/// <summary>
/// Changes a user's password. Allows an admin to resets a user's password without a current password.
/// </summary>
/// <param name="userName">Username of the user.</param>
/// <param name="newPassword">The new password.</param>
/// <returns>The change password result.</returns>
public async Task <ChangePasswordResult> ResetPassword(string userName, string newPassword)
{
var strongPassword = IsStrongPassword(newPassword);
var result = new ChangePasswordResult();
if (!strongPassword)
{
result.PasswordNotStrong = true;
return(result);
}
var user = await GetUser(userName, false);
var passwordCheckHash = PasswordHash.CreateHashSameSalt(user.PasswordHash, newPassword);
user.PasswordHash = PasswordHash.CreateHash(newPassword);
user.PasswordHistory += $"\n{passwordCheckHash}";
user.LastLogin = DateTime.Now;
user.FailedLoginCount = 0;
user.MustChangePassword = false;
await _userData.UpdateAsync(user);
result.User = user;
_adminLogService.LogNeutral($"Password reset for {user.UserName} succeeded.", LogCategory.Security);
return(result);
}
/// <summary>
/// Changes a user's password.
/// </summary>
/// <param name="userName">Username of the user.</param>
/// <param name="currentPassword">The current password.</param>
/// <param name="newPassword">The new password.</param>
/// <returns>The change password result.</returns>
public async Task <ChangePasswordResult> ChangePassword(string userName, string currentPassword, string newPassword)
{
var result = new ChangePasswordResult(await Authenticate(userName, currentPassword));
if (!(result.Success || result.MustChangePassword))
{
_adminLogService.LogElevated($"Password change for {userName} rejected (invalid password).", LogCategory.Security);
return(new ChangePasswordResult(result));
}
var strongPassword = IsStrongPassword(newPassword);
if (!strongPassword)
{
result.PasswordNotStrong = true;
return(result);
}
var user = await GetUser(userName, false);
var passwordHistory = (user.PasswordHistory ?? "").Split('\n');
var passwordCheckHash = PasswordHash.CreateHashSameSalt(user.PasswordHash, newPassword);
if (passwordHistory.Any(s => s == passwordCheckHash))
{
_adminLogService.LogElevated($"Password change for {userName} rejected (password used previously).", LogCategory.Security);
return(new ChangePasswordResult {
PasswordUsedPreviously = true
});
}
user.PasswordHash = PasswordHash.CreateHash(newPassword);
user.PasswordHistory += $"\n{passwordCheckHash}";
user.LastLogin = DateTime.Now;
user.FailedLoginCount = 0;
user.MustChangePassword = false;
await _userData.UpdateAsync(user);
_adminLogService.LogNeutral($"Password change for {user.UserName} succeeded.", LogCategory.Security);
return(new ChangePasswordResult
{
User = user
});
}
