public async Task <UserClaimsDto> Register(AddUserDto userDto)
{
if (await _genericRepository.FindBy(x => x.Email == userDto.Email).AnyAsync())
{
return(null);
}
User user = new User {
UserName = userDto.Username, Email = userDto.Email
};
if (!string.IsNullOrEmpty(userDto.Password))
{
byte[] passwordHash, passwordSalt;
HashSaltHelper.GeneratePasswordHashAndSalt(userDto.Password, out passwordHash, out passwordSalt);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
await _genericRepository.Add(user);
return(_mapper.Map <UserClaimsDto>(user));
}
return(null);
}
public bool ResetPassword(string username, string email, string passwordResetRequestCode, string newPassword)
{
bool success = false;
//1) Find the passwordResetRequestCode Record if it exists, which gives the account id
//2) Get the AccountRecord
//3) Update the Password = newPassword and the Deleted flag = true, call update on bo to update in database
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordResetRequest = null;
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest passwordResetSearchCriteria =
new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME])
{
PasswordResetCode = passwordResetRequestCode
};
TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest passwordResetSearchReturned =
new TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]);
passwordResetSearchReturned.FillByCriteriaExact(passwordResetSearchCriteria);
if (passwordResetSearchReturned != null && passwordResetSearchReturned.Count > 0)
{
if (passwordResetSearchReturned.Count == 1)
{
foundPasswordResetRequest = (TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest)passwordResetSearchReturned[0];
//make sure that the email or username is valid
TestSprocGenerator.Business.SingleTable.Bo.Account foundAccount = null;
string emailAddress = DetermineEmailGetAccountByEmailOrUsername(username, email, out foundAccount);
if (foundAccount != null)
{
//account is valid if the accountid of the returned record and the password request record accountID match
if (foundAccount.AccountID == foundPasswordResetRequest.AccountID)
{
//TODO: should probably do this in a transaction instead of having the possibility of one of these
//failing
foundAccount.Deleted = false;
foundAccount.AccountPassword = HashSaltHelper.CreatePasswordHash(newPassword,
HashSaltHelper.CreateSalt());
foundAccount.Update();
foundPasswordResetRequest.Delete();
success = true;
}
else
{
throw new ApplicationException("Email or Username provided does not match the Password Reset Request code record");
}
}
else
{
throw new ApplicationException("Email or Username provided is not valid");
}
}
}
return(success);
}
public bool LoginUser(string username, string password)
{
if (_smoSettings.ContainsKey(CONNECTION_STRING_NAME))
{
if (string.IsNullOrEmpty(username))
{
throw new ArgumentNullException("Username");
}
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException("Password");
}
//get the user by username first then we can figure out if the password is ok
TestSprocGenerator.Business.SingleTable.Bo.Account criteria =
new TestSprocGenerator.Business.SingleTable.Bo.Account(_smoSettings[CONNECTION_STRING_NAME])
{
AccountUsername = username, Deleted = false
};
TestSprocGenerator.Business.SingleTable.Bo.List.Account searchReturned =
new TestSprocGenerator.Business.SingleTable.Bo.List.Account(_smoSettings[CONNECTION_STRING_NAME]);
searchReturned.FillByCriteriaExact(criteria);
if (searchReturned != null && searchReturned.Count > 0)
{
//now that we have a user with that username we need to compare/verify the hashed password
if (!string.IsNullOrEmpty(searchReturned[0].AccountPassword))
{
string salt = searchReturned[0].AccountPassword.Substring(searchReturned[0].AccountPassword.Length -
CommonLibrary.Security.HashSaltHelper.SALT_SIZE);
string hashedPasswordAndSalt = HashSaltHelper.CreatePasswordHash(password, salt);
bool passwordMatch = hashedPasswordAndSalt.Equals(searchReturned[0].AccountPassword);
if (passwordMatch)
{
return(true);
}
}
}
return(false);
}
else
{
throw new ApplicationException("Database Connection String Not in Configuration File or not loaded from Config File");
}
return(false);
}
public async Task <UserClaimsDto> Login(AddUserDto userDto)
{
User user = await _genericRepository.FindBy(x => x.Email == userDto.Email).SingleAsync();
if (user == null)
{
return(null);
}
if (!HashSaltHelper.VerifyPasswordHash(userDto.Password, user.PasswordHash, user.PasswordSalt))
{
return(null);
}
return(_mapper.Map <UserClaimsDto>(user));
}
/// <summary>
/// Generate a regular Account from the UI, the Administrative Accounts need to go through an Administrative
/// set of interfaces/code
/// </summary>
/// <param name="accountModel"></param>
/// <returns></returns>
public bool AccountCreate(TestSprocGenerator.Business.SingleTable.Bo.Account accountModel)
{
if (_smoSettings.ContainsKey(CONNECTION_STRING_NAME))
{
accountModel.DatabaseSmoObjectsAndSettings = _smoSettings[CONNECTION_STRING_NAME];
if (string.IsNullOrEmpty(accountModel.AccountUsername))
{
throw new ArgumentNullException("AccountUsername");
}
if (string.IsNullOrEmpty(accountModel.AccountPassword))
{
throw new ArgumentNullException("AccountPassword");
}
if (DoesUserNameExist(accountModel.AccountUsername))
{
throw new ArgumentException("AccountUsername is in Use, Please pick another username");
}
//Set default values for insertion of new account
accountModel.AccountCode = DEFAULT_ACCOUNT_CODE;
accountModel.AccountID = Guid.NewGuid();
accountModel.AccountPassword = HashSaltHelper.CreatePasswordHash(accountModel.AccountPassword,
HashSaltHelper.CreateSalt());
accountModel.Deleted = false;
accountModel.InsertedDateTime = DateTime.Now;
accountModel.ModifiedDateTime = DateTime.Now;
accountModel.Insert();
return(true);
}
else
{
throw new ApplicationException("Database Connection String Not in Configuration File or not loaded from Config File");
}
}
public async Task <User> Add(AddUserDto userDto)
{
User user = new User {
UserName = userDto.Username, Email = userDto.Email
};
if (!string.IsNullOrEmpty(userDto.Password))
{
byte[] passwordHash, passwordSalt;
HashSaltHelper.GeneratePasswordHashAndSalt(userDto.Password, out passwordHash, out passwordSalt);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
}
await _context.Users.AddAsync(user);
await _context.SaveChangesAsync();
return(user);
}
