public async Task <bool> UpdatePortalUserPassword(string newPassword, string guid) { // validate guid if (string.IsNullOrEmpty(guid)) { Response.IsSuccessful = false; Response.ErrorMessage = "You must provide guid"; return(Response.IsSuccessful); } // validate password if (string.IsNullOrEmpty(newPassword)) { Response.IsSuccessful = false; Response.ErrorMessage = "you must provide user name or password"; return(Response.IsSuccessful); } // get user by guid User user = await userCRUDService.GetByUserGuid(guid); if (user == null || user?.IsSetPasswordAllowed == false) { return(false); } //get hash password byte[] salt = CryptographyHelper.GenerateRandomSalt(); string hashedPassword = CryptographyHelper.HashPassword(newPassword, salt); //update password return(await userCRUDService.UpdatePassword(hashedPassword, guid, salt)); }
public async Task Login(string guid, LoginRequest request = null) { // validate request values if ((string.IsNullOrEmpty(request?.UserName) || string.IsNullOrEmpty(request?.Password)) && string.IsNullOrEmpty(guid)) { Response.IsSuccessful = false; Response.ErrorMessage = "Bad Request"; return; } // check if login by guid or by credentials if (string.IsNullOrEmpty(guid)) { // get user by user name User user = await userCRUDService.GetByUserName(request?.UserName); if (user == null) { Response.IsSuccessful = false; Response.ErrorMessage = "UserName is Incorrect."; return; } // check hashed password by credentails string requestPassword = CryptographyHelper.HashPassword(request.Password, user.SaltPassword); if (user.HashedPassword != requestPassword) { Response.IsSuccessful = false; Response.ErrorMessage = "UserName/Password is Incorrect."; return; } // init login response Response.IsSuccessful = true; loginResponse = new LoginResponse(user.UserId, user.UserName, user.IsAdmin, user.AdminId, user.IsSetPasswordAllowed, user.UserGuid); return; } else { // get user by guid User user = await userCRUDService.GetByUserGuid(guid); if (user == null) { Response.IsSuccessful = false; Response.ErrorMessage = "guid is Incorrect."; return; } // init login resposne Response.IsSuccessful = true; loginResponse = new LoginResponse(user.UserId, user.UserName, user.IsAdmin, user.AdminId, user.IsSetPasswordAllowed, user.UserGuid); return; } }