public override IEnumerable <Expression <Func <User, bool> > > GetPredicates()
{
if (Email.HasValue())
{
yield return(entity => entity.Email == Email);
}
if (SignupToken.HasValue())
{
yield return(entity => entity.SignupToken == SignupToken);
}
if (ResetPasswordToken.HasValue())
{
yield return(entity => entity.ResetPasswordToken == ResetPasswordToken);
}
if (IdToExclude.HasValue)
{
yield return(entity => entity.Id != IdToExclude);
}
if (SearchValue.HasValue())
{
yield return(entity => entity.FirstName.Contains(SearchValue) ||
entity.LastName.Contains(SearchValue) ||
entity.Email.Contains(SearchValue));
}
}
public async Task <OmbiIdentityResult> ResetPassword([FromBody] ResetPasswordToken token)
{
var user = await UserManager.FindByEmailAsync(token.Email);
if (user == null)
{
return(new OmbiIdentityResult
{
Successful = false,
Errors = new List <string> {
"Please check you email."
}
});
}
var validToken = WebUtility.UrlDecode(token.Token);
validToken = validToken.Replace(" ", "+");
var tokenValid = await UserManager.ResetPasswordAsync(user, validToken, token.Password);
if (tokenValid.Succeeded)
{
return(new OmbiIdentityResult
{
Successful = true,
});
}
return(new OmbiIdentityResult
{
Errors = tokenValid.Errors.Select(x => x.Description).ToList()
});
}
public override ResetPasswordToken GenerateResetPasswordToken(IResetPasswordTokenOwner owner, ApplicationStore applicationStore, string urlBack = "")
{
var account = owner as Account;
ResetPasswordToken token = null;
var tokens = resetPasswordTokenRepository.ListByOwnerCode(account.Code);
if (!tokens.IsNull())
{
token = tokens.Where(t => t.ExpiresUtc > DateTime.UtcNow.AddMinutes(60) && t.ApplicationStoreCode == applicationStore.Code).FirstOrDefault();
if (!token.IsNull())
{
return(token);
}
}
if (token.IsNull())
{
base.DeleteAllResetPasswordTokens(account.Code);
token = new ResetPasswordToken(account.Code, applicationStore.Code, urlBack);
resetPasswordTokenRepository.Add(token);
}
return(token);
}
public async Task <IActionResult> ResetPassword(ResetPasswordRequestModel model)
{
await _loggingService.SaveAuditLog($"Retrieving user with email {model.Email}", AuditActionEnum.Read);
var user = await _userRepository.GetUserByEmail(model.Email);
if (user == null)
{
return(BadRequest());
}
var token = TokenHelper.GenerateResetPasswordToken();
var resetPasswordToken = new ResetPasswordToken
{
Token = token,
ExpirationDate = DateTime.Now.AddMinutes(30),
UserId = user.UserId
};
await _loggingService.SaveAuditLog($"Creating reset-password token for user with user id {user.UserId}",
AuditActionEnum.Create);
await _authenticationRepository.CreateToken(resetPasswordToken);
await _emailService.SendEmail(new EmailData(token, model.Email, EmailTypeEnum.PasswordRecovery));
return(Ok());
}
public override ResetPasswordToken GenerateResetPasswordToken(IResetPasswordTokenOwner owner, ApplicationStore applicationStore, string urlBack = "")
{
var customer = owner as CustomerImport;
ResetPasswordToken token = null;
var tokens = resetPasswordTokenRepository.ListByOwnerCode(customer.AccountCode);
if (!tokens.IsNull())
{
token = tokens.Where(t => t.ExpiresUtc > DateTime.UtcNow.AddMinutes(15) && t.ApplicationStoreCode == applicationStore.Code).FirstOrDefault();
if (!token.IsNull() && (DateTime.UtcNow - token.GeneratedUtc).TotalSeconds > Config.SecondsToRegeneratePasswordRecovery)
{
token = null;
}
}
if (token.IsNull())
{
base.DeleteAllResetPasswordTokens(customer.AccountCode);
token = new ResetPasswordToken(customer.AccountCode, applicationStore.Code, urlBack);
resetPasswordTokenRepository.Add(token);
}
return(token);
}
public async Task <object> ForgotPassword(string Email)
{
try
{
if (Email == null)
{
