internal AccountControllerBuilder WithResetToken(PasswordResetToken token) { _mockPasswordService.Setup(p => p.GeneratePasswordResetTokenAsync(It.IsAny <string>())) .ReturnsAsync(token); return(this); }
public void TrimData() { if (Name == null) { Name = ""; } if (EmailId == null) { EmailId = ""; } if (EncryptedEmailId == null) { EncryptedEmailId = ""; } if (MobileNo == null) { MobileNo = ""; } if (EncryptedMobileNo == null) { EncryptedMobileNo = ""; } if (LoginPassword == null) { LoginPassword = ""; } if (EncryptedLoginPassword == null) { EncryptedLoginPassword = ""; } if (PasswordResetToken == null) { PasswordResetToken = ""; } if (Remarks == null) { Remarks = ""; } Name = Name.Trim(); EmailId = EmailId.Trim(); EncryptedEmailId = EncryptedEmailId.Trim(); MobileNo = MobileNo.Trim(); EncryptedMobileNo = EncryptedMobileNo.Trim(); LoginPassword = LoginPassword.Trim(); EncryptedLoginPassword = EncryptedLoginPassword.Trim(); PasswordResetToken = PasswordResetToken.Trim(); Remarks = Remarks.Trim(); }
public async Task Validate(IUserSession userSession, ResetPassword command) { var failures = new List <ValidationFailure>(); if (command.EncryptedPassword == null || string.IsNullOrEmpty(command.EncryptedPassword.Password)) { failures.Add(new ValidationFailure("EncryptedPassword", ValidationFailureType.Missing)); } if (command.ResetPasswordToken == Guid.Empty) { failures.Add(new ValidationFailure("ResetPasswordToken", ValidationFailureType.Missing)); } else { try { PasswordResetToken passwordResetToken = await _readOnlyRepo.GetById(command.ResetPasswordToken); if (passwordResetToken.Created > _timeProvider.Now().AddDays(2)) { failures.Add(new ValidationFailure("ResetPasswordToken", ValidationFailureType.Expired)); } } catch (ItemNotFoundException <PasswordResetToken> ) { failures.Add(new ValidationFailure("ResetPasswordToken", ValidationFailureType.DoesNotExist)); } } if (failures.Any()) { throw new CommandValidationException(failures); } }
public async Task <ActionResult> SendPasswordResetMessage([FromBody] SendPasswordResetMessageDto dto) { var user = await _appDbContext.Users.FirstOrDefaultAsync(i => i.Username == dto.Username); var newToken = _alphanumericTokenGenerator.GenerateAlphanumericToken(_config.PasswordResetTokenLength); var newResetToken = new PasswordResetToken() { Token = newToken, CreatedAt = DateTime.Now }; user.PasswordCredential.PasswordResetToken = newResetToken; await _appDbContext.SaveChangesAsync(); _emailSender.SendEmail( new Email() { Recipient = user.Email.EmailAddress, Subject = "Password Reset", Body = $"your token: {newToken}", EmailBodyType = EmailBodyType.Plaintext }); return(Ok()); }
protected PasswordResetToken CreateNewUserPasswordResetToken(int UserID) { PasswordResetToken token = new PasswordResetToken(); try { string sql_connStr = new TruckScheduleConfigurationKeysHelper().sql_connStr; int expirationLimitInMinutes = int.Parse(ConfigurationManager.AppSettings["PassworResetTokenExpiryMinutes"]); token = new PasswordResetToken(UserID, expirationLimitInMinutes); SqlHelper.ExecuteNonQuery(sql_connStr, CommandType.StoredProcedure, "sp_truckschedapp_createPasswordResetToken" , new SqlParameter("@pUserKeyHashed", DataTransformer.createSHA256HashedString(token.UserKey.ToString())) , new SqlParameter("@pUserID", UserID) , new SqlParameter("@pIssueDate", token.IssuedOn) , new SqlParameter("@pExpireDate", token.ExpiresOn) , new SqlParameter("@pValid", token.isValid) ); } catch (Exception ex) { string strErr = " Exception Error in EmailReset CreateNewUserPasswordResetToken(). Details: " + ex.ToString(); ErrorLogging.WriteEvent(strErr, EventLogEntryType.Error); System.Web.HttpContext.Current.Session["ErrorNum"] = 1; ErrorLogging.sendtoErrorPage(1); throw; } return(token); }
