public bool ChangePassword(int userId, string userName, string oldPassword, string newPassword) { if (oldPassword == newPassword) { throw new NewPasswordCannotBeAsOneOfOldPasswordsException(); } Users user = GetUserById(userId); if (user == null) { throw new NoEntryFoundException(userId, typeof(Users).Name); } Credentials credentials = CredentialsRepository.FindByUserNameAndUserId(userId, userName); if (credentials == null) { throw new NoEntryFoundException(userId, typeof(Credentials).Name); } bool validPassword = CheckUserPassword(credentials, oldPassword); if (!validPassword) { throw new InvalidPasswordException(); } bool value = CheckForPasswordHistory(userId, credentials.Id, newPassword); if (!value) { return(false); } UserPasswordsHistory history = new UserPasswordsHistory { CredentialsId = credentials.Id, UserId = user.Id, PasswordHash = credentials.PasswordHash, PasswordSalt = credentials.PasswordSalt, ExpiredOn = DateTime.UtcNow }; ArchiveRepository.Add(history); HashedAndSaltedPassword newPasswordHash = PasswordHelper.CryptPassword(newPassword); credentials.PasswordHash = newPasswordHash.PasswordHash; credentials.PasswordSalt = newPasswordHash.PasswordSalt; CredentialsRepository.Update(credentials); return(true); }