public void ChangePasswordTest()
{
PasswordDTO dto = new PasswordDTO {
UserName = "******", OldPassword = "******", NewPassword = "******"
};
bool result = (_userRepository.ChangePassword(dto)).Result.Succeeded;
Assert.True(result);
dto = new PasswordDTO {
UserName = "******", OldPassword = "******", NewPassword = ""
};
result = (_userRepository.ChangePassword(dto)).Result.Succeeded;
Assert.True(result != true);
dto = new PasswordDTO {
UserName = "", OldPassword = "******", NewPassword = "******"
};
result = (_userRepository.ChangePassword(dto)).Result.Succeeded;
Assert.True(result != true);
dto = new PasswordDTO {
UserName = "******", OldPassword = "", NewPassword = "******"
};
result = (_userRepository.ChangePassword(dto)).Result.Succeeded;
Assert.True(result != true);
}
public async Task <IActionResult> UpdatePassword(string id, [FromBody] PasswordDTO dto)
{
try
{
await _accountService.ChangePassword(id, dto, AuthInfo());
_logger.LogInformation("User successfully updated password");
return(NoContent());
}
catch (ArgumentNullException ex)
{
_logger.LogError(ex, ex.Message);
return(NotFound());
}
catch (NotEnoughtRightsException ex)
{
_logger.LogError(ex, ex.Message);
return(Forbid());
}
catch (ArgumentException ex)
{
_logger.LogError(ex, "User entered incorrect current password");
return(BadRequest(ex));
}
catch (Exception ex)
{
_logger.LogError(ex, "Error occurred while user tried to update passport");
throw;
}
}
public ActionResult PasswordEdit()
{
PasswordDTO userPassword = new PasswordDTO();
userPassword.UserId = CurrentUserId;
return(View("PasswordEdit", userPassword));
}
public ActionResult Put([FromBody] PasswordDTO passwordDto)
{
if (UsersDAO.UpdatePassword(passwordDto))
{
return(Ok(true));
}
return(BadRequest(false));
}
public PasswordDTO Generate_EncryptedPassword_Given_Password_Salt(string password, string salt)
{
var passwordDTO = new PasswordDTO {
Password = password,
Salt = salt
};
passwordDTO.EncryptedPassword = setEncytpedPassword(passwordDTO.Password, passwordDTO.Salt);
return(passwordDTO);
}
public PasswordDTO Generate_EncryptedPassword_Given_Salt(string salt)
{
var passwordDTO = new PasswordDTO {
Password = generatePassword(PasswordDTO.PasswordMaxLength),
Salt = salt
};
passwordDTO.EncryptedPassword = setEncytpedPassword(passwordDTO.Password, passwordDTO.Salt);
return(passwordDTO);
}
public PasswordDTO Generate_NewPassword_EncryptedPassword_Salt()
{
var passwordDTO = new PasswordDTO {
Password = generatePassword(PasswordDTO.PasswordMaxLength),
Salt = generateSalt(PasswordDTO.SaltLength)
};
passwordDTO.EncryptedPassword = setEncytpedPassword(passwordDTO.Password, passwordDTO.Salt);
return(passwordDTO);
}
public PasswordDTO Generate_EncryptedPassword_Salt_Given_Password(string password)
{
var passwordDTO = new PasswordDTO {
Password = password,
Salt = generateSalt(PasswordDTO.SaltLength)
};
passwordDTO.EncryptedPassword = setEncytpedPassword(passwordDTO.Password, passwordDTO.Salt);
return(passwordDTO);
}
public bool IsValidPasswordDTO(PasswordDTO dto)
{
User user = _mapper.Map <User>(dto);
ValidateEmail();
ValidateCPF();
ValidationResult = Validate(user);
return(ValidationResult.IsValid);
}
public void UpdatePassword(PasswordDTO password)
{
if (password.Id != null)
{
Console.WriteLine("Password Update");
}
else
{
Console.WriteLine("Password New");
}
}
public string GeneratePassword(PasswordDTO passwordConfig)
{
string password = null;
List <char> finalPasswordList = null;
Random r = null;
char ch;
try
{
if (passwordConfig != null)
{
if (passwordConfig.PasswordLength != 0)
{
//get random Caps
finalPasswordList = new List <char>();
r = new Random();
for (int i = 0; i < passwordConfig.CapitalLettersLength; i++)
{
ch = arrCaps[r.Next(arrCaps.Length)];
finalPasswordList.Add(ch);
}
//get random Smalls
for (int i = 0; i < passwordConfig.SmallLettersLength; i++)
{
ch = arrSmall[r.Next(arrSmall.Length)];
finalPasswordList.Add(ch);
}
//get random Digits
for (int i = 0; i < passwordConfig.DigitsLength; i++)
{
ch = arrDigits[r.Next(arrDigits.Length)];
finalPasswordList.Add(ch);
}
//get random Special Characters
for (int i = 0; i < passwordConfig.SpecialCharactersLength; i++)
{
ch = arrSpecialCharacter[r.Next(arrSpecialCharacter.Length)];
finalPasswordList.Add(ch);
}
Random rFinal = new Random();