public ActionResult FetchSecurityQuestions(string PasswordResetToken) { PasswordResetToken token = _resetService.GetToken(PasswordResetToken); if (token == null) { return(new BadRequestObjectResult("Invalid password reset link")); } if (token.Attempts >= 3) { return(new BadRequestObjectResult("Too many attempts have been attempted with this link, please create a new link.")); } if (token.DateCreated.AddMinutes(10) > DateTime.UtcNow) { return(new BadRequestObjectResult("The password reset link has expired, please create a new link.")); } var user = _userAccountService.ReadUserFromDBUsingId(token.UserId); Dictionary <string, string> securityQuestions = new Dictionary <string, string> { { "SecurityQuestion1", user.SecurityQuestion1 }, { "SecurityQuestion2", user.SecurityQuestion2 }, { "SecurityQuestion3", user.SecurityQuestion3 } }; return(new OkObjectResult(JsonConvert.SerializeObject(securityQuestions, Formatting.Indented))); }
public ActionResult GenerateResetPasswordToken(string emailAddress) { MimeMessage email; var user = _userAccountService.ReadUserFromDBUsingEmail(emailAddress); if (user == null) { email = EmailConstructorResetUserDoesNotExist(); EmailService.SendEmail(email); return(new BadRequestObjectResult("User does not exist")); } // Check if number of password resets generated is < 3 var tokensGenerated = _resetService.GetTokensByUserId(user.UserAccountId); var tokensGeneratedInLast24hrs = tokensGenerated.Where(t => t.DateCreated > DateTime.Now.AddHours(-24)); if (tokensGeneratedInLast24hrs.Count() >= 3) { return(new BadRequestObjectResult("Unable to generate password reset link, only 3 are allowed per 24hrs. Please try again in 24hrs.")); } string passwordResetToken = CryptoService.GenerateToken(); PasswordResetToken token = new PasswordResetToken(passwordResetToken, user.UserAccountId); _resetService.InsertToken(token); string resetLink = BaseUrl + passwordResetToken; email = EmailConstructorPasswordResetLink(); EmailService.SendEmail(email); return(new OkObjectResult("A password reset link has been sent to your email")); }
public async Task <PasswordResetToken> CreateAsync(Guid userId, int expiryMinutes) { if (userId == Guid.Empty) { throw new ArgumentNullException("userId"); } string _token = ""; System.Security.Cryptography.RandomNumberGenerator cryptoRNG = System.Security.Cryptography.RandomNumberGenerator.Create(); Byte[] randomBytes = new Byte[40]; while ((_token == "") || (await IsTokenUnique(_token) == false)) { cryptoRNG.GetBytes(randomBytes); _token = Convert.ToBase64String(randomBytes); } PasswordResetToken _resetToken = new PasswordResetToken(); _resetToken.Id = Guid.NewGuid(); _resetToken.UserId = userId; _resetToken.Token = _token; _resetToken.Expires = DateTime.Now.AddMinutes(expiryMinutes); using (IDbConnection connection = CurrentContext.OpenConnection()) connection.Execute("insert into app_PasswordResetTokens(Id, UserId, Token, Expires, Used) values(@Id, @UserId, @Token, @Expires, @Used)", new { Id = _resetToken.Id, UserId = _resetToken.UserId, Token = _resetToken.Token, Expires = _resetToken.Expires.ToString("dd-MM-yyyy HH:mm:ss"), Used = _resetToken.Used.Value.ToString("dd-MM-yyyy HH:mm:ss") }); return(_resetToken); }
public async Task Delete(string id) { PasswordResetToken passwordResetTokens = await _context.PasswordResetTokens.FindAsync(id); _context.PasswordResetTokens.Remove(passwordResetTokens); await _context.SaveChangesAsync(); }
