public async Task <bool> ChangePasswordAsync(string oldPassword, string newPassword, int userId)
{
var existing = await _usersRepository.GetUserByIdAsync(userId);
if (existing == null)
{
throw new Exception("User does not exists");
}
if (PasswordHelpers.GenerateHashForSaltAndPassword(existing.Salt, oldPassword) != existing.PasswordHash)
{
throw new Exception("Old password is not valid");
}
if (!PasswordHelpers.IsValidPassword(newPassword, new PasswordRequirements()))
{
throw new Exception("Password doesn't meet requirements");
}
string salt;
string passwordHash;
PasswordHelpers.GenerateSaltAndHash(newPassword, out salt, out passwordHash);
return(await _usersRepository.ChangePasswordAsync(userId, passwordHash, salt));
}
internal async Task <bool> VerifyPassword(COHUserStore store, COHApplicationUser user, string password)
{
var hash = await store.GetPasswordHashAsync(user);
var verify = PasswordHelpers.GenerateHashForSaltAndPassword(user.Salt, password);
return(hash == verify);
}