public async Task <UserClaimsDto> Register(AddUserDto userDto) { if (await _genericRepository.FindBy(x => x.Email == userDto.Email).AnyAsync()) { return(null); } User user = new User { UserName = userDto.Username, Email = userDto.Email }; if (!string.IsNullOrEmpty(userDto.Password)) { byte[] passwordHash, passwordSalt; HashSaltHelper.GeneratePasswordHashAndSalt(userDto.Password, out passwordHash, out passwordSalt); user.PasswordHash = passwordHash; user.PasswordSalt = passwordSalt; await _genericRepository.Add(user); return(_mapper.Map <UserClaimsDto>(user)); } return(null); }
public bool ResetPassword(string username, string email, string passwordResetRequestCode, string newPassword) { bool success = false; //1) Find the passwordResetRequestCode Record if it exists, which gives the account id //2) Get the AccountRecord //3) Update the Password = newPassword and the Deleted flag = true, call update on bo to update in database TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordResetRequest = null; TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest passwordResetSearchCriteria = new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]) { PasswordResetCode = passwordResetRequestCode }; TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest passwordResetSearchReturned = new TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]); passwordResetSearchReturned.FillByCriteriaExact(passwordResetSearchCriteria); if (passwordResetSearchReturned != null && passwordResetSearchReturned.Count > 0) { if (passwordResetSearchReturned.Count == 1) { foundPasswordResetRequest = (TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest)passwordResetSearchReturned[0]; //make sure that the email or username is valid TestSprocGenerator.Business.SingleTable.Bo.Account foundAccount = null; string emailAddress = DetermineEmailGetAccountByEmailOrUsername(username, email, out foundAccount); if (foundAccount != null) { //account is valid if the accountid of the returned record and the password request record accountID match if (foundAccount.AccountID == foundPasswordResetRequest.AccountID) { //TODO: should probably do this in a transaction instead of having the possibility of one of these //failing foundAccount.Deleted = false; foundAccount.AccountPassword = HashSaltHelper.CreatePasswordHash(newPassword, HashSaltHelper.CreateSalt()); foundAccount.Update(); foundPasswordResetRequest.Delete(); success = true; } else { throw new ApplicationException("Email or Username provided does not match the Password Reset Request code record"); } } else { throw new ApplicationException("Email or Username provided is not valid"); } } } return(success); }
public bool LoginUser(string username, string password) { if (_smoSettings.ContainsKey(CONNECTION_STRING_NAME)) { if (string.IsNullOrEmpty(username)) { throw new ArgumentNullException("Username"); } if (string.IsNullOrEmpty(password)) { throw new ArgumentNullException("Password"); } //get the user by username first then we can figure out if the password is ok TestSprocGenerator.Business.SingleTable.Bo.Account criteria = new TestSprocGenerator.Business.SingleTable.Bo.Account(_smoSettings[CONNECTION_STRING_NAME]) { AccountUsername = username, Deleted = false }; TestSprocGenerator.Business.SingleTable.Bo.List.Account searchReturned = new TestSprocGenerator.Business.SingleTable.Bo.List.Account(_smoSettings[CONNECTION_STRING_NAME]); searchReturned.FillByCriteriaExact(criteria); if (searchReturned != null && searchReturned.Count > 0) { //now that we have a user with that username we need to compare/verify the hashed password if (!string.IsNullOrEmpty(searchReturned[0].AccountPassword)) { string salt = searchReturned[0].AccountPassword.Substring(searchReturned[0].AccountPassword.Length - CommonLibrary.Security.HashSaltHelper.SALT_SIZE); string hashedPasswordAndSalt = HashSaltHelper.CreatePasswordHash(password, salt); bool passwordMatch = hashedPasswordAndSalt.Equals(searchReturned[0].AccountPassword); if (passwordMatch) { return(true); } } } return(false); } else { throw new ApplicationException("Database Connection String Not in Configuration File or not loaded from Config File"); } return(false); }
public async Task <UserClaimsDto> Login(AddUserDto userDto) { User user = await _genericRepository.FindBy(x => x.Email == userDto.Email).SingleAsync(); if (user == null) { return(null); } if (!HashSaltHelper.VerifyPasswordHash(userDto.Password, user.PasswordHash, user.PasswordSalt)) { return(null); } return(_mapper.Map <UserClaimsDto>(user)); }
/// <summary> /// Generate a regular Account from the UI, the Administrative Accounts need to go through an Administrative /// set of interfaces/code /// </summary> /// <param name="accountModel"></param> /// <returns></returns> public bool AccountCreate(TestSprocGenerator.Business.SingleTable.Bo.Account accountModel) { if (_smoSettings.ContainsKey(CONNECTION_STRING_NAME)) { accountModel.DatabaseSmoObjectsAndSettings = _smoSettings[CONNECTION_STRING_NAME]; if (string.IsNullOrEmpty(accountModel.AccountUsername)) { throw new ArgumentNullException("AccountUsername"); } if (string.IsNullOrEmpty(accountModel.AccountPassword)) { throw new ArgumentNullException("AccountPassword"); } if (DoesUserNameExist(accountModel.AccountUsername)) { throw new ArgumentException("AccountUsername is in Use, Please pick another username"); } //Set default values for insertion of new account accountModel.AccountCode = DEFAULT_ACCOUNT_CODE; accountModel.AccountID = Guid.NewGuid(); accountModel.AccountPassword = HashSaltHelper.CreatePasswordHash(accountModel.AccountPassword, HashSaltHelper.CreateSalt()); accountModel.Deleted = false; accountModel.InsertedDateTime = DateTime.Now; accountModel.ModifiedDateTime = DateTime.Now; accountModel.Insert(); return(true); } else { throw new ApplicationException("Database Connection String Not in Configuration File or not loaded from Config File"); } }
public async Task <User> Add(AddUserDto userDto) { User user = new User { UserName = userDto.Username, Email = userDto.Email }; if (!string.IsNullOrEmpty(userDto.Password)) { byte[] passwordHash, passwordSalt; HashSaltHelper.GeneratePasswordHashAndSalt(userDto.Password, out passwordHash, out passwordSalt); user.PasswordHash = passwordHash; user.PasswordSalt = passwordSalt; } await _context.Users.AddAsync(user); await _context.SaveChangesAsync(); return(user); }