public async Task <IActionResult> SendPasswordResetLinkMobile([FromBody] ForgotPasswordReq model) { try { var user = await _userManager.FindByEmailAsync(model.Email); if (user == null || !(await _userManager.IsEmailConfirmedAsync(user))) { return(Ok(false)); } var code = await _userManager.GeneratePasswordResetTokenAsync(user); code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); bool available = true; int mCode = 0; Random rnd = new Random(); do { mCode = rnd.Next(100000, 999999); var isAvailable = _context.passwordResetTokens.Where(o => o.MobileCode == mCode.ToString()).FirstOrDefault(); available = isAvailable == null; } while (!available); //insert to database PasswordResetToken passwordResetToken = new PasswordResetToken { UserID = user.Id, IsActive = true, RegistedDate = DateTime.Now, MobileCode = mCode.ToString(), Token = code }; _context.passwordResetTokens.Add(passwordResetToken); _ = _context.SaveChangesAsync(); ForgotEmailDataMobile forgotEmailData = new ForgotEmailDataMobile { Company = _config.Value.CompanyName, Email = model.Email, code = mCode.ToString(), SiteName = _config.Value.SolutionName, SiteUrl = _config.Value.BaseURL }; await _emailSender.SendEmailAsync(model.Email, "APlus Account Password Reset", DataFormatManager.GetFormatedForgotPasswordEmailTemplate(forgotEmailData, _hostingEnvironment.ContentRootPath + _templateParams.Value.ForgotPasswordMailTemplateMobile)); return(Ok(true)); } catch (Exception ex) { throw ex; } }
/// <summary> /// Starts "I forgot My Password" flow. Sends users e-mail address a link with a token to reset his/her password /// Throws exception if user is not found /// </summary> /// <param name="userNameOrEmail">Username or e-mail address of the user</param> /// <returns>Generated token</returns> public PasswordResetToken StartForgotPasswordProcess(string userNameOrEmail) { ASUser user = _userManager.FindByEmail(userNameOrEmail); if (user == null) { user = _userManager.FindByName(userNameOrEmail); if (user == null) { throw new ASException(this._resourceManager.GetString("Membership_UserNotFound")); } } if (this._settingManager.GetContainer <EMailSetting>().Default == null) { throw new ASException(this._resourceManager.GetString("EMail_UserErrorMessage")); } PasswordResetToken token = new PasswordResetToken(); token.Token = this._userManager.GeneratePasswordResetToken(user.Id); token.UserId = user.Id; Dictionary <string, object> viewBag = new Dictionary <string, object>(); viewBag.Add("UserName", user.UserName); viewBag.Add("ResetLink", string.Concat(this._contextProvider.RootAddress, "ResetPassword?token=" , this._appManager.EncodeURL(token.Token))); EMail mail = new EMail(); mail.Body = this._templateService.GetBody("ForgotPassword", viewBag); mail.EmailSettingName = this._settingManager.GetContainer <EMailSetting>().Default.Name; mail.FromAddress = this._settingManager.GetContainer <EMailSetting>().Default.FromAddress; mail.FromName = this._settingManager.GetContainer <EMailSetting>().Default.FromDisplayName; mail.Receivers = user.Email; mail.SmtpClientTimeOut = this._settingManager.GetContainer <EMailSetting>().Default.TimeOut; mail.SmtpEnableSsl = this._settingManager.GetContainer <EMailSetting>().Default.EnableSsl; mail.SmtpHostAddress = this._settingManager.GetContainer <EMailSetting>().Default.Host; mail.SmtpPassword = this._settingManager.GetContainer <EMailSetting>().Default.Password; mail.SmtpPort = this._settingManager.GetContainer <EMailSetting>().Default.Port; mail.SmtpUseDefaultCredentials = this._settingManager.GetContainer <EMailSetting>().Default.DefaultCredentials; mail.SmtpUserName = this._settingManager.GetContainer <EMailSetting>().Default.UserName; mail.Subject = this._templateService.GetSubject("ForgotPassword", viewBag); _mailService.Enqueue(mail); token.EMail = mail; _dbContext.Set <PasswordResetToken>().Add(token); UserActivity activity = new UserActivity(); activity.UserId = user.Id; activity.UserActivityType = UserActivityType.PasswordResetRequest; _dbContext.Set <UserActivity>().Add(activity); _dbContext.SaveChanges(); return(token); }