return(new Response <bool>(Constants.NOT_FOUND_CODE, false, Constants.NOT_FOUND));
}
var user = await UserManager.FindByEmailAsync(Email);
if (user == null || !(await UserManager.IsEmailConfirmedAsync(user)))
{
// Don't reveal that the user does not exist or is not confirmed
return(new Response <bool>(Constants.NOT_FOUND_CODE, false, Constants.NOT_FOUND));
}
var rand = new RandomGenerator();
var code = rand.RandomToken();
EmailBodyDefaultParams emailBodyDefaultParams = db.EmailBodyDefaultParams
.Where(e => e.EmailTypeName == "reset_password_api").FirstOrDefault();
string body = EmailSender.CreateEmailBody(emailBodyDefaultParams);
body = body.Replace("{callbackurl}", "#");
body = body.Replace("{callbackdisplaytext}", code);
var contentAppName = db.ContentManagement.Where(cm => cm.Name == "app_name")
.FirstOrDefault();
string AppName = contentAppName == null ? "Fuel Services" : contentAppName.DisplayName;
var simpleResponse = EmailSender.SendEmail(Email, AppName, body);
ResetPasswordToken resetPasswordToken = new ResetPasswordToken()
{
ResetPasswordCode = code,
UserId = user.Id,
ResetPasswordCodeValidityEndDate = DateTime.Now.AddMinutes(ResetPasswordConstants.Validity),
};
var prevAttempts = db.ResetPasswordTokens.Where(x => x.UserId == user.Id && x.Status == ResetPasswordTokenStatus.PendingValidation)
.ToList();
prevAttempts.ForEach((x) => {
x.Status = ResetPasswordTokenStatus.Expired;
});
db.ResetPasswordTokens.UpdateRange(prevAttempts);
db.ResetPasswordTokens.Add(resetPasswordToken);
await db.SaveChangesAsync();
return(new Response <bool>(Constants.SUCCESS_CODE, true, Constants.SUCCESS));
}
catch (Exception e)
{
Serilog.Log.Error(e, Constants.LogTemplates.RESET_PASSWORD_EX, Email);
return(new Response <bool>(Constants.SOMETHING_WRONG_CODE, false, GetExceptionMessage(e)));
}
}
public async Task ResetPassword_WhenCalled_AttemptToSaveUserWithTheNewPasswordExpected()
{
// ARRANGE
var newPassword = "******";
var token = new ResetPasswordToken
{
Token = "the token"
};
_tokenProvider.IsTokenExpired(Arg.Any <string>(), Arg.Any <int>()).Returns(false);
_resetPasswordTokenRepository.SingleOrDefaultAsync(Arg.Any <Expression <Func <ResetPasswordToken, bool> > >())
.Returns(x =>
{
var store = new List <ResetPasswordToken> {
token
};
return(store.Single(x.ArgAt <Expression <Func <ResetPasswordToken, bool> > >(0).Compile()));
});
var user = new User
{
PasswordHash = Encoding.ASCII.GetBytes("the old password hash"),
PasswordSalt = Encoding.ASCII.GetBytes("the old password salt"),
ResetPasswordToken = new ResetPasswordToken()
};
_userRepository.SingleOrDefaultAsync(Arg.Any <Expression <Func <User, bool> > >())
.Returns(x =>
{
var store = new List <User> {
user
};
return(store.Single(x.ArgAt <Expression <Func <User, bool> > >(0).Compile()));
});
User actualUserEntityToSave = null;
_userRepository.When(x => x.Update(Arg.Any <User>())).Do(x => actualUserEntityToSave = x.ArgAt <User>(0));
var computedNewPassword = ComputedPassword.Create(
Encoding.ASCII.GetBytes("the new password hash"), Encoding.ASCII.GetBytes("the new password salt"));
SetPasswordProvider((newPassword, computedNewPassword));
var expectedUserEntityToSave = new User
{
PasswordHash = computedNewPassword.Hash,
PasswordSalt = computedNewPassword.Salt
};
// ACT
await _sut.ResetPassword(token.Token, newPassword);
// ASSERT
actualUserEntityToSave.Should().BeEquivalentTo(expectedUserEntityToSave);
await _unitOfWork.Received().CompleteAsync();
}
public async Task <ResetPasswordToken> ResetPasswordAsync(Utilizer utilizer, string membershipId, string usernameOrEmailAddress)
{
if (string.IsNullOrEmpty(usernameOrEmailAddress))
{
throw ErtisAuthException.ValidationError(new []
{
"Username or email required!"