finalPasswordList = new List <char>(finalPasswordList.OrderBy(ran => rFinal.Next()).ToList());
password = new string(finalPasswordList.ToArray());
}
}
}
catch (Exception ex)
{
}
return(password);
}
public async Task <IdentityResult> ChangePassword(PasswordDTO dto)
{
if (dto.NewPassword == string.Empty || dto.OldPassword == string.Empty || dto.UserName == string.Empty)
{
IdentityError error = new IdentityError();
error.Description = "Nazwa użytkownika, stare hasło lub nowe jest puste!";
return(IdentityResult.Failed(error));
}
User user = await _context.Users.FirstOrDefaultAsync(m => m.UserName == dto.UserName);
IdentityResult result = await _userManager.ChangePasswordAsync(user, dto.OldPassword, dto.NewPassword);
return(result);
}
public async Task ChangePassword(PasswordDTO password)
{
var user = await _context.Users.Where(u => u.Id == password.UserId).FirstOrDefaultAsync();
if (user == null)
{
throw new NotFoundException(nameof(User));
}
var salt = SecurityHelper.GetRandomBytes();
user.Salt = Convert.ToBase64String(salt);
user.Password = SecurityHelper.HashPassword(password.Body, salt);
await _context.SaveChangesAsync();
}
public async Task <IActionResult> UpdateUserPassword(int id, PasswordDTO userPassword)
{
var findUser = _context.User.Find(id);
if (findUser != null)
{
var decryptedPassword = CommonMethods.WordDecrypter(findUser.Password);
if (userPassword.OldPassword.Equals(decryptedPassword))
{
var encryptedNewPassword = CommonMethods.WordEncrypter(userPassword.NewPassword);
var encryptedConfirmNewPassword = CommonMethods.WordEncrypter(userPassword.ConfirmNewPassword);
findUser.Password = encryptedNewPassword;
findUser.ConfirmPassword = encryptedConfirmNewPassword;
}
else
{
return(BadRequest("A senha atual informada está incorreta."));
}
_context.Entry(findUser).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
}
return(NoContent());
}
public UserViewDTO ChangePassword(PasswordDTO dto)
{
if (!_validator.IsValidPasswordDTO(dto))
{
throw new InvalidUserException(_validator.ValidationResult);
}
var user = _repository.FindByEmailAndCPF(dto.email, dto.cpf);
if (user == null)
{
throw new UserNotFoundException();
}
user.password = dto.newPassword;
var userView = _mapper.Map <UserViewDTO>(_repository.Save(user));
return(userView);
}
public static bool UpdatePassword(PasswordDTO psw)
{
bool hasBeenChanged = false;
using (SqlConnection connection = DataBase.GetConnection())
{
connection.Open();
SqlCommand command = connection.CreateCommand();
command.CommandText = REQ_UPDATE_PASSWORD;
command.Parameters.AddWithValue($@"{FIELD_PASSWORD}Old", psw.PasswordOld);
command.Parameters.AddWithValue($@"{FIELD_PASSWORD}New", psw.PasswordNew);
command.Parameters.AddWithValue($@"{FIELD_ID}", psw.UserID);
hasBeenChanged = command.ExecuteNonQuery() == 1;
}
return(hasBeenChanged);
}
public ObjectResult RecoverPassword([FromBody] PasswordDTO dto)
{
try
{
var userView = _service.ChangePassword(dto);
return(Ok(userView));
}
catch (InvalidUserException ex)
{
return(BadRequest(ex.ValidationResult));
}
catch (UserNotFoundException ex)
{
return(NotFound(ex.Message));
}
catch (Exception ex)
{
return(StatusCode(500, $"Ocorreu um erro inesperado: {ex.Message}"));
}
}
public async Task ChangePassword(string id, PasswordDTO password, string token)
{
if (password == null)
{
throw new ArgumentNullException(nameof(password));
}
if (password.NewPassword == null)
{
throw new ArgumentNullException(nameof(password.NewPassword));
}
if (password.OldPassword == null)
{
throw new ArgumentNullException(nameof(password.OldPassword));
}
string claimsId = _jwtFactory.GetUserIdClaim(token);
var userEntity = await _userManager.FindByIdAsync(id);
if (userEntity == null)
{
throw new ArgumentNullException(nameof(userEntity), "Couldn't find user with this id");
}
if (claimsId == id)
{
bool checkPassword = await _userManager.CheckPasswordAsync(userEntity, password.OldPassword);
if (checkPassword == false)
{
throw new ArgumentException(nameof(password));
}
else
{
await _userManager.ChangePasswordAsync(userEntity, password.OldPassword, password.NewPassword);
}
}
else
{
throw new NotEnoughtRightsException();
}
}
public IActionResult UpdatePassword(long id, PasswordDTO model)
{
try
{
User user = _dataService.GetById <User>(id);
if (user == null)
{
return(NotFound());
}
