public bool ResetPassword(string passwordResetToken, string newPassword) { if (string.IsNullOrEmpty(newPassword)) { return(false); } var user = GetById(GetUserIdFromPasswordResetToken(passwordResetToken)); if (user == null) { return(false); } if (!Token.IsTokenValid(passwordResetToken)) { throw new Exception("Token inválido"); } if (user.PasswordVerificationToken != passwordResetToken) { return(false); } var newHashedPassword = PasswordAssertionConcern.ComputeHash(newPassword, "SHA512", null); user.Password = newHashedPassword; user.LastPasswordChangedDate = DateTime.UtcNow; BeginTransaction(); _userRepository.Update(user); Commit(); return(true); }
public string Create(string email, string password, string confirmPassword, string firstName, string lastName, bool requireConfirmationToken = false) { if (string.IsNullOrEmpty(email)) { throw new Exception("Login inválido"); } if (string.IsNullOrEmpty(password)) { throw new Exception("Senha inválida"); } if (!string.IsNullOrEmpty(password) && password.Length < User.MinRequiredPasswordLength) { throw new Exception($"A senha deve ter no mínimo {User.MinRequiredPasswordLength} caracteres"); } if (password != confirmPassword) { throw new Exception("Senhas não conferem"); } if (User.RequiresUniqueEmail && EmailExists(email)) { throw new Exception("Email duplicado"); } var hashedPassword = PasswordAssertionConcern.ComputeHash(password, "SHA512", null); var token = string.Empty; var privateKey = string.Empty; if (requireConfirmationToken) { var time = DateTime.UtcNow.AddMinutes(Token._expirationMinutes); privateKey = Token.GenerateToken($"{email}{Token._TestCedro_PRIVATE_KEY}", time.Ticks); token = Token.GenerateToken(email, time.Ticks); } var user = new User { UserId = Guid.NewGuid(), FirstName = firstName, LastName = lastName, Password = hashedPassword, IsApproved = !requireConfirmationToken, Email = email, CreationDate = DateTime.UtcNow, LastPasswordChangedDate = DateTime.UtcNow, PasswordFailuresSinceLastSuccess = 0, LastLoginDate = DateTime.UtcNow, LastActivityDate = DateTime.UtcNow, LastLockoutDate = DateTime.UtcNow, IsLockedOut = false, LastPasswordFailureDate = DateTime.UtcNow, ConfirmationToken = token, PrivateKey = privateKey }; BeginTransaction(); _userRepository.Add(user); Commit(); return