public void InsertToken() { var user = uas.ReadUserFromDBUsingEmail("*****@*****.**"); PasswordResetToken token = new PasswordResetToken(CryptoService.GenerateToken(), user.UserAccountId); var inserted = rs.InsertToken(token); Assert.IsTrue(inserted); }
public static void Constructor_String_ApplicationUser_InitializesExpectedMembers() { const string expectedToken = "TokenToken"; var expectedUser = ApplicationUserBuilder.Create().Build(); var token = new PasswordResetToken(expectedToken, expectedUser); token.Token.Should().Be(expectedToken); token.User.Should().Be(expectedUser); }
public void SendResetToken(AccountEmailAddress primaryEmail, PasswordResetToken token) { _emailSender.SendEmail( new Email() { Recipient = primaryEmail.EmailAddress, Subject = "Password Reset", EmailBodyType = EmailBodyType.HTML, Body = $"your token : {token.ResetToken}" }); }
public async Task <ActionResult <IResponseObject> > GetPasswordResetToken(string id) { PasswordResetToken token = await _passwordResetTokenRepository.GetById(id); if (token == null) { IResponseObject errorResponse = _responseObjectFactory .CreateErrorResponseObject(HttpStatusCode.NotFound, NotFoundErrorTitle, NotFoundErrorDetail); return(NotFound(errorResponse)); } return(_responseObjectFactory.CreateResponseObject(new { token.Id })); }
public async Task <bool> AddPasswordResetTokenAsync(PasswordResetToken token) { try { await repository.AddAsync(token); } catch { return(false); } return(true); }
public async Task <bool> DeleteTokenAsync(PasswordResetToken token) { if (token != null) { context.PasswordResetTokens.Remove(token); await context.SaveChangesAsync(); return(true); } return(false); }
public async Task <PasswordResetToken> GetToken(string resetToken) { try { PasswordResetToken token = await _resetTokens.Find(x => x.Token == resetToken).FirstOrDefaultAsync(); return(token); } catch { return(null); } }
public async Task Handle(IUserSession userIssuingCommand, ResetPassword command) { PasswordResetToken passwordResetToken = await _tokenReadRepo.GetById(command.ResetPasswordToken); UserEmailLogin user = await _repo.GetById <UserEmailLogin>(passwordResetToken.UserId); user.ChangePassword(command.EncryptedPassword); await _repo.Update(user); await _tokenReadRepo.Delete(command.ResetPasswordToken); NotifyObservers(new PasswordReset(passwordResetToken.UserId)); }
public virtual Task UpdateAsync(PasswordResetToken token) { if (token == null) { throw new ArgumentNullException("token"); } return(Task.Factory.StartNew(() => { using (IDbConnection connection = CurrentContext.OpenConnection()) connection.Execute("update app_PasswordResetTokens SET UserID=@UserId, Token=@Token, Expires=@Expires, Used=@Used WHERE ID=@Id", new { UserId = token.UserId, Token = token.Token, Expires = token.Expires.ToString("dd-MM-yyyy HH:mm:ss"), Used = (token.Used.HasValue ? token.Used.Value.ToString("dd-MM-yyyy HH:mm:ss"):"") }); })); }
public async Task <IHttpActionResult> PasswordReset(ResetPasswordBindingModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } PasswordResetToken _token = await UnitOfWork.PasswordResetTokenStore.FindByToken(model.ResetToken); if (_token == null) { return(BadRequest("Invalid Token")); } if (_token.Expires < DateTime.Now) { return(BadRequest("Expired Token")); } if (_token.Used.HasValue) { return(BadRequest("Token Already Used")); } ISS.Authentication.Domain.Models.User _user = await UnitOfWork.UserStore.FindByIdAsync(_token.UserId); if (_user == null) { return(BadRequest("User not Found")); } IdentityResult _result = await UserManager.RemovePasswordAsync(_user.Id); _result = await UserManager.AddPasswordAsync(_user.Id, model.NewPassword); _token.Used = DateTime.Now; if (_result.Succeeded) { await UnitOfWork.PasswordResetTokenStore.UpdateAsync(_token); return(Ok()); } else { string _errors = ""; foreach (string _error in _result.Errors) { if (_errors != "") { _errors += "; "; } _errors += _error; } return(BadRequest(_errors)); } }
