Esempio n. 1
0
        public async Task ExecuteAsync(UpdateUnauthenticatedUserPasswordCommand command, IExecutionContext executionContext)
        {
            if (IsLoggedInAlready(command, executionContext))
            {
                throw new Exception("UpdateUnauthenticatedUserPasswordCommand cannot be used when the user is already logged in.");
            }

            await ValidateMaxLoginAttemptsNotExceeded(command, executionContext);

            var userArea = _userAreaRepository.GetByCode(command.UserAreaCode);

            var userLoginInfo = await GetUserLoginInfoAsync(command, executionContext);

            if (userLoginInfo == null)
            {
                var failedLoginLogCommand = new LogFailedLoginAttemptCommand(command.UserAreaCode, command.Username);
                await _commandExecutor.ExecuteAsync(failedLoginLogCommand);

                throw new InvalidCredentialsAuthenticationException(nameof(command.OldPassword));
            }

            var updatePasswordCommand = new UpdateUserPasswordByUserIdCommand()
            {
                UserId      = userLoginInfo.UserId,
                NewPassword = command.NewPassword
            };

            // User is not logged in, so will need to elevate permissions here to change the password.
            var systemExecutionContext = await _executionContextFactory.CreateSystemUserExecutionContextAsync(executionContext);

            await _commandExecutor.ExecuteAsync(updatePasswordCommand, systemExecutionContext);

            // We pass out the userid since we do the auth inside the command and it might be useful to the callee
            command.OutputUserId = userLoginInfo.UserId;
        }
Esempio n. 2
0
        /// <summary>
        /// Logs a failed login attempt. A history of logins is used
        /// to prevent brute force login attacks.
        /// </summary>
        /// <param name="userAreaCode">The code of the user area attempting to be logged into.</param>
        /// <param name="username">The username attempting to be logged in with.</param>
        public void LogFailedLoginAttempt(string userAreaCode, string username)
        {
            var command = new LogFailedLoginAttemptCommand(userAreaCode, username);

            _commandExecutor.Execute(command);
        }
Esempio n. 3
0
 /// <summary>
 /// Logs a failed login attempt. A history of logins is used
 /// to prevent brute force login attacks.
 /// </summary>
 /// <param name="userAreaCode">The code of the user area attempting to be logged into.</param>
 /// <param name="username">The username attempting to be logged in with.</param>
 public async Task LogFailedLoginAttemptAsync(string userAreaCode, string username)
 {
     var command = new LogFailedLoginAttemptCommand(userAreaCode, username);
     await _commandExecutor.ExecuteAsync(command);
 }