public async Task <IActionResult> ChangePasswordAsync([FromBody] ChangePasswordBindingModel collection) { Log.Debug($"ChangePassword => {JsonConvert.SerializeObject(collection)}"); try { if (string.IsNullOrEmpty(collection?.Password) || string.IsNullOrEmpty(collection.NewPassword) || string.IsNullOrEmpty(collection.ConfirmPassword)) { return(BadRequest(_localizer[DataTransferer.DefectivePassword().Message])); } if (collection.NewPassword != collection.ConfirmPassword) { return(BadRequest(_localizer[DataTransferer.PasswordsMissmatch().Message])); } var account = await _accountService.FirstAsync(new AccountGetFirstSchema { Id = CurrentAccount.Id }).ConfigureAwait(true); if (account == null) { return(BadRequest(_localizer[DataTransferer.UserNotFound().Message])); } if (_cryptograph.IsEqual(collection.Password, account.Password)) { await _accountService.UpdateAsync(new AccountUpdateSchema { Id = account.Id.Value, Password = _cryptograph.RNG(collection.NewPassword) }).ConfigureAwait(false); return(Ok(_localizer[DataTransferer.PasswordChanged().Message])); } else { return(Unauthorized(_localizer[DataTransferer.WrongPassword().Message])); } } catch (Exception ex) { Log.Error(ex, ex.Source); return(Problem(_localizer[DataTransferer.SomethingWentWrong().Message])); } }
public async Task <IServiceResult> ExternalSigninAsync(ExternalUserBindingModel externalUser, AccountProfileResult accountProfile) { if (accountProfile == null && accountProfile.AccountId.HasValue) { return(DataTransferer.DefectiveEntry()); } if (accountProfile.StatusId != Status.Active) { return(DataTransferer.UserIsNotActive()); } var now = DateTime.UtcNow; var accountQuery = new AccountGetFirstSchema { Id = accountProfile.AccountId, StatusId = Status.Active.ToInt() }; var account = await FirstAsync(accountQuery); if (account == null) { return(DataTransferer.UserNotFound()); } // todo: check the account using (var transaction = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled)) { try { var accountDeviceQuery = new AccountDeviceGetFirstSchema { AccountId = account.Id, DeviceId = externalUser.DeviceId }; var accountDevice = await _accountDeviceService.FirstAsync(accountDeviceQuery); if (accountDevice == null) { return(DataTransferer.DeviceIdNotFound()); } int deviceId; if (accountDevice != null) { deviceId = accountDevice.Id.Value; // set a new token await _accountDeviceService.UpdateAsync(new AccountDeviceUpdateSchema { Id = accountDevice.Id.Value }); } else { // create new device for account deviceId = await _accountDeviceService.AddAsync(new AccountDeviceAddSchema { AccountId = account.Id, DeviceId = externalUser.DeviceId, DeviceName = externalUser.DeviceName, DeviceType = externalUser.DeviceType, CreatedAt = now, StatusId = Status.Active.ToInt() }); } // clean forgot password tokens //account.Id.Value, transaction await _accountProfileService.CleanForgotPasswordTokensAsync(account.Id.Value); //if(accountProfileCleanTokens.StatusCode != 200) { // Log.Error($"Can't update 'ForgotPasswordTokens' to NULL for AccountId={account.Id}"); // return DataTransferer.SomethingWentWrong(); //} // set last signed in at var accountUpdate = new AccountUpdateSchema { Id = account.Id.Value, LastSignedinAt = now }; await UpdateAsync(accountUpdate); if (accountUpdate.StatusCode != 200) { Log.Error($"Can't update 'LastSignedinAt' after a successfully signing in for AccountId={account.Id}"); } transaction.Complete(); var token = _jwtHandler.Bearer(new Account(account.Id.Value, deviceId, account.Username, now).ToClaimsIdentity()); return(DataTransferer.Ok(token)); } catch (Exception ex) { Log.Error(ex, ex.Source); return(DataTransferer.InternalServerError(ex)); } } }
public async Task <IActionResult> ChangeForgotenPasswordAsync([FromBody] ChangeForgotenPasswordBindingModel collection) { Log.Debug($"ChangeForgotenPassword => {JsonConvert.SerializeObject(collection)}"); try { if (string.IsNullOrEmpty(collection?.Username)) { return(BadRequest(_localizer[DataTransferer.DefectiveEmailOrCellPhone().Message])); } collection.Username = collection.Username.Trim(); if (string.IsNullOrEmpty(collection.NewPassword) && string.IsNullOrEmpty(collection.ConfirmPassword)) { return(BadRequest(_localizer[DataTransferer.DefectivePassword().Message])); } if (collection.NewPassword != collection.ConfirmPassword) { return(BadRequest(_localizer[DataTransferer.PasswordsMissmatch().Message])); } if (string.IsNullOrWhiteSpace(collection.Token)) { return(BadRequest(_localizer[DataTransferer.UnofficialRequest().Message])); } var query = new AccountProfileGetFirstSchema { LinkedId = collection.Username }; if (collection.Username.IsPhoneNumber()) { query.TypeId = AccountProfileType.Phone.ToInt(); } else if (new EmailAddressAttribute().IsValid(collection.Username)) { query.TypeId = AccountProfileType.Email.ToInt(); } else { return(BadRequest(_localizer[DataTransferer.InvalidEmailOrCellPhone().Message])); } var accountProfile = await _accountProfileService.FirstAsync(query).ConfigureAwait(true); if (accountProfile == null) { if (query.TypeId == AccountProfileType.Phone.ToInt()) { return(BadRequest(_localizer[DataTransferer.PhoneNotFound().Message])); } if (query.TypeId == AccountProfileType.Email.ToInt()) { return(BadRequest(_localizer[DataTransferer.EmailNotFound().Message])); } } var cachedToken = _memoryCache.Get(collection.Username); if (cachedToken == null) { return(BadRequest(_localizer[DataTransferer.ChangingPasswordWithoutToken().Message])); } var account = await _accountService.FirstAsync(new AccountGetFirstSchema { Id = accountProfile.AccountId.Value }).ConfigureAwait(true); if (account == null) { return(BadRequest(_localizer[DataTransferer.UserNotFound().Message])); } if (collection.Token != cachedToken.ToString()) { Log.Warning($"Account => {account}, AccountProfile => {accountProfile}, It tried to change its password with a wrong 'ForgotPasswordToken'"); return(BadRequest(_localizer[DataTransferer.ChangingPasswordWithWrongToken().Message])); } _memoryCache.Remove(collection.Username); await _accountService.UpdateAsync(new AccountUpdateSchema { Id = account.Id.Value, Password = _cryptograph.RNG(collection.NewPassword) }).ConfigureAwait(false); return(Ok(_localizer[DataTransferer.PasswordChanged().Message])); } catch (Exception ex) { Log.Error(ex, ex.Source); return(Problem(_localizer[DataTransferer.SomethingWentWrong().Message])); } }