public async Task <PasswordResetToken> CreatePasswordResetTokenAsync(User user, string token) { var passwordResetToken = new PasswordResetToken(); passwordResetToken.UserId = user.Id; passwordResetToken.TokenHash = BC.HashPassword(token); passwordResetToken.ExpirationDate = DateTime.Now.AddHours(1); await _context.ResetTokens.AddAsync(passwordResetToken); await _context.SaveChangesAsync(); return(passwordResetToken); }
public async Task <bool> AddAsync(PasswordResetToken token) { try { await context.PasswordResetTokens.AddAsync(token); await context.SaveChangesAsync(); } catch (Exception ex) { throw ex; } return(true); }
public async Task <bool> UpdateToken(PasswordResetToken token) { bool updated = false; try { await _resetTokens.ReplaceOneAsync(x => x.PasswordResetTokenId == token.PasswordResetTokenId, token); updated = true; } catch { return(updated); } return(updated); }
public async Task <bool> InsertToken(PasswordResetToken token) { bool inserted = false; try { await _resetTokens.InsertOneAsync(token); inserted = true; return(inserted); } catch { return(inserted); } }
public async Task <IActionResult> SendPasswordResetLink([FromBody] ForgotPasswordReq model) { try { var user = await _userManager.FindByEmailAsync(model.Email); if (user == null || !(await _userManager.IsEmailConfirmedAsync(user))) { return(NotFound("Email address is not registered or wrong email.")); } var code = await _userManager.GeneratePasswordResetTokenAsync(user); code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); //insert to database PasswordResetToken passwordResetToken = new PasswordResetToken { UserID = user.Id, IsActive = true, RegistedDate = DateTime.Now, Token = code }; _context.passwordResetTokens.Add(passwordResetToken); _ = _context.SaveChangesAsync(); ForgotEmailData forgotEmailData = new ForgotEmailData { Company = _config.Value.CompanyName, Email = model.Email, PasswordResetUrl = _config.Value.ResetEmailUrl + "?token=" + code, SiteName = _config.Value.SolutionName, SiteUrl = _config.Value.BaseURL }; await _emailSender.SendEmailAsync(model.Email, "APlus Account Password Reset", DataFormatManager.GetFormatedForgotPasswordEmailTemplate(forgotEmailData, _hostingEnvironment.ContentRootPath + _templateParams.Value.ForgotPasswordMailTemplate)); return(Ok("Email sent successfully")); } catch (Exception ex) { throw ex; } }
protected void SendPasswordResetEmail(PasswordResetToken prToken) { try { TruckScheduleConfigurationKeysHelper tsConfig = new TruckScheduleConfigurationKeysHelper(); if (string.Empty == tsConfig.truckReservationEmail) { throw new Exception("Missing Truck Reservation Email in web.config"); } string userEmail = emailAddress.Text; string PassworResetTokenURL = ConfigurationManager.AppSettings["PassworResetTokenURL"]; if (string.Empty == PassworResetTokenURL) { throw new Exception("Missing PassworResetTokenURL in web.config"); } string validDatetime = string.Concat(prToken.ExpiresOn.ToLocalTime().ToShortDateString(), " ", prToken.ExpiresOn.ToLocalTime().ToShortTimeString()); string resetURL = string.Concat(PassworResetTokenURL, "PasswordReset.aspx?token=", prToken.UserKey.ToString()); string emailbody = string.Concat("<p>A password change request was recently made for your ZXP Truck Schedule account.</p>" , "<p>Please click the link below to go to to the reset password page.</p>" , "<p>If you did not request for a password reset or no longer need a reset, no action is needed.</p>" , "<p>If you have any questions or comments, please contact the IT department.</p>"); string linkSection = string.Concat("<p>This link will be valid until " , validDatetime , ".</p><p><a href='" , resetURL , "'>Reset Password</a><p>"); AlertMessenger aMsgr = new AlertMessenger(); aMsgr._emailAddressesTO.Add(userEmail); aMsgr._from = tsConfig.truckReservationEmail; aMsgr._subject = "ZXP Truck Schedule Application Password Reset"; aMsgr._body = string.Concat(emailbody, linkSection); aMsgr.sendAlertMessage(true); } catch (Exception ex) { string strErr = " Exception Error in EmailReset SendPasswordResetEmail(). Details: " + ex.ToString(); ErrorLogging.WriteEvent(strErr, EventLogEntryType.Error); System.Web.HttpContext.Current.Session["ErrorNum"] = 1; ErrorLogging.sendtoErrorPage(1); } }
protected string ProcessUserResetTokenRequest(int UserID) { try { PasswordResetToken token = checkIfValidPasswordResetTokenExists(UserID); DateTime now = DateTime.UtcNow; DateTime timeMinimumForResend = now; if (!(Guid.Empty == token.UserKey)) { int ResetSpamTimeLimitInMinutes = int.Parse(ConfigurationManager.AppSettings["PasswordResetTokenSpamTimeLimitInMinutes"]); timeMinimumForResend = token.IssuedOn.AddMinutes(ResetSpamTimeLimitInMinutes); } if (now.CompareTo(timeMinimumForResend) > 0 || Guid.Empty == token.UserKey) { if (!(Guid.Empty == token.UserKey)) { InvalidatePasssworResetToken(UserID); } PasswordResetToken newToken = CreateNewUserPasswordResetToken(UserID); SendPasswordResetEmail(newToken); return("Password reset email has been sent."); } else { //display to user that not enough time has passed since last reset request. return(string.Concat("Not enough time has passed. To prevent spamming, please wait until " , timeMinimumForResend.ToLocalTime().ToShortDateString() , " " , timeMinimumForResend.ToLocalTime().ToShortTimeString(), " before requesting another reset.")); } } catch (Exception ex) { string strErr = " Exception Error in EmailReset ProcessUserResetTOkenRequest(). Details: " + ex.ToString(); ErrorLogging.WriteEvent(strErr, EventLogEntryType.Error); System.Web.HttpContext.Current.Session["ErrorNum"] = 1; ErrorLogging.sendtoErrorPage(1); throw; } }
public async Task <ActionResult <IResponseObject> > PatchUserPassword(UserPasswordResetUpdateDTO passwordResetDTO) { PasswordResetToken token = await _passwordResetTokenRepository.GetById(passwordResetDTO.PasswordResetTokenId); if (token == null || DateTime.Now >= token.Expiration) { return(BadRequest(UserUpdateErrorTitle, UserUpdatePasswordResetErrorDetail)); } User user = await _userRepository.GetByEmail(token.Email); if (user == null) { return(BadRequest(UserUpdateErrorTitle, UserUpdatePasswordResetUserErrorDetail)); } user.PasswordHash = _passwordHasher.HashPassword(passwordResetDTO.Password); await _passwordResetTokenRepository.DeleteByEmail(user.Email); return(await TryPerformUserUpdate(user)); }
public void SendPasswordResetMessage( IPasswordResetMessageSender passwordResetMessageSender, IAlphanumericTokenGenerator tokenGenerator, IDateTimeService dateTimeService) { var resetToken = new PasswordResetToken() { Token = tokenGenerator.GenerateAlphanumericToken(16), CreatedAt = dateTimeService.GetCurrentDateTime() }; PasswordResetTokens.Add(resetToken); var addresses = new Dictionary <TypesOfAdress, string>(); addresses.Add(TypesOfAdress.Email, EmailAddress); passwordResetMessageSender.SendPasswordResetMessage(addresses, resetToken); }