
{
return(BadRequest(ErrorCodes.OLD_PWD_NOTMATCHED.ToString()));
}
}
else
{
return(BadRequest(ErrorCodes.INVALID_USER.ToString()));
}
//return Ok();
}
catch (Exception ex)
{
//Services.Log.Error(ex);
LGSELogger.Error(ex);
return(InternalServerError(ex));
}
}
public IHttpActionResult ActivateUser(ActivationRequest request)
{
try
{
var dbUser = DbUtilities.GetUserByEmail(request.Email);
if (dbUser != null)
{
string validStatus = DbUtilities.ValidateForActivation(request, dbUser, false);
if (validStatus == Constants.SUCCESS_MSG)
{
//Need to get Oorg id based on domain
byte[] salt = AuthorizationUtilities.generateSalt();
User account = _context.Users.SingleOrDefault(a => a.Email == request.Email);
// account.UpdatedAt = DateTime.UtcNow;
account.ModifiedBy = request.Email;
account.Salt = salt;
account.Password = AuthorizationUtilities.hash(request.Password, salt);
account.IsActivated = true;
account.OTPCode = "";
_context.SaveChanges();
return(Ok(HttpUtilities.CustomResp(ErrorCodes.USER_ACTIVATED.ToString())));
}
else
{
return(BadRequest(validStatus));
}
}
else
{
return(BadRequest(ErrorCodes.INVALID_USER.ToString()));
}
}
catch (Exception ex)
{
LGSELogger.Error(ex);
return(InternalServerError(ex));
}
}
public IHttpActionResult Login(LoginRequest request)
{
try
{
User account = _context.Users.Where(a => a.Email == request.Email).SingleOrDefault();
ValidationUtilities.ValidateUserForLogin(request, account);
if (account != null)
{
if (account.IsActiveUser == false)
{
return(BadRequest(ErrorCodes.USER_DEACTIVATED_BY_ADMIN.ToString()));
//var response = HttpUtilities.FrameHTTPResp(System.Net.HttpStatusCode.BadRequest, ErrorCodes.USER_DEACTIVATED_BY_ADMIN);
// throw new HttpResponseException(response);
}
if (account.IsActivated == false)
{
return(BadRequest(ErrorCodes.USER_NOT_ACVTD.ToString()));
}
if (!account.IsLocked)
{
byte[] incoming = AuthorizationUtilities.hash(request.Password, account.Salt);
if (Utilities.Utilities.slowEquals(incoming, account.Password))
{
if (account.IsActivated)
{
//Audit Trial Entry.
//DbUtilities.AuditTrialEntry(account, AuditTrialStatus.SUCCESS, AuditTrialOpType.LOGIN, this.Request);
//Creating a Token
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(Constants.STR_FIRSTNAME, account.FirstName));
claimsIdentity.AddClaim(new Claim(Constants.STR_LASTNAME, account.LastName));
claimsIdentity.AddClaim(new Claim(ClaimTypes.Email, request.Email));
claimsIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Sub, request.Email));
claimsIdentity.AddClaim(new Claim("UserId", account.Id));
List <Role> roles = (from userMaps in _context.UserRoleMaps.ToList()
join rol in _context.Roles.ToList() on userMaps.RoleId equals rol.Id
where userMaps.UserId == account.Id && userMaps.Deleted == false
select rol).ToList();
if (roles != null && roles.Count > 0)
{
foreach (var item in roles)
{
claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, item.RoleName));
//claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, item.RoleName + "|" + item.Id));
}
}
// Update user details:
UpdateUserDetailsInLogin(account);
JwtSecurityToken token = AuthorizationUtilities.GetAuthenticationTokenForUser(request.Email, claimsIdentity.Claims.ToArray());
return(Ok(new
{
Token = token.RawData,
Username = request.Email,
UserId = account.Id
}));
}
else
{
return(BadRequest(ErrorCodes.USER_NOT_ACVTD.ToString()));
}
}
else
{
//Audit Trial Entry.
DbUtilities.AuditTrialEntry(account, AuditTrialStatus.FAILURE, AuditTrialOpType.LOGIN, this.Request);
// return Unauthorized();
return(BadRequest(ErrorCodes.PASSWORD_NOTMATCHED.ToString()));
}
}
else
{
return(BadRequest(ErrorCodes.ACCOUNT_LOCKED.ToString()));
}
}
return(Unauthorized());
}
catch (HttpResponseException ex)
{
throw ex;
}
catch (Exception ex)
{
LGSELogger.Error(ex);
return(InternalServerError(ex));
}
}