public OperationStatus Login(string userName, string password) { try { using (var unitOfWork = unitOfWorkFactory.CreateUnitOfWork()) { var personLoginQueryable = unitOfWork.PersonLogins.GetQueryable().Where(p => p.LoginID == userName); if (personLoginQueryable.Any()) { var personLogin = personLoginQueryable.First(); var generatedHashedPassword = PasswordUtils.GenerateHashedPassword(password, personLogin.Salt); if (generatedHashedPassword == personLogin.HashedPassword) { return new OperationStatus { Success = true, Data = personLoginQueryable.First().PersonID } } ; else { return new OperationStatus { Success = false, Messages = new List <string> { "Invalid username/password" } } }; } else { return(new OperationStatus { Success = false, Messages = new List <string> { "Invalid username/password" } }); } } } catch (Exception ex) { return(OperationStatus.CreateFromException("Error with login.", ex)); } }
public OperationStatus Enroll(EnrollmentRequest enrollmentRequest) { try { using (var unitOfWork = unitOfWorkFactory.CreateUnitOfWork()) { // Verify that the provided enrollment data matches a person in the system var personQueryable = unitOfWork.Persons.GetQueryable() .Where(p => p.LastName == enrollmentRequest.LastName && p.Accounts.Any(a => a.Account.AccountNumber == enrollmentRequest.AccountNumber)); if (personQueryable.Any()) { var person = personQueryable.First(); // Verify that the person does not already have an account var personLoginQueryable = unitOfWork.PersonLogins.GetQueryable() .Where(p => p.PersonID == person.PersonID); if (personLoginQueryable.Any()) { return(new OperationStatus { Success = false, Messages = new List <string> { "The holder of this account is already registered in the system." } }); } else { // Verify that the username is not already used personLoginQueryable = unitOfWork.PersonLogins.GetQueryable() .Where(p => p.LoginID.ToLower() == enrollmentRequest.Username.ToLower()); if (personLoginQueryable.Any()) { return(new OperationStatus { Success = false, Messages = new List <string> { "The username is already in use." } }); } else { var passwordValidationStatus = PasswordUtils.ValidatePassword(enrollmentRequest.Password); if (passwordValidationStatus.Success) { var personLogin = new PersonLogin(); personLogin.PersonID = person.PersonID; personLogin.LoginID = enrollmentRequest.Username; // The stored password will be a hash based on a salt and the password provided var salt = PasswordUtils.CreateSalt(PASSWORD_SALT_SIZE); personLogin.Salt = salt; personLogin.HashedPassword = PasswordUtils.GenerateHashedPassword(enrollmentRequest.Password, salt); unitOfWork.PersonLogins.Add(personLogin); unitOfWork.Commit(); return(new OperationStatus { Success = true }); } else { return(passwordValidationStatus); } } } } else { return(new OperationStatus { Success = false, Messages = new List <string> { "There is no one in the system that matches the information provided" } }); } } } catch (Exception e) { return(OperationStatus.CreateFromException("Error deleting person.", e)); } }
public OperationStatus UpdatePassword(string user, string oldPassword, string newPassword) { try { using (var unitOfWork = unitOfWorkFactory.CreateUnitOfWork()) { var personLoginQueryable = unitOfWork.PersonLogins.GetQueryable().Where(p => p.LoginID == user); if (personLoginQueryable.Any()) { // Validate the old password var personLogin = personLoginQueryable.First(); var generatedHashedPassword = PasswordUtils.GenerateHashedPassword(oldPassword, personLogin.Salt); if (generatedHashedPassword == personLogin.HashedPassword) { // Now verify that the new password meet the criteria for valid passwords var passwordValidationStatus = PasswordUtils.ValidatePassword(newPassword); if (passwordValidationStatus.Success) { // Now generate a salt and hash for the new password var salt = PasswordUtils.CreateSalt(PASSWORD_SALT_SIZE); personLogin.Salt = salt; personLogin.HashedPassword = PasswordUtils.GenerateHashedPassword(newPassword, salt); unitOfWork.PersonLogins.Update(personLogin); unitOfWork.Commit(); return(new OperationStatus { Success = true }); } else { return(passwordValidationStatus); } } else { return(new OperationStatus { Success = false, Messages = new List <string> { "The old password provided is not correct" } }); } } else { return(new OperationStatus { Success = false, Messages = new List <string> { "The username provided does not match a user in the system" } }); } } } catch (Exception e) { return(OperationStatus.CreateFromException("Error deleting person.", e)); } }