});
}
var membership = await this.membershipService.GetAsync(membershipId);
if (membership == null)
{
throw ErtisAuthException.MembershipNotFound(membershipId);
}
var user = await this.GetUserWithPasswordAsync(usernameOrEmailAddress, usernameOrEmailAddress, membershipId);
if (user == null)
{
throw ErtisAuthException.UserNotFound(usernameOrEmailAddress, "username or email_address");
}
if (utilizer.Role == Rbac.ReservedRoles.Administrator || utilizer.Id == user.Id)
{
var tokenClaims = new TokenClaims(Guid.NewGuid().ToString(), user, membership);
tokenClaims.AddClaim("token_type", "reset_token");
var resetToken = this.jwtService.GenerateToken(tokenClaims, HashAlgorithms.SHA2_256, Encoding.UTF8);
var resetPasswordToken = new ResetPasswordToken(resetToken, TimeSpan.FromHours(1));
await this.eventService.FireEventAsync(this, new ErtisAuthEvent
{
EventType = ErtisAuthEventType.UserPasswordReset,
UtilizerId = user.Id,
Document = resetPasswordToken,
MembershipId = membershipId
});
return(resetPasswordToken);
}
else
{
throw ErtisAuthException.AccessDenied("Unauthorized access");
}
}
public void DeleteResetPasswordToken(ResetPasswordToken token)
{
using (var transaction = Connection.BeginTransaction())
{
try
{
resetPasswordTokenRepository.Delete(token);
transaction.Commit();
}
catch
{
transaction.Rollback();
throw;
}
}
}
public CompletePasswordResetResponse CompletePasswordReset(CompletePasswordResetRequest request)
{
CompletePasswordResetResponse response = new CompletePasswordResetResponse();
try
{
Common.Helpers.ValidationHelper.ValidateRequiredField(request.Username, "User name");
Common.Helpers.ValidationHelper.ValidateRequiredField(request.Token, "Token");
Common.Helpers.ValidationHelper.ValidateRequiredField(request.NewPassword, "New Password");
Common.Helpers.ValidationHelper.ValidateStringLength(request.NewPassword, "New Password", Constants.MaxPasswordLength);
Common.Helpers.ValidationHelper.ValidateUsername(request.Username);
ValidationHelper.ValidatePassword(request.NewPassword);
ResetPasswordToken token = ResetPasswordToken.FromBytes(EncryptionHelper.DecryptURL(Convert.FromBase64String(request.Token)));
Common.Helpers.ValidationHelper.Assert(token.Username.Equals(request.Username), "Invalid input.");
Common.Helpers.ValidationHelper.Assert(DateTime.Now < token.ExpiresOn, "Password reset request has expired.");
DbContext context = DataController.CreateDbContext();
UserController.ChangePassword(token.Username, request.NewPassword);
}
catch (AuthenticationException ex)
{
throw new WebFaultException <string>(ex.Message, System.Net.HttpStatusCode.BadRequest);
}
catch (Common.Exceptions.ValidationException ex)
{
throw new WebFaultException <string>(ex.Message, System.Net.HttpStatusCode.BadRequest);
}
catch (Exception ex)
{
ExceptionHelper.Log(ex, string.Empty);
throw new WebFaultException <string>("An unknown error has occurred.", System.Net.HttpStatusCode.InternalServerError);
}
return(response);
}
public static void SendPasswordResetEmail(string firstName, string lastName, string emailAddress, string username)
{
DateTime expiresOn = DateTime.UtcNow + Settings.Default.ResetPasswordTokenExpiryInterval;
long random = Common.Helpers.RandomHelper.RandomLong();
ResetPasswordToken token = new ResetPasswordToken(username, expiresOn, random);
string encryptedToken = Convert.ToBase64String(EncryptionHelper.EncryptURL(token.AsBytes()));
string subject = "Initial Round Password Reset";
string recipientName = string.Format("{0} {1}", firstName, lastName);
if (string.IsNullOrWhiteSpace(recipientName))
{
recipientName = username;
}
string resetUri = string.Format("{0}Account/CompletePasswordReset?Token={1}",
CloudConfigurationManager.GetSetting("RootURI"),
HttpUtility.UrlEncode(encryptedToken));
string body = Interpolate(ResetPasswordTemplate,
KeyValue.Of("FullName", recipientName),
KeyValue.Of("ResetURI", resetUri));
Enqueue(new EmailMessage
{
Subject = subject,
Body = body,
Recipient = new EmailRecipient
{
EmailAddress = emailAddress,
FullName = recipientName
},
SendDate = DateTime.UtcNow,
UseHtml = true
});
}
