public bool ModifyPassword(UserPassword userPassword)
{
if (userPassword.UserId != null)
{
DatabaseUser dbUser = _dbQueryService.GetUserById(userPassword.UserId.Value);
string saltedHashedPasswordToCheck =
UserPasswordTools.HashAndSaltPassword(userPassword.OldPassword, dbUser.Salt);
// If the salted and hashed passwords are identical, then we have a match.
if (saltedHashedPasswordToCheck == dbUser.Password)
{
dbUser.Salt = UserPasswordTools.GenerateRandomPasswordSalt();
dbUser.Password = UserPasswordTools.HashAndSaltPassword(userPassword.NewPassword, dbUser.Salt);
return(_dbQueryService.PersistPasswordChange(dbUser));
}
}
return(false);
}