public SecurityResult ValidatePasswordRequirement(string password) { //1. checks the value if (string.IsNullOrEmpty(password)) { return(SecurityResult.Failed("The password cannot be empty")); } //2. Validate minimum length if (password.Length < _applicationUserSettings.PasswordMinimumLength) { return(SecurityResult.Failed($"The password must be over {_applicationUserSettings.PasswordMinimumLength} characters.")); } //3. At least one lowercase character if (_applicationUserSettings.PasswordRequireLowercase) { Match lowercase = Regex.Match(password, @"^(?=.*[a-z])"); if (!lowercase.Success) { return(SecurityResult.Failed("The password must contain at least one lowercase character.")); } } //4. At least one upper case character if (_applicationUserSettings.PasswordRequireUppercase) { Match uppercase = Regex.Match(password, @"^(?=.*[A-Z])"); if (!uppercase.Success) { return(SecurityResult.Failed("The password must contain at least one uppercase character.")); } } // 3. At least one digit if (_applicationUserSettings.PasswordRequireDigit) { Match digit = Regex.Match(password, @"^(?=.*\d)"); if (!digit.Success) { return(SecurityResult.Failed("The password must contain at least one digit.")); } } // 4. At least one special character if (_applicationUserSettings.PasswordRequireNonAlphanumeric) { Match specialCharacter = Regex.Match(password, @"^(?=.*[^\da-zA-Z])"); if (!specialCharacter.Success) { return(SecurityResult.Failed("The password must contain at least one non-alphanumeric character.")); } } return(SecurityResult.Success); }
public async Task <SecurityResult> ChangePasswordAsync(long userId, string oldPassword, string newPassword) { var user = await FindByIdAsync(userId); if (user == null) { throw new NotFoundException(nameof(ApplicationUser), userId); } if (await VerifyPasswordAsync(user, oldPassword)) { var result = await UpdatePassword(user, newPassword); if (!result.Succeeded) { return(result); } return(await UpdateAsync(user)); } return(SecurityResult.Failed("Password Mismatch")); }