/// <summary> /// Updates user password and is validated by a reset token. /// Throws InvalidTokenException if token is invalid. /// </summary> /// <param name="user"></param> /// <param name="token"></param> /// <param name="newPassword"></param> public IdentityResult ChangePasswordWithToken(ApplicationUser user, string token, string newPassword) { User entity = DB.db.Users.FirstOrDefault(x => x.Id == user.UserId); // check if token mathes and is not expired. if (token != entity.ResetToken || entity.ResetTokenExpire < DateTime.Now) { return(new IdentityResult("Invalid token.")); } // check if the password was already used. List <string> previousPasswords = entity.PasswordHistories.Select(x => x.Password).ToList(); if (previousPasswords.Any(x => PasswordManager.ValidatePassword(newPassword, x))) { return(new IdentityResult("Cannot use previous password.")); } entity.Password = PasswordManager.HashPassword(newPassword); entity.PasswordHistories.Add(new PasswordHistory { Password = entity.Password, CreateDate = DateTime.Now }); entity.ResetToken = null; entity.ResetTokenExpire = null; DB.SaveChanges(); return(IdentityResult.Success); }
/// <summary> /// Finds user by username and password /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <returns></returns> public override Task <ApplicationUser> FindAsync(string userName, string password) { ApplicationUser user = _store.FindUserByUsername(userName); // if passwords dont match or user is not found then return null. if (user == null || !PasswordManager.ValidatePassword(password, user.PasswordHash)) { return(Task.FromResult <ApplicationUser>(null)); } return(Task.Factory.StartNew(() => user)); }
/// <summary> /// Updates user password but requires old password fo verification. /// Throws InvalidPasswordException if old password verification is not valid. /// </summary> /// <param name="user"></param> /// <param name="currentPassword"></param> /// <param name="newPassword"></param> public IdentityResult ChangePassword(ApplicationUser user, string currentPassword, string newPassword) { User entity = DB.db.Users.FirstOrDefault(x => x.Id == user.UserId); if (!PasswordManager.ValidatePassword(currentPassword, entity.Password)) { return(new IdentityResult("Inccorect current password")); } // check if the password was already used. List <string> previousPasswords = entity.PasswordHistories.Select(x => x.Password).ToList(); if (previousPasswords.Any(x => PasswordManager.ValidatePassword(newPassword, x))) { return(new IdentityResult("Cannot use previous password.")); } entity.Password = PasswordManager.HashPassword(newPassword); DB.SaveChanges(); return(IdentityResult.Success); }