private async Task AssertMemberPasswordMatches(Guid?memberId, string password, string message)
{
if (memberId == null)
{
throw new OdkServiceException(message);
}
MemberPassword memberPassword = await _memberRepository.GetMemberPassword(memberId.Value);
if (memberPassword == null)
{
throw new OdkServiceException(message);
}
if (string.IsNullOrWhiteSpace(memberPassword.Password))
{
message = "Please use the forgotten password feature to reset your password. " +
"The website has been moved to a new system. " +
"Your password is stored securely and could not be moved across with the rest of your data.";
throw new OdkServiceException(message);
}
if (PasswordHasher.ComputeHash(password, memberPassword.Salt) != memberPassword.Password)
{
throw new OdkServiceException(message);
}
}
public async Task UpdateMemberPassword(MemberPassword password)
{
await Context
.Update <MemberPassword>()
.Set(x => x.Password, password.Password)
.Set(x => x.Salt, password.Salt)
.Where(x => x.MemberId).EqualTo(password.MemberId)
.ExecuteAsync();
}
public IHttpActionResult ChangePassword(ChangePasswordRequest request)
{
var response = new ChangePasswordResponse();
try
{
var isValidRequest = false;
var memberId = request.GetMemberId();
var member = MembershipAdapter.GetMember(memberId);
if (request.IsValidModel())
{
if (!request.PasswordsMatch())
{
request.AddError("Password", "Passwords do not match");
}
}
if (member.Authenticate(request.CurrentPassword))
{
if (!request.HasErrors())
{
isValidRequest = true;
}
}
else
{
request.AddError("Current password", "Current password is invalid");
}
if (isValidRequest)
{
var memberPassword = new MemberPassword();
memberPassword.MemberId = member.Id;
memberPassword.InitializePassword(request.Password);
memberPassword = MembershipAdapter.UpdatePassword(memberPassword);
var email = new ChangePasswordEmail
{
DomainName = ConfigHelper.DomainName,
DomainBaseUrl = ConfigHelper.DomainBaseUrl,
Alias = member.Profile.Alias
};
var emailBuilder = new EmailBuilder(EmailReference.HTML.Templates.Main, EmailReference.HTML.Contents.ChangePassword);
var emailBody = emailBuilder.BuildBody<ChangePasswordEmail>(email);
var emailResult = EmailHelper.SendEmail(ConfigHelper.NoReplayEmailAddress,
ConfigHelper.DomainName,
member.Email,
member.Profile.Alias,
email.Subject,
emailBody,
true);
if (emailResult)
{
response.IsSuccessful = true;
response.StatusMessage = "Password update succeeded";
}
}
else
{
response.IsSuccessful = false;
response.StatusMessage = "Password update was unsuccessful";
response.Errors.AddRange(request.GetErrors());
}
}
catch (Exception ex)
{
request.CurrentPassword = string.Empty;
request.Password = string.Empty;
request.PasswordConfirm = string.Empty;
this.Log<ChangePasswordRequest>(LogCategories.Error, request, ex.Message);
response.IsSuccessful = false;
response.StatusMessage = this.StatusMessageForExpection;
response.Errors.Add(ex.Message);
}
return Ok(response);
}
public IHttpActionResult ResetPasswordToken(ResetPasswordRequest request)
{
var response = new SignInResponse();
try
{
var isValidRequest = false;
var memberId = request.GetMemberId();
var member = MembershipAdapter.GetMember(request.Token);
if (request.IsValidModel())
{
if (!request.PasswordsMatch())
{
request.AddError("Password", "Passwords do not match");
}
else
{
if (member.Exists())
{
if (memberId == member.Id)
{
if (member.HasTokens())
{
if (member.Tokens.ElementAt(0).IsValid(TokenTypes.PasswordReset))
{
isValidRequest = true;
}
}
}
}
}
}
if (isValidRequest)
{
var memberPassword = new MemberPassword();
memberPassword.MemberId = member.Id;
memberPassword.InitializePassword(request.Password);
MembershipAdapter.UpdatePassword(memberPassword);
var memberToken = new MemberToken
{
Token = member.Tokens.ElementAt(0).Token,
MemberId = member.Id,
TokenType = member.Tokens.ElementAt(0).TokenType,
ExpirationDate = member.Tokens.ElementAt(0).ExpirationDate,
ConfirmedDate = DateTime.Now.ToUniversalTime(),
RequestDate = member.Tokens.ElementAt(0).RequestDate
};
MembershipAdapter.UpdateToken(memberToken);
response.MemberId = member.Id.ToString();
response.Alias = member.Profile.Alias;
response.IsActive = member.IsActive;
response.IsAdmin = member.IsAdmin;
var email = new ResetPasswordEmail
{
DomainName = ConfigHelper.DomainName,
DomainBaseUrl = ConfigHelper.DomainBaseUrl,
Alias = member.Profile.Alias
};
var emailBuilder = new EmailBuilder(EmailReference.HTML.Templates.Main, EmailReference.HTML.Contents.ResetPassword);
var emailBody = emailBuilder.BuildBody<ResetPasswordEmail>(email);
var emailResult = EmailHelper.SendEmail(ConfigHelper.NoReplayEmailAddress,
ConfigHelper.DomainName,
member.Email,
member.Profile.Alias,
email.Subject,
emailBody,
true);
if (emailResult)
{
response.IsSuccessful = true;
response.StatusMessage = "Reset password succeeded";
}
}
else
{
response.IsSuccessful = false;
response.StatusMessage = "Reset password was unsuccessful";
response.Errors.AddRange(request.GetErrors());
}
}
catch (Exception ex)
{
request.Password = string.Empty;
request.PasswordConfirm = string.Empty;
this.Log<ResetPasswordRequest>(LogCategories.Error, request, ex.Message);
response.IsSuccessful = false;
response.StatusMessage = this.StatusMessageForExpection;
response.Errors.Add(ex.Message);
}
return Ok(response);
}
public MemberPassword UpdatePassword(MemberPassword memberPassword)
{
using (context = new DomainContext())
{
var memberIdVariable = "@memberId";
var saltValueVariable = "@saltValue";
var passwordVariable = "@password";
var command = string.Format("exec UpdatePassword {0}, {1}, {2}",
memberIdVariable,
saltValueVariable,
passwordVariable);
var memberId = new SqlParameter(memberIdVariable, memberPassword.MemberId);
var saltValue = new SqlParameter(saltValueVariable, memberPassword.SaltValue);
var password = new SqlParameter(passwordVariable, memberPassword.Password);
context.Database.ExecuteSqlCommand(command, memberId, saltValue, password);
}
return memberPassword;
}