public static void SendInvitationEmail(Guid interviewId, string username) { DbContext context = DataController.CreateDbContext(); var interviewInfo = context.Interviews .Where(i => i.ID == interviewId) .Select(interview => new { Interview = interview, Applicant = new { FirstName = interview.Applicant.FirstName, LastName = interview.Applicant.LastName, EmailAddress = interview.Applicant.EmailAddress } }) .FirstOrDefault(); var userInfo = context.Users .Where(u => u.ID == username) .Select(u => new { FirstName = u.FirstName, LastName = u.LastName, EmailAddress = u.EmailAddress }).FirstOrDefault(); EmailController.SendInvitationEmail( interviewInfo.Applicant.FirstName, interviewInfo.Applicant.LastName, interviewInfo.Applicant.EmailAddress, userInfo.FirstName, userInfo.LastName, userInfo.EmailAddress, interviewId); }
public static void CreateUser(string username, string password, string emailAddress, string firstName, string lastName, AuthToken token, bool isAdmin) { if (!token.IsAdmin) { throw new AuthenticationException("Admin must perform this action"); } DbContext context = DataController.CreateDbContext(); if (UserExists(username)) { throw new AuthenticationException("Username is taken."); } if (EmailAddressExists(emailAddress)) { throw new AuthenticationException("Email address is already in use."); } CreateUser(context, username, password, emailAddress, firstName, lastName, isAdmin); context.SaveChanges(); EmailController.SendNewUserEmail(firstName, lastName, username, emailAddress); }
public static void UpdateUser(string username, string firstName, string lastName, string emailAddress, AuthToken token) { if (!token.IsAdmin) { throw new AuthenticationException("Admin must perform this action"); } DbContext context = DataController.CreateDbContext(); User user = context.Users.FirstOrDefault(u => u.ID == username); if (user == null) { throw new AuthenticationException("User does not exist!"); } if (EmailAddressExists(emailAddress, username)) { throw new AuthenticationException("Email address is already in use"); } user.FirstName = firstName; user.LastName = lastName; user.EmailAddress = emailAddress; context.SaveChanges(); }
public static void SendPasswordResetEmail(string username) { DbContext context = DataController.CreateDbContext(); var userInfo = (from user in context.Users where user.ID == username select new { user.FirstName, user.LastName, user.EmailAddress, UserName = user.ID }).FirstOrDefault(); if (userInfo == null) { throw new AuthenticationException("User not found."); } EmailController.SendPasswordResetEmail( userInfo.FirstName, userInfo.LastName, userInfo.EmailAddress, userInfo.UserName); }
public static AuthToken ValidateUser(string username, string password, bool requireActiveAccount) { DbContext context = DataController.CreateDbContext(); User user = context.Users.FirstOrDefault(u => u.ID == username); if (user == null) { throw new AuthenticationException("Invalid login."); } if (DateTime.UtcNow - user.LastLoginDate < Settings.Default.MinTimeBetweenLoginAttempts) { throw new AuthenticationException(string.Format("Please wait at least {0} seconds between login attempts.", Settings.Default.MinTimeBetweenLoginAttempts.Seconds)); } if (DateTime.UtcNow - user.LastLoginDate < Settings.Default.AccountLockDuration && user.LoginAttempts > Settings.Default.MaxLoginAttempts) { throw new AuthenticationException(string.Format("Your account has been locked for {0} minutes due to too many incorrect login attempts.", Settings.Default.AccountLockDuration.Minutes)); } byte[] passwordHash = user.PasswordHash; byte[] computedHash = SaltAndHashPassword(password, user.PasswordSalt); bool isValid = Enumerable.SequenceEqual(computedHash, passwordHash); user.LastLoginDate = DateTime.UtcNow; AuthToken token = null; if (isValid) { DateTime expiresOn = DateTime.UtcNow + Settings.Default.SessionExpiryInterval; token = new AuthToken(username, GetCallerIPAddress(), expiresOn, user.IsAdmin, Common.Helpers.RandomHelper.RandomLong()); user.LoginAttempts = 0; context.SaveChanges(); } else { user.LoginAttempts++; context.SaveChanges(); if (user.LoginAttempts < Settings.Default.MaxLoginAttempts) { throw new AuthenticationException("Invalid login."); } else { throw new AuthenticationException(string.Format("Your account has been locked for {0} minutes due to too many incorrect login attempts.", Settings.Default.AccountLockDuration.Minutes)); } } return(token); }
public static void ChangePassword(string username, string newPassword) { DbContext context = DataController.CreateDbContext(); User user = context.Users.FirstOrDefault(u => u.ID == username); if (user == null) { throw new AuthenticationException("User does not exist!"); } ChangePassword(context, user, newPassword); }
private static bool EmailAddressExists(string emailAddress, string username = null) { DbContext context = DataController.CreateDbContext(); if (username == null) { return(context.Users.Any(u => u.EmailAddress == emailAddress)); } else { return(context.Users.Any(u => u.ID != username && u.EmailAddress == emailAddress)); } }
public static void ChangePassword(string username, string oldPassword, string newPassword) { DbContext context = DataController.CreateDbContext(); User user = context.Users.FirstOrDefault(u => u.ID == username); if (user == null) { throw new AuthenticationException("User does not exist!"); } byte[] passwordHash = user.PasswordHash; byte[] computedHash = SaltAndHashPassword(oldPassword, user.PasswordSalt); if (!Enumerable.SequenceEqual(computedHash, passwordHash)) { throw new AuthenticationException("Old password is incorrect."); } ChangePassword(context, user, newPassword); }
public static void DeleteUser(string username, AuthToken token) { if (!token.IsAdmin) { throw new AuthenticationException("Admin must perform this action"); } DbContext context = DataController.CreateDbContext(); User user = context.Users.FirstOrDefault(u => u.ID == username); if (user == null) { throw new AuthenticationException("User does not exist!"); } if (user.IsAdmin) { throw new AuthenticationException("Cannot delete the admin user!"); } context.Users.Remove(user); context.SaveChanges(); }
private static bool UserExists(string username) { DbContext context = DataController.CreateDbContext(); return(context.Users.Any(u => u.ID == username)); }