/// <summary>
/// Change account password.
/// </summary>
/// <param name="accountId"></param>
/// <param name="model"></param>
/// <returns></returns>
public async Task ChangePasswordAsync(string accountId, ChangedPassword model)
{
Data.Account account = await _store.LoadByGuid(accountId);
if (account == null)
{
throw new AuthenticationFailureException();
}
if (account.Status == AccountStatus.Disabled)
{
throw new AccountDisabledException();
}
if (!IsPasswordComplex(model.Value))
{
throw new PasswordComplexityException();
}
if (account.HasHistoricalPassword(model.Value, _options.Password.History))
{
throw new PasswordHistoryException();
}
if (account.Tokens.Any(t => t.Type == AccountTokenType.Password) &&
!account.VerifyPassword(model.CurrentPassword))
{
throw new AuthenticationFailureException();
}
await UpdatePasswordAsync(account, model.Value);
}
public async Task <IActionResult> ChangePassword([FromBody] ChangedPassword model)
{
await _svc.ChangePasswordAsync(User.GetSubjectId(), model);
Audit(AuditId.ResetPassword);
return(Ok());
}
private void addButton_Click(object sender, EventArgs e)
{
ChangedPassword aPass = new ChangedPassword();
aPass.UserName = nameTextBox.Text;
aPass.OldPassword = oldPasswordTextBox.Text;
aPass.NewPassword = newPasswordTextBox.Text;
ChangedPasswordBL changPassBLobj = new ChangedPasswordBL();
bool result = changPassBLobj.ChangePasswordToDB(aPass);
if (result)
{
MessageBox.Show("Successfully Updated Password!", "DONE");
nameTextBox.Clear();
oldPasswordTextBox.Clear();
newPasswordTextBox.Clear();
}
else
{
DialogResult dialog = MessageBox.Show("Please enter valid Username and Password.", "ERROR", MessageBoxButtons.OKCancel, MessageBoxIcon.Error);
if (dialog == DialogResult.Cancel)
{
this.Close();
}
}
}
public bool ChangePasswordToDB(ChangedPassword aPass)
{
if (aPass.UserName == "" || aPass.OldPassword == "" || aPass.NewPassword == "")
{
return(false);
}
else
{
ChangedPasswordDA changePassDAOBj = new ChangedPasswordDA();
bool result = changePassDAOBj.ChangePasswordToDB(aPass);
return(result);
}
}
public IActionResult ChangePassword([FromBody] ChangedPassword changedpassword)
{
// (1) Get User by his Credentials [UserId - OldPassword]
var user = _service.GetOne <User>(u => u.Email == changedpassword.Email && UserHelpers.ValidateHash(changedpassword.OldPassword, u.PasswordSalt, u.PasswordHash));
// (2) if user not found then return [BadRequest]
if (user == null)
{
return(BadRequest(new Error()
{
Message = "Invalid User."
}));
}
return(_DoChangePassword(user, changedpassword.NewPassword));
}
public bool ChangePasswordToDB(ChangedPassword aPass)
{
SqlConnection connection = DataBaseConnection.OpenAnSqlConnection();
string query = "UPDATE AdminTable SET Password ='******' WHERE UserName = '******' AND Password = '******'";
SqlCommand command = new SqlCommand(query, connection);
int rowsAffected = command.ExecuteNonQuery();
if (rowsAffected == 1)
{
return(true);
}
else
{
return(false);
}
}
public async Task <IActionResult> Password(PasswordModel model)
{
try
{
if (ModelState.IsValid)
{
ChangedPassword changed = new ChangedPassword
{
CurrentPassword = model.CurrentPassword,
Value = model.Password
};
await _accountSvc.ChangePasswordAsync(User.GetSubjectId(), changed);
Audit(AuditId.ResetPassword);
return(Redirect("~/"));
}
}
catch (AuthenticationFailureException)
{
ModelState.AddModelError("", "Incorrect password");
}
catch (AccountDisabledException)
{
ModelState.AddModelError("", "Account is disabled");
}
catch (PasswordComplexityException)
{
ModelState.AddModelError("", "Password does not meet complexity requirements");
}
catch (PasswordHistoryException)
{
ModelState.AddModelError("", "Old passwords cannot be reused");
}
catch (Exception ex)
{
Logger.LogError(ex, "Error during change password");
ModelState.AddModelError("", "Invalid request");
}
return(View(await _viewSvc.GetPasswordView(model)));
}
public bool ChangePassword(ChangedPassword newPassword)
{
bool result = false;
try
{
if (newPassword.NewPassword == newPassword.ConfirmPassword)
{
PasswordLogin passwordLogin = _authenticationRepository.GetLoginPassword(newPassword.UserName);
if (Hasher.ValidateHash(newPassword.CurrentPassword, passwordLogin.PasswordSalt,
passwordLogin.PasswordHash, out _))
{
PasswordLogin newPasswordLogin = Hasher.HashPassword(newPassword.NewPassword);
newPasswordLogin.UserId = passwordLogin.UserId;
newPasswordLogin.ChangeDate = DateTime.Now;
passwordLogin = newPasswordLogin;
_authenticationRepository.UpdatePasswordLogin(newPasswordLogin);
result = true;
}
//TODO: this should be a async operation and can be made more cross-cutting design feature rather than calling inside the actual feature.
_logger.PasswordChangeLog(passwordLogin);
}
}
catch (Exception ex)
{
_logger.LogException(new ExceptionLog
{
ExceptionDate = DateTime.Now,
ExceptionMsg = ex.Message,
ExceptionSource = ex.Source,
ExceptionType = "UserService",
FullException = ex.StackTrace
});
return(result);
}
return(result);
}
