public void ConfirmUserSetPassword(ConfirmUserSetPasswordModel model) { // Validate supplied confirmation details _authenticationValidator.ValidateConfirmUserSetPassword(model); // Get encrypted password int saltSize = _authenticationConfigurationService.GetPasswordSaltSize(model.TenantId); byte[] salt = _securityService.CreateSalt(saltSize); byte[] saltedHash = _securityService.EncryptPassword(model.Password, salt); // Flag user as confirmed in database and update user's password Token token = _securityService.DeserializeToken(model.ConfirmKey); // Get user User user = _userRepository.ReadUserByConfirmToken(model.TenantId, token); // Set user details DateTime passwordChanged = DateTime.UtcNow; user.Confirmed = true; user.PasswordSaltedHash = _stringService.GetString(saltedHash); user.PasswordSalt = _stringService.GetString(salt); user.ConfirmTokenValue = null; user.ConfirmTokenExpiry = null; user.LockedOut = false; user.LastPasswordFailure = null; user.PasswordFailures = 0; user.PasswordChanged = passwordChanged; // Update user _userRepository.UpdateUser(user); }