user.Password = Encryption.HashPassword(model.Password);
_dataService.Update(user);
return(Ok(Mapper.Map <UserDetailDTO>(user)));
}
catch (Exception e)
{
return(StatusCode(500, e));
}
}
public async Task <IActionResult> ChangePassword([FromBody] PasswordDTO dto)
{
if (dto == null)
{
return(BadRequest());
}
if (!ModelState.IsValid)
{
return(BadRequest(dto));
}
try
{
var result = await _repo.ChangePassword(dto);
return(new ObjectResult(result));
}
catch (Exception exc)
{
return(BadRequest(exc));
}
}
public async Task <bool> ChangePassword(int id, PasswordDTO password, string token)
{
if (password == null)
{
throw new ArgumentNullException(nameof(password));
}
if (password.NewPassword == null)
{
throw new ArgumentNullException(nameof(password.NewPassword));
}
if (password.OldPassword == null)
{
throw new ArgumentNullException(nameof(password.OldPassword));
}
var requesterId = _jwtFactory.GetUserIdClaim(token);
var requesterRole = _jwtFactory.GetUserRoleClaim(token);
var userEntity = await _userManager.FindByIdAsync(id.ToString());
if (userEntity == null)
{
throw new EntityNotFoundException(nameof(userEntity), id);
}
if (requesterId != id && requesterRole != "Admin")
{
throw new NotEnoughRightsException();
}
bool checkPassword = await _userManager.CheckPasswordAsync(userEntity, password.OldPassword);
if (checkPassword == false)
{
throw new WrongCredentialsException();
}
return((await _userManager.ChangePasswordAsync(userEntity, password.OldPassword, password.NewPassword)).Succeeded);
}
public HttpResponseMessage NewPassword(PasswordDTO password, string id)
{
try
{
if (password.Password == null)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden, "Illegal parameter"));
}
string msg = AdminService.NewPassword(id, password.Password);
if (msg == "same")
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Same password"));
}
if (msg == "false")
{
return(Request.CreateResponse(HttpStatusCode.NotFound, "User not found or User not local"));
}
return(Request.CreateResponse(HttpStatusCode.OK, "Password changed"));
}
catch (Exception e)
{
return(Request.CreateResponse(HttpStatusCode.InternalServerError, "There was an InternalServerError: " + e));
}
}
//TODO: Powinno dotyczyć CurrentPassword, ale trzeba najpierw zmienić hasła na hashowane tym użytkownikom testowym, którzy jeszcze mają je w plaintexcie
bool BeEqualToAPwdInDb(PersonChangePasswordDTO user, PasswordDTO pwd)
{
return(pwdValidator.BeEqualToAPasswordInDatabase(user.Email, user.CurrentPassword.Value));
}
public void DeletePassword(PasswordDTO password)
{
Console.WriteLine("Password Delete");
}
public async Task <IActionResult> ChangePassword([FromBody] PasswordDTO password)
{
await _userService.ChangePassword(password);
return(Ok());
}
public ActionResult Save(PasswordDTO entity)
{
var complete = true;
try
{
using (TransactionScope scope = new TransactionScope(TransactionScopeOption.Required))
{
if (ModelState.IsValid)
{
UserAccountEntity user = AccountRepository.Instance.GetById(CurrentUserId);
if (!entity.NewPassword.Equals(entity.NewPasswordConfirmation))
{
Error("As duas senhas digitadas não conferem.");
complete = false;
}
else if (!PasswordUtils.ValidatePassword(entity.CurrentPassword, user.SecurityStamp, user.PasswordHash))
{
Error("A senha atual digitada não confere com a vigente.");
complete = false;
}
else
{
NewRequest request = new NewRequest();
request.Password = entity.NewPassword;
request.Username = user.UserName;
request.Name = user.UserName;
AccountHandler.UpdateUser(request);
}
if (complete)
{
Success("Senha atualizada com sucesso.");
}
scope.Complete();
}
else
{
Warning("Alguns campos são obrigatórios para salvar a senha.");
return(View("PasswordEdit", entity));
}
}
}
catch (Exception ex)
{
Logger.LogException(ex);
Error("Ocorreu um erro ao tentar salvar a senha.", ex);
}
if (complete)
{
if (IsSystemAdmin)
{
return(Redirect("/admin/empresas/"));
}
else
{
if (CurrentWorkerType.ProfileName.Equals(Profiles.ADMINISTRADOR))
{
return(Redirect("/public/dashboard"));
}
else
{
return(Redirect("/public/ranking"));
}
}
}
else
{
return(Redirect("/admin/usuario/perfil/editarSenha"));
}
}
public async Task <IActionResult> ChangeUserPassword(int id, [FromBody] PasswordDTO model)
{
await _userService.ChangePassword(id, model, Request.GetToken());
return(NoContent());
}
