public async Task <IdentityResult> ValidateAsync(UserManager <TUser> manager, TUser user, string password) { var hashedPassword = HashPasswordToSHA1(password); Dictionary <string, int> matchedHashes; try { matchedHashes = await _blacklistService.GetBlacklistedHashedPasswords(hashedPassword.Substring(0, 5)); } catch (ApiCallFailedException) { _trackTelemetry.TrackEvent(EventName.SetPassword, EventType.VulnerablePassword, user.Id); return(IdentityResult.Success); } if (matchedHashes.TryGetValue(hashedPassword.Substring(5), out int timesCompromised) && timesCompromised > _passwordThreshold) { return(IdentityResult.Failed( new IdentityError() { Code = nameof(password), Description = "The password you have entered is known to be vulnerable." } )); } return(IdentityResult.Success); }
public async Task <IActionResult> Index() { var user = await _userManager.GetUserAsync(User); if (user == null) { _trackTelemetry.TrackEvent(EventName.AdminManagement, EventType.Action, EventStatus.UserNotFound); return(BadRequest(_messageConstants.RequestUnsuccessful)); } var clients = _configurationDbContext.Clients.ToList(); var apiResources = _configurationDbContext.ApiResources.ToList(); var registeredIdentityResources = _configurationDbContext.IdentityResources.ToList(); var model = new AdminViewModel { Clients = clients, ApiResources = apiResources, RegisteredIdentityResources = registeredIdentityResources, IdentityResources = _identityResources.Values, IsRemoveButtonVisibleForClients = clients.Any(), IsRemoveButtonVisibleForApiResources = apiResources.Any() }; return(View(model)); }
public async Task <IActionResult> Register(RegisterModel model, string returnUrl = null) { ViewData["ReturnUrl"] = returnUrl; if (ModelState.IsValid) { var user = new IdentityUser { UserName = model.Username, Email = model.Email }; var result = await _userManager.CreateAsync(user, model.Password); if (result.Succeeded) { await SendEmailConfirmation(user, returnUrl); if (!Guid.TryParse(user.Id, out var userId)) { throw new FormatException($"{nameof(user.Id)} could not be parsed as a Guid"); } await _registerService.SendUserRegistrationAsync(userId, user.UserName, user.Email); _trackTelemetry.TrackEvent(EventName.Registration, EventType.Method, Providers.Zupa); return(View(nameof(ConfirmEmail))); } AddErrors(result); } return(View(model)); }