public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
if (password.Length < MinRequiredPasswordLength)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
MembershipUser mu = null;
Task <long> dupeUsers = _memberCollection.Find(m => m.UserName.ToLower() == username.ToLower()).CountAsync();
Task <long> dupeEmails = _memberCollection.Find(m => m.EmailAddress.ToLower() == email.ToLower()).CountAsync();
dupeUsers.Wait();
dupeEmails.Wait();
if (dupeUsers.Result > 0)
{
status = MembershipCreateStatus.DuplicateUserName;
}
else if (dupeEmails.Result > 0)
{
status = MembershipCreateStatus.DuplicateEmail;
}
else
{
byte[] salt = new byte[24];
byte[] hash = CalculateHash(password, ref salt);
MongoMember mm = new MongoMember
{
Id = Guid.NewGuid(),
UserName = username,
PassHash = hash,
PassSalt = salt,
EmailAddress = email,
IsApproved = false,
IsLockedOut = false,
CreationDate = DateTime.Now,
LastLoginDate = DateTime.MinValue,
LastActivityDate = DateTime.MinValue,
LastLockoutDate = DateTime.MinValue
};
Task insertTask = _memberCollection.InsertOneAsync(mm);
insertTask.Wait();
if (insertTask.Status == TaskStatus.RanToCompletion)
{
status = MembershipCreateStatus.Success;
mu = new MembershipUser(Name, mm.UserName, mm.Id, mm.EmailAddress, "", "", mm.IsApproved, mm.IsLockedOut, mm.CreationDate, mm.LastLoginDate, mm.LastActivityDate, DateTime.MinValue, mm.LastLockoutDate);
}
else
{
status = MembershipCreateStatus.ProviderError;
}
}
return(mu);
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
bool isAuthenticated = ValidateUser(username, oldPassword);
if (isAuthenticated)
{
Task <MongoMember> task = _memberCollection.Find(m => m.UserName.ToLower() == username.ToLower()).SingleOrDefaultAsync();
task.Wait();
MongoMember mm = task.Result;
if (mm == null)
{
return(false);
}
byte[] salt = new byte[24];
byte[] hash = CalculateHash(newPassword, ref salt);
mm.PassSalt = salt;
mm.PassHash = hash;
Task <ReplaceOneResult> replaceTask = _memberCollection.ReplaceOneAsync(m => m.Id == mm.Id, mm);
replaceTask.Wait();
return(replaceTask.IsCompleted);
}
return(false);
}
public async Task <bool> ValidateUserFromHash(Guid id, string validate)
{
MongoMember mm = await _memberCollection.Find(Builders <MongoMember> .Filter.Eq(u => u.Id, id)).FirstOrDefaultAsync();
if (mm == null)
{
return(false);
}
using (SHA256 sha = SHA256.Create())
{
string content = $"{mm.Id}.{mm.PassSalt}.{ConfigurationManager.AppSettings["data:SecretKey"]}";
byte[] hashBytes = sha.ComputeHash(Encoding.UTF8.GetBytes(content));
string expected = Base32Encoding.ToString(hashBytes);
bool success = string.Equals(expected, validate, StringComparison.InvariantCultureIgnoreCase);
if (success)
{
ChangeApproval(id, true);
}
return(success);
}
}
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
Task <MongoMember> task = _memberCollection.Find(f => f.Id == (Guid)providerUserKey).FirstOrDefaultAsync();
task.Wait();
MongoMember mm = task.Result;
return(mm == null
? null
: new MembershipUser(Name, mm.UserName, mm.Id, mm.EmailAddress, "", "", mm.IsApproved, mm.IsLockedOut, mm.CreationDate, mm.LastLoginDate, mm.LastActivityDate, DateTime.MinValue, mm.LastLockoutDate));
}
public override MembershipUser GetUser(string username, bool userIsOnline)
{
Task <MongoMember> task = _memberCollection.Find(f => f.UserName.ToLower() == username.ToLower()).FirstOrDefaultAsync();
task.Wait();
MongoMember mm = task.Result;
return(mm == null
? null
: new MembershipUser(Name, mm.UserName, mm.Id, mm.EmailAddress, "", "", mm.IsApproved, mm.IsLockedOut, FixupDatesFromMongo(mm.CreationDate), FixupDatesFromMongo(mm.LastLoginDate), FixupDatesFromMongo(mm.LastActivityDate), DateTime.MinValue, FixupDatesFromMongo(mm.LastLockoutDate)));
}
public async Task <string> GenerateValidationHash(Guid id)
{
MongoMember mm = await _memberCollection.Find(Builders <MongoMember> .Filter.Eq(u => u.Id, id)).FirstOrDefaultAsync();
if (mm == null)
{
return(null);
}
using (SHA256 sha = SHA256.Create())
{
string content = $"{mm.Id}.{mm.PassSalt}.{ConfigurationManager.AppSettings["data:SecretKey"]}";
byte[] hashBytes = sha.ComputeHash(Encoding.UTF8.GetBytes(content));
return(Base32Encoding.ToString(hashBytes));
}
}
public override bool ValidateUser(string username, string password)
{
Task <MongoMember> task = _memberCollection.Find(f => f.UserName.ToLower() == username.ToLower()).FirstOrDefaultAsync();
task.Wait();
MongoMember mm = task.Result;
if (mm == null ||
!(mm.IsApproved && !mm.IsLockedOut))
{
return(false);
}
byte[] salt = mm.PassSalt;
byte[] hash = CalculateHash(password, ref salt);
bool isFail = false;
for (int i = 0; i > hash.Length; i++)
{
isFail |= hash[i] != mm.PassHash[i];
}
if (isFail)
{
if (mm.LockoutWindowStart == DateTime.MinValue)
{
mm.LockoutWindowStart = DateTime.Now;
mm.LockoutWindowAttempts = 1;
}
else
{
if (mm.LockoutWindowStart.AddMinutes(PasswordAttemptWindow) > DateTime.Now)
{
// still within window
mm.LockoutWindowAttempts++;
if (mm.LockoutWindowAttempts >= MaxInvalidPasswordAttempts)
{
mm.IsLockedOut = true;
}
}
else
{
// outside of window, reset
mm.LockoutWindowStart = DateTime.Now;
mm.LockoutWindowAttempts = 1;
}
}
}
else
{
mm.LastLoginDate = DateTime.Now;
mm.LockoutWindowStart = DateTime.MinValue;
mm.LockoutWindowAttempts = 0;
}
Task <ReplaceOneResult> updTask = _memberCollection.ReplaceOneAsync(Builders <MongoMember> .Filter.Eq(u => u.Id, mm.Id), mm);
updTask.Wait();
return(!isFail);
}
