public void ChangePassword(int userId, string oldPasswordValue, string newPasswordValue)
{
var user = _userManager.GetUserById(userId);
var oldPassword = user.Credentials.Passwords.First(p => p.IsActive);
if (oldPassword.Value != oldPasswordValue)
{
throw new OldPasswordWrongException("Old password is wrong");
}
if (_passwordPolicy.SatisfiesPolicy(user, newPasswordValue))
{
throw new NewPasswordDoesNotApplyPolicyException("New password does not apply password policy.");
}
var newPassword = new Password();
newPassword.Value = _passwordHasher.GetHash(newPasswordValue);
newPassword.ExpirationDate = DateTimeOffset.Now.AddYears(1);
newPassword.Credentials = user.Credentials;
newPassword.IsActive = true;
user.Credentials.Passwords.Add(newPassword);
oldPassword.IsActive = false;
_userManager.UpdateUser();
}
public void RecoverPassword(string newPasswordValue, string codeValue)
{
_confirmationCodeService.ValidateCode(codeValue);
var user = _confirmationCodeService.GetRelatedUser(codeValue);
if (_passwordPolicy.SatisfiesPolicy(user, newPasswordValue))
{
newPasswordValue = _passwordHasher.GetHash(newPasswordValue);
user.UpdatePassword(newPasswordValue);
_confirmationCodeService.DeactivateCode(codeValue);
}
}
public void RecoverPassword(string newPasswordValue, string codeValue)
{
_confirmationCodeService.ValidateCode(codeValue, Models.ConfirmationCodeType.PasswordRecovery);
var user = _confirmationCodeService.GetRelatedUser(codeValue);
if (!_passwordPolicy.SatisfiesPolicy(user, newPasswordValue))
{
throw new PasswordDoesNotSatisfyPolicyException("Password does not satisfy policy.");
}
newPasswordValue = _passwordHasher.GetHash(newPasswordValue);
user.UpdatePassword(newPasswordValue);
_confirmationCodeService.DeactivateCode(codeValue);
}
