public async Task <IActionResult> SetPassword([FromBody] SetPasswordInputModel model) { if (ModelState.IsValid) { if (!ApplicationIdIsNullOrValid(model.ApplicationId)) { return((new ActionResponse("Invalid application id", HttpStatusCode.BadRequest)).ToJsonResult()); } var getUserResponse = await _userOrchestrator.GetUserAsync(); if (getUserResponse.HasError) { return(getUserResponse.Status.ToJsonResult()); } var user = getUserResponse.Result; if (!string.IsNullOrEmpty(model.OldPassword)) { var scheckStatus = await _passwordService.CheckPasswordAsync(user.SubjectId, model.OldPassword, PasswordLockMode.TrustedClient); if (scheckStatus.HasError) { return(Unauthenticated("Old password was incorrect, locked, or missing.")); } } else if (!UserSignedInRecentlyEnoughToChangeSecuritySettings()) { return(Unauthenticated("Please reauthenticate to proceed.")); } var status = await _passwordService.SetPasswordAsync(user.SubjectId, model.NewPassword); if (status.IsOk) { await _eventNotificationService.NotifyEventAsync(user.Email, EventType.SetPassword); await _messageService.SendPasswordChangedNoticeAsync(model.ApplicationId, user.Email); return(Ok()); } if (status.PasswordDoesNotMeetStrengthRequirements) { ModelState.AddModelError("NewPassword", "Password does not meet minimum password strength requirements (try something longer)."); } else { ModelState.AddModelError("", "Something went wrong."); } } return(new ActionResponse(ModelState).ToJsonResult()); }
public async Task <ActionResponse> AuthenticatePasswordAsync(AuthenticatePasswordInputModel model) { var user = await _userStore.GetUserByEmailAsync(model.Username); //todo: handle non-email addresses if (user == null) { return(Unauthenticated("The email address or password wasn't right")); } else { var checkPasswordResult = await _passwordService.CheckPasswordAsync(user.SubjectId, model.Password); switch (checkPasswordResult) { case CheckPasswordResult.NotFound: case CheckPasswordResult.PasswordIncorrect: return(Unauthenticated("The email address or password wasn't right")); case CheckPasswordResult.TemporarilyLocked: return(Unauthenticated("Your password is temporarily locked. Use a one time code to sign in.")); case CheckPasswordResult.Success: return(Redirect(ValidatedNextUrl(model.NextUrl))); case CheckPasswordResult.ServiceFailure: default: return(ServerError("Hmm. Something went wrong. Please try again.")); } } }
public async Task <WebStatus> AuthenticatePasswordAsync(AuthenticatePasswordInputModel model) { _logger.LogDebug("Begin password authentication for {0}", model.Username); var genericErrorMessage = _localizer["The username or password wasn't right."]; var userResponse = await _userStore.GetUserByUsernameAsync(model.Username); if (userResponse.HasError) { await _eventNotificationService.NotifyEventAsync(model.Username, EventType.AccountNotFound, nameof(AuthenticatePasswordAsync)); _logger.LogDebug("User not found: {0}", model.Username); return(Unauthenticated(genericErrorMessage)); } var user = userResponse.Result; var trustedBrowserResponse = await _trustedBrowserStore.GetTrustedBrowserAsync(user.SubjectId, _httpContext.Request.GetBrowserId()); var passwordLockMode = trustedBrowserResponse.IsOk ? PasswordLockMode.TrustedClient : PasswordLockMode.UntrustedClient; var checkPasswordStatus = await _passwordService.CheckPasswordAsync(user.SubjectId, model.Password, passwordLockMode); _logger.LogDebug(checkPasswordStatus.Text); if (checkPasswordStatus.IsOk) { await _eventNotificationService.NotifyEventAsync(user.Email, EventType.SignInSuccess, SignInType.Password.ToString()); return(await SignInAndRedirectAsync(SignInMethod.Password, model.Username, model.StaySignedIn, model.NextUrl, null)); } switch (checkPasswordStatus.StatusCode) { case CheckPasswordStatusCode.TemporarilyLocked: return(Unauthenticated(_localizer["Your password is temporarily locked. Use a one time code to sign in."])); case CheckPasswordStatusCode.PasswordIncorrect: case CheckPasswordStatusCode.NotFound: await _eventNotificationService.NotifyEventAsync(user.Email, EventType.SignInFail, $"{SignInType.Password} {checkPasswordStatus.StatusCode}"); return(Unauthenticated(genericErrorMessage)); default: return(ServerError(_localizer["Hmm. Something went wrong. Please try again."])); } }