public void UsersPasswordChangeTest()
{
var updateInfo = new UpdateUserPasswordDTO {
Password = "******", UserID = new Guid("e4eec242-58fb-4952-a78d-a65501281276")
};
using (var db = new DataContext())
{
//Update the password
var user = db.Users.Find(updateInfo.UserID);
string newHash = updateInfo.Password.ComputeHash();
DateTimeOffset dateBack = DateTimeOffset.UtcNow.AddDays(ConfigurationManager.AppSettings["PreviousDaysPasswordRestriction"].ToInt32() * -1);
int previousUses = ConfigurationManager.AppSettings["PreviousPasswordUses"].ToInt32();
var param = new LastUsedPasswordCheckParams {
User = user, DateRange = dateBack, NumberOfEntries = previousUses, Hash = newHash
};
var query = new LastUsedPasswordCheckQuery(db);
if (user.PasswordHash == newHash || query.Execute(param))
{
Assert.Fail("The password has already been used previously");
}
}
}
public async Task <ActionResult> PasswordExpired(string newPassword)
{
if (Lpp.Dns.Data.User.CheckPasswordStrength(newPassword) != DTO.Enums.PasswordScores.VeryStrong)
{
ModelState.AddModelError("Error", "The password specified is not strong enough. Please ensure that the password has at least one upper-case letter, a number and at least one symbol and does not include: ':;<'.");
return(View("~/Views/Home/ExpiredPassword.cshtml"));
}
if (Auth.ApiIdentity.IsAuthenticated == false)
{
ModelState.AddModelError("Error", "You must login before changing your password.");
return(View("~/Views/Home/ExpiredPassword.cshtml"));
}
var user = await DataContext.Users.FindAsync(Auth.ApiIdentity.ID);
string newHash = newPassword.ComputeHash();
DateTimeOffset dateBack = DateTimeOffset.UtcNow.AddDays(ConfigurationManager.AppSettings["PreviousDaysPasswordRestriction"].ToInt32() * -1);
int previousUses = ConfigurationManager.AppSettings["PreviousPasswordUses"].ToInt32();
var param = new LastUsedPasswordCheckParams {
User = user, DateRange = dateBack, NumberOfEntries = previousUses, Hash = newHash
};
var query = new LastUsedPasswordCheckQuery(DataContext);
if (user.PasswordHash == newHash || await query.ExecuteAsync(param))
{
ModelState.AddModelError("Error", "Your new password must be different than your previous password(s).");
return(View("~/Views/Home/ExpiredPassword.cshtml"));
}
DataContext.LogsUserPasswordChange.Add(new Data.Audit.UserPasswordChangeLog {
UserID = Auth.ApiIdentity.ID, UserChangedID = user.ID, OriginalPassword = user.PasswordHash, Method = UserPasswordChange.Profile
});
user.PasswordHash = newHash;
user.PasswordExpiration = DateTime.Now.AddMonths(ConfigurationManager.AppSettings["ConfiguredPasswordExpiryMonths"].ToInt32());
//Save it
await DataContext.SaveChangesAsync();
Auth.SetCurrentUser(user, AuthenticationScope.WebSession);
var expireMinutes = WebConfigurationManager.AppSettings["SessionExpireMinutes"];
if (string.IsNullOrWhiteSpace(expireMinutes))
{
expireMinutes = "30";
}
var sModel = Newtonsoft.Json.JsonConvert.SerializeObject(new LoginResponseModel(user, newPassword, user.OrganizationID, user.PasswordExpiration, expireMinutes.ToInt32()));
var authCookie = new HttpCookie("Authorization", sModel)
{
Shareable = false,
Expires = DateTime.MinValue,
};
Response.Cookies.Remove("Authorization");
Response.Cookies.Add(authCookie);
return(Redirect("~/"));
}