public async Task <ResponseMessage> ValidatePasswordRecoveryToken(string token) { //Check if the provided token matches a record in the passwordRecoveryRepo and the record is not more than 1 day old and is still active. var encryptedToken = Cryptography.Hash_sha256(token); //Find passwordRecoveryState from repo var result = await passwordRecoveryRepository.GetRecoveryProcessFromToken(encryptedToken); if (result == null) { return(new ResponseMessage(false, null, null, "Unauthorized token, this may be caused by a broken link. Try requesting another password reset.")); } if (!result.IsActive) { return(new ResponseMessage(false, null, null, "This password recovery link is no longer active, or has been used before. Try requesting another password reset.")); } var expirationDate = result.RecoveryRequestedAt.AddDays(1); if (DateTime.UtcNow.CompareTo(expirationDate) > 0) { return(new ResponseMessage(false, null, null, "This password recovery link has expired. Try requesting another password reset.")); } return(new ResponseMessage(true)); }
public async Task <ResponseMessage> UpdatePassword(string token, string newPassword, string confirmNewPassword) { var tokenResponse = await _passwordRecoveryRepository.GetRecoveryProcessFromToken(Cryptography.Hash_sha256(token)); var validateResponse = ValidateTokenResponse(tokenResponse); if (!validateResponse.IsSuccessful) { return(validateResponse); } if (!newPassword.Equals(confirmNewPassword)) { return(new ResponseMessage(false, null, null, "New Password and Confirm New Password must match")); } if (confirmNewPassword.Length < 6) { return(new ResponseMessage(false, null, null, "Password must be atleast 6 characters long")); } if (!ValidatePassword(confirmNewPassword).IsSuccessful) { return(new ResponseMessage(false, null, null, "Special characters are not allowed in the password")); } //Password match all criteria, hash password and update password for user await userStore.UpdatePassword(tokenResponse.UserId, BCrypt.Net.BCrypt.HashPassword(confirmNewPassword)); //Recovery Procedure completed invalidate the recovery procedure process state. await _passwordRecoveryRepository.InvalidateRecoveryProcess(tokenResponse.Id); return(new ResponseMessage(true)); }