Esempio n. 1
0
        public bool ValidateUser(string userNameOrEmail, string password, out User foundUser)
        {
            logger.Log(LogLevel.Info, "Validating User");

            CryptoService cryptoService = new CryptoService();
            if (string.IsNullOrEmpty(userNameOrEmail))
            {
                throw CreateArgumentNullOrEmptyException("userNameOrEmail");
            }
            if (string.IsNullOrEmpty(password))
            {
                throw CreateArgumentNullOrEmptyException("password");
            }

            User user = null;

            user = _ctx.Users
                .Include("PaymentAccounts")
                .FirstOrDefault(Usr => Usr.UserName == userNameOrEmail);

            if (user == null)
            {
                logger.Log(LogLevel.Warn, "Unable to find user by user name. Check email address.");
                user = _ctx.Users
                    .Include("PaymentAccounts")
                    .FirstOrDefault(Usr => Usr.EmailAddress == userNameOrEmail);
            }
            if (user == null)
            {
                logger.Log(LogLevel.Warn, "Unable to find user by email address. Check mobile number.");
                user = _ctx.Users
                    .Include("PaymentAccounts")
                    .FirstOrDefault(Usr => Usr.MobileNumber == userNameOrEmail);
            }
            if (user == null)
            {
                logger.Log(LogLevel.Warn, "Unable to find user by user name.");
                foundUser = null;
                return false;
            }
            //if (!user.IsConfirmed)
            //{
            //    foundUser = null;
            //    return false;
            //}
            var hashedPassword = securityService.Encrypt(password);
            logger.Log(LogLevel.Info, "Verifying Hashed Passwords");

            bool verificationSucceeded = false;

            try
            {
                logger.Log(LogLevel.Info, string.Format("Passwords {0} {1}", user.Password, hashedPassword));
                verificationSucceeded = (hashedPassword != null && hashedPassword.Equals(user.Password));

            }
            catch (Exception ex)
            {
                logger.Log(LogLevel.Info, String.Format("Exception Verifying Password Hash {0}", ex.Message));
            }

            logger.Log(LogLevel.Info, String.Format("Verifying Results {0}", verificationSucceeded.ToString()));

            if (verificationSucceeded)
            {
                user.PasswordFailuresSinceLastSuccess = 0;
            }
            else
            {
                int failures = user.PasswordFailuresSinceLastSuccess;
                if (failures != -1)
                {
                    user.PasswordFailuresSinceLastSuccess += 1;
                    user.LastPasswordFailureDate = DateTime.UtcNow;
                }
            }
            _ctx.SaveChanges();

            if (verificationSucceeded)
            {
                foundUser = user;
                return true;
            }
            else
            {
                foundUser = null;
                return false;
            }
        }