public async Task <bool> ResetPassword(string userId, string token, string newPassword)
{
var user = await database.UserRepository.FindById(userId) ?? throw new EntityNotFoundException("Account does not exist", ErrorCodes.EntityNotFound);
if (UserBlockedSpecification.Create().IsSatisfied(user))
{
throw new BlockException("Your account is blocked");
}
var resetPasswordToken = user.Tokens.FirstOrDefault(t => t.Code == token && t.TokenType == TokenType.ResetPassword)
?? throw new TokenException("Token is invalid");
if (TokenExpirationSpecification.Create().IsSatisfied(resetPasswordToken))
{
throw new TokenException("Token expired", ErrorCodes.TokenExpired);
}
string saltedPasswordHash = string.Empty;
var passwordSalt = hashGenerator.CreateSalt();
hashGenerator.GenerateHash(newPassword, passwordSalt, out saltedPasswordHash);
user.SetPassword(saltedPasswordHash, passwordSalt);
if (await database.Complete())
{
user.Tokens.Remove(resetPasswordToken);
return(await database.Complete());
}
return(false);
}
public async Task <bool> VerifyResetPasswordToken(string userId, string token)
{
var user = await database.UserRepository.FindById(userId) ?? throw new EntityNotFoundException("Account does not exist", ErrorCodes.EntityNotFound);
if (UserBlockedSpecification.Create().IsSatisfied(user))
{
throw new BlockException("Your account is blocked");
}
var resetPasswordToken = user.Tokens.FirstOrDefault(t => t.Code == token && t.TokenType == TokenType.ResetPassword)
?? throw new TokenException("Token is invalid");
if (TokenExpirationSpecification.Create().IsSatisfied(resetPasswordToken))
{
throw new TokenException("Token expired", ErrorCodes.TokenExpired);
}
return(true);
}