public override string ExtendedValidateUser(string userNameOrEmail, string password)
{
if (string.IsNullOrEmpty(userNameOrEmail))
{
throw CreateArgumentNullOrEmptyException("userNameOrEmail");
}
if (string.IsNullOrEmpty(password))
{
throw CreateArgumentNullOrEmptyException("password");
}
using (PalaverDb context = new PalaverDb())
{
User user = null;
user = context.Users.FirstOrDefault(Usr => Usr.Username == userNameOrEmail);
if (user == null)
{
user = context.Users.FirstOrDefault(Usr => Usr.Email == userNameOrEmail);
}
if (user == null)
{
return(string.Empty);
}
if (!user.IsConfirmed)
{
return(string.Empty);
}
dynamic hashedPassword = user.Password;
bool verificationSucceeded = (hashedPassword != null && CodeFirstCrypto.VerifyHashedPassword(hashedPassword, password));
if (verificationSucceeded)
{
user.PasswordFailuresSinceLastSuccess = 0;
}
else
{
int failures = user.PasswordFailuresSinceLastSuccess;
if (failures != -1)
{
user.PasswordFailuresSinceLastSuccess += 1;
user.LastPasswordFailureDate = DateTime.UtcNow;
}
}
context.SaveChanges();
if (verificationSucceeded)
{
return(user.Username);
}
else
{
return(string.Empty);
}
}
}
public override bool ChangePassword(string userName, string oldPassword, string newPassword)
{
if (string.IsNullOrEmpty(userName))
{
throw CreateArgumentNullOrEmptyException("userName");
}
if (string.IsNullOrEmpty(oldPassword))
{
throw CreateArgumentNullOrEmptyException("oldPassword");
}
if (string.IsNullOrEmpty(newPassword))
{
throw CreateArgumentNullOrEmptyException("newPassword");
}
using (PalaverDb context = new PalaverDb())
{
dynamic user = context.Users.FirstOrDefault(Usr => Usr.Username == userName);
if (user == null)
{
return(false);
}
dynamic hashedPassword = user.Password;
bool verificationSucceeded = (hashedPassword != null && CodeFirstCrypto.VerifyHashedPassword(hashedPassword, oldPassword));
if (verificationSucceeded)
{
user.PasswordFailuresSinceLastSuccess = 0;
}
else
{
int failures = user.PasswordFailuresSinceLastSuccess;
if (failures != -1)
{
user.PasswordFailuresSinceLastSuccess += 1;
user.LastPasswordFailureDate = DateTime.UtcNow;
}
context.SaveChanges();
return(false);
}
dynamic newhashedPassword = CodeFirstCrypto.HashPassword(newPassword);
if (newhashedPassword.Length > 128)
{
throw new ArgumentException("Password too long");
}
user.Password = newhashedPassword;
user.PasswordChangedDate = DateTime.UtcNow;
context.SaveChanges();
return(true);
}
}