protected virtual bool IsVerificationKeyStale(UserAccount account)
{
if (account.VerificationKeySent == null)
{
return(true);
}
return(account.VerificationKeySent < UtcNow.Subtract(_settings.Auth.VerificationKeyLifetime));
}
protected internal virtual bool HasTooManyRecentPasswordFailures(int failedLoginCount, TimeSpan lockoutDuration)
{
if (failedLoginCount <= 0)
{
throw new ArgumentException("failedLoginCount");
}
if (failedLoginCount <= FailedLoginCount)
{
return(LastFailedLogin >= UtcNow.Subtract(lockoutDuration));
}
return(false);
}
public bool ValidateTimeLimits(ElectricityReading electricityReading, PanelType panelType)
{
switch (panelType)
{
case PanelType.Regular when DateTime.UtcNow.Subtract(electricityReading.ReadingDateTime).Hours >= 1:
case PanelType.Limited when DateTime.UtcNow.Subtract(electricityReading.ReadingDateTime).Days >= 1 &&
electricityReading.KiloWatt < 5:
case PanelType.Ultimate
when DateTime.UtcNow.Subtract(electricityReading.ReadingDateTime).Minutes >= 1 &&
electricityReading.KiloWatt >= 5:
return(true);
default:
return(false);
}
}
public async Task ResetPasswordFromSecretQuestionAndAnswerAsync(Guid accountGuid, PasswordResetQuestionAnswer[] answers)
{
_logger.LogInformation(GetLogMessage($"called: {accountGuid}"));
if (answers == null || answers.Length == 0 || answers.Any(x => string.IsNullOrWhiteSpace(x.Answer)))
{
_logger.LogError(GetLogMessage("failed -- no answers"));
throw new ValidationException(GetValidationMessage(UserAccountConstants.ValidationMessages.SecretAnswerRequired));
}
var account = await GetByGuidAsync(accountGuid, x => x.PasswordResetSecretCollection);
if (account == null)
{
_logger.LogError(GetLogMessage("failed -- invalid account id"));
throw new Exception("Invalid Account ID");
}
if (string.IsNullOrWhiteSpace(account.Email))
{
_logger.LogError(GetLogMessage("no email to use for password reset"));
throw new ValidationException(GetValidationMessage(UserAccountConstants.ValidationMessages.PasswordResetErrorNoEmail));
}
if (!account.PasswordResetSecretCollection.Any())
{
_logger.LogError(GetLogMessage("failed -- account not configured for secret question/answer"));
throw new ValidationException(GetValidationMessage(UserAccountConstants.ValidationMessages.AccountNotConfiguredWithSecretQuestion));
}
if (account.FailedPasswordResetCount >= Settings.AccountLockoutFailedLoginAttempts &&
account.LastFailedPasswordReset >= UtcNow.Subtract(Settings.AccountLockoutDuration))
{
account.FailedPasswordResetCount++;
AddEvent(new PasswordResetFailedEvent {
Account = account
});
Update(account, true);
_logger.LogError(GetLogMessage("failed -- too many failed password reset attempts"));
throw new ValidationException(GetValidationMessage(UserAccountConstants.ValidationMessages.InvalidQuestionOrAnswer));
}
var secrets = account.PasswordResetSecretCollection.ToArray();
var failed = false;
foreach (var answer in answers)
{
var secret = secrets.SingleOrDefault(x => x.Guid == answer.QuestionId);
if (secret != null && _crypto.VerifyHash(answer.Answer, secret.Answer))
{
continue;
}
_logger.LogError(GetLogMessage($"failed on question id: {answer.QuestionId}"));
failed = true;
}
if (failed)
{
account.LastFailedPasswordReset = UtcNow;
if (account.FailedPasswordResetCount <= 0)
{
account.FailedPasswordResetCount = 1;
}
else
{
account.FailedPasswordResetCount++;
}
AddEvent(new PasswordResetFailedEvent {
Account = account
});
}
else
{
_logger.LogTrace(GetLogMessage("success"));
account.LastFailedPasswordReset = null;
account.FailedPasswordResetCount = 0;
ResetPassword(account);
}
Update(account, true);
if (failed)
{
throw new ValidationException(GetValidationMessage(UserAccountConstants.ValidationMessages.InvalidQuestionOrAnswer));
}
}
