public async Task <CredentialsValidationResponse> ValidateCredentialsAsync( [FromBody] CredentialsValidationRequest request) { var credentials = await _customerCredentialsService.GetAsync(request.Login); if (credentials == null) { _log.Info("Login not found", request.Login.SanitizeEmail()); return(new CredentialsValidationResponse { Error = CredentialsError.LoginNotFound }); } var isValid = _customerCredentialsService.Validate(credentials, request.Password); if (isValid) { return new CredentialsValidationResponse { CustomerId = credentials.CustomerId } } ; return(new CredentialsValidationResponse { Error = CredentialsError.PasswordMismatch }); }
public async Task <PasswordResetErrorCodes> PasswordResetAsync(string customerEmail, string identifier, string newPassword) { var credentials = await _customerCredentialsService.GetAsync(customerEmail); if (credentials == null) { _log.Info("Customer credentials do not exist", customerEmail.SanitizeEmail()); return(PasswordResetErrorCodes.CustomerDoesNotExist); } var activeIdentifier = await _passwordResetRepository.GetIdentifierAsync(credentials.CustomerId); if (activeIdentifier == null) { return(PasswordResetErrorCodes.ThereIsNoIdentifierForThisCustomer); } if (activeIdentifier.ExpiresAt < DateTime.UtcNow) { return(PasswordResetErrorCodes.ProvidedIdentifierHasExpired); } if (activeIdentifier.Identifier != identifier) { return(PasswordResetErrorCodes.IdentifierMismatch); } var updateTask = _customerCredentialsService.UpdatePasswordAsync(customerEmail, newPassword); var cleanUpTask = ClearAllCallRecordsAsync(credentials.CustomerId); await Task.WhenAll(updateTask, cleanUpTask); await _passwordResetRepository.RemoveAsync(credentials.CustomerId); _log.Info($"Successfully reset the password for {credentials.CustomerId}"); return(PasswordResetErrorCodes.None); }