public async Task <IdentityResult> ChangePasswordFromTokenAsync(int userId, string passwordResetToken, string newPassword) { var user = await this.FindByIdAsync(userId).ConfigureAwait(false); if (user.PasswordResetToken != passwordResetToken || !user.PasswordResetExpiry.HasValue || user.PasswordResetExpiry < DateTime.UtcNow) { return(new IdentityResult("Your password reset token has expired or does not exist")); } var securedPassword = new SecuredPassword(newPassword, _configuration.DefaultHashStrategy); user.HashStrategy = securedPassword.HashStrategy; user.PasswordHash = Convert.ToBase64String(securedPassword.Hash); user.PasswordLastChangedDate = DateTime.UtcNow; user.Salt = Convert.ToBase64String(securedPassword.Salt); user.PasswordResetExpiry = null; user.PasswordResetToken = null; user.FailedLogonAttemptCount = 0; user.UserLogs.Add(new UserLog() { Description = "Password changed using token" }); await this._context.SaveChangesAsync().ConfigureAwait(false); return(new IdentityResult()); }
/// <summary> /// Finds the user from the password, if the password is incorrect then increment the number of failed logon attempts /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <returns></returns> public async Task <LogonResult> FindAndCheckLogonAsync(string userName, string password) { var user = await this.dbContext.User.SingleOrDefaultAsync(u => u.UserName == userName && u.Enabled && u.Approved && u.EmailVerified).ConfigureAwait(false); var logonResult = new LogonResult(); if (user != null) { var securedPassword = new SecuredPassword(Convert.FromBase64String(user.PasswordHash), Convert.FromBase64String(user.Salt)); bool checkFailedLogonAttemptCount = Convert.ToBoolean(ConfigurationManager.AppSettings["AccountManagementCheckFailedLogonAttemptCount"].ToString()); int maximumFailedLogonAttemptCount = Convert.ToInt32(ConfigurationManager.AppSettings["AccountManagementMaximumFailedLogonAttemptCount"].ToString()); if (checkFailedLogonAttemptCount == false || user.FailedLogonAttemptCount < maximumFailedLogonAttemptCount) { if (securedPassword.Verify(password)) { user.FailedLogonAttemptCount = 0; this.dbContext.SaveChanges(); logonResult.Success = true; logonResult.UserName = user.UserName; return(logonResult); } else { user.FailedLogonAttemptCount += 1; logonResult.FailedLogonAttemptCount = user.FailedLogonAttemptCount; user.UserLogs.Add(new UserLog() { Description = "Failed Logon attempt" }); this.dbContext.SaveChanges(); } } } return(logonResult); }
public async Task <int> ChangePasswordAsync(int userId, string currentPassword, string newPassword) { var user = await FindByIdAsync(userId).ConfigureAwait(false); var securePassword = new SecuredPassword(currentPassword, Convert.FromBase64String(user.PasswordHash), Convert.FromBase64String(user.PasswordSalt), user.HashStrategy); if (securePassword.IsValid) { var newPasswordHash = new SecuredPassword(newPassword, _configuration.DefaultHashStrategy); UpdatePreviousPasswordList(user); SetPasswordExpiryStrategy(user); user.PasswordHash = Convert.ToBase64String(newPasswordHash.Hash); user.PasswordLastChangedDateUtc = DateTime.UtcNow; user.PasswordSalt = Convert.ToBase64String(newPasswordHash.Salt); user.HashStrategy = newPasswordHash.HashStrategy; user.PasswordResetExpiryDateUtc = null; user.PasswordResetToken = null; user.FailedLogonAttemptCount = 0; user.UserLogs.Add(new UserLog() { Description = "Password changed" }); } else { return(0); } return(_context.SaveChanges()); }
public bool Equals(SecuredPassword comparison) { if (Hash.SequenceEqual(comparison.Hash) && Salt.SequenceEqual(comparison.Salt)) { return(true); } return(false); }
public async Task <SEIdentityResult> CreateAsync(string userName, string firstName, string lastName, string password, string passwordConfirmation, int securityQuestionLookupItemId, string securityAnswer) { var user = await UserStore.FindByNameAsync(userName); var result = ValidatePassword(password, new List <string>() { firstName, lastName, securityAnswer }); if (result.Succeeded) { if (user == null) { user = new User(); user.UserName = userName; var securedPassword = new SecuredPassword(password); try { user.Approved = Convert.ToBoolean(ConfigurationManager.AppSettings["AccountManagementRegisterAutoApprove"].ToString()); user.EmailConfirmationToken = Guid.NewGuid().ToString().Replace("-", ""); user.EmailVerified = false; user.Enabled = true; user.FirstName = firstName; user.LastName = lastName; user.PasswordHash = Convert.ToBase64String(securedPassword.Hash); user.Salt = Convert.ToBase64String(securedPassword.Salt); user.SecurityQuestionLookupItemId = securityQuestionLookupItemId; user.SecurityAnswer = securityAnswer; user.UserName = userName; user.UserLogs.Add(new UserLog() { Description = "Account Created" }); await UserStore.CreateAsync(user); } catch { return(new SEIdentityResult("An error occurred creating the user, please contact the system administrator")); } return(new SEIdentityResult()); } // TODO: Log duplicate account creation return(new SEIdentityResult("Username already registered")); } else { return(result); } }
/// <summary> /// Finds the user from the password, if the password is incorrect then increment the number of failed logon attempts /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <returns></returns> public async Task <LogonResult> TryLogOnAsync(string userName, string password) { var user = await _context.User .SingleOrDefaultAsync(u => u.UserName == userName && u.Enabled && u.Approved && u.EmailVerified) .ConfigureAwait(false); var logonResult = new LogonResult(); if (user == null) { // Check if the user exists and if not is one of a commonly used set of usernames var userNameExists = await _context.User.SingleOrDefaultAsync(u => u.UserName == userName); if (userNameExists == null) { if (_commonlyUsedUserNames.ToList().Contains(userName)) { logonResult.IsCommonUserName = true; } } } else { var securePassword = new SecuredPassword(password, Convert.FromBase64String(user.PasswordHash), Convert.FromBase64String(user.PasswordSalt), user.HashStrategy); if (_configuration.AccountManagementCheckFailedLogonAttempts == false || user.FailedLogonAttemptCount < _configuration.AccountManagementMaximumFailedLogonAttempts) { if (securePassword.IsValid) { user.FailedLogonAttemptCount = 0; await _context.SaveChangesAsync(); logonResult.MustChangePassword = user.PasswordExpiryDateUtc.HasValue && user.PasswordExpiryDateUtc.Value < DateTime.UtcNow; logonResult.Success = true; logonResult.UserName = user.UserName; return(logonResult); } user.FailedLogonAttemptCount += 1; logonResult.FailedLogonAttemptCount = user.FailedLogonAttemptCount; user.UserLogs.Add(new UserLog { Description = "Failed Logon attempt" }); await _context.SaveChangesAsync(); } } return(logonResult); }
public async Task <int> ChangePasswordAsync(int userId, string currentPassword, string newPassword) { var user = await this.FindByIdAsync(userId).ConfigureAwait(false); var securedPassword = new SecuredPassword(currentPassword); if (securedPassword.Verify(currentPassword)) { user.PasswordHash = Convert.ToBase64String(securedPassword.Hash); user.Salt = Convert.ToBase64String(securedPassword.Salt); } user.UserLogs.Add(new UserLog() { Description = "Password changed" }); return(await this.dbContext.SaveChangesAsync().ConfigureAwait(false)); }
public async Task <IdentityResult> ResetPasswordAsync(int userId, string newPassword, string actioningUserName) { var user = await FindByIdAsync(userId); SecuredPassword securedPassword = new SecuredPassword(newPassword, _configuration.DefaultHashStrategy); UpdatePreviousPasswordList(user); user.HashStrategy = securedPassword.HashStrategy; user.PasswordHash = Convert.ToBase64String(securedPassword.Hash); user.PasswordLastChangedDateUtc = DateTime.UtcNow; user.PasswordSalt = Convert.ToBase64String(securedPassword.Salt); user.PasswordResetExpiryDateUtc = null; user.PasswordResetToken = null; user.FailedLogonAttemptCount = 0; user.PasswordExpiryDateUtc = DateTime.UtcNow; // User must change their password on next logon user.UserLogs.Add(new UserLog { Description = $"User had password reset sent out via email by {actioningUserName}" }); await _context.SaveChangesAsync(); return(IdentityResult.Success); }
public async Task <SEIdentityResult> CreateAsync(string userName, string firstName, string lastName, string password, string passwordConfirmation, int securityQuestionLookupItemId, string securityAnswer) { var user = await _userStore.FindByNameAsync(userName); // Validate security question var securityQuestion = _context.LookupItem.Where(a => a.Id == securityQuestionLookupItemId && a.LookupTypeId == CONSTS.LookupTypeId.SecurityQuestion).FirstOrDefault(); if (securityQuestion == null) { return(new SEIdentityResult("Illegal security question")); } var result = ValidatePassword(password, new List <string>() { firstName, lastName, securityAnswer }); if (result.Succeeded) { if (user == null) { user = new User(); user.UserName = userName; var securedPassword = new SecuredPassword(password, _configuration.DefaultHashStrategy); try { user.Approved = _configuration.AccountManagementRegisterAutoApprove; user.EmailConfirmationToken = Guid.NewGuid().ToString().Replace("-", ""); user.EmailVerified = false; user.Enabled = true; user.FirstName = firstName; user.LastName = lastName; user.PasswordLastChangedDate = DateTime.UtcNow; user.PasswordHash = Convert.ToBase64String(securedPassword.Hash); user.Salt = Convert.ToBase64String(securedPassword.Salt); user.SecurityQuestionLookupItemId = securityQuestionLookupItemId; string encryptedSecurityAnswer = ""; _encryption.Encrypt(_configuration.EncryptionPassword, user.Salt, _configuration.EncryptionIterationCount, securityAnswer, out encryptedSecurityAnswer); user.SecurityAnswer = encryptedSecurityAnswer; user.UserName = userName; user.UserLogs.Add(new UserLog() { Description = "Account Created" }); await _userStore.CreateAsync(user); } catch { return(new SEIdentityResult("An error occurred creating the user, please contact the system administrator")); } return(new SEIdentityResult()); } // TODO: Log duplicate account creation return(new SEIdentityResult("Username already registered")); } else { return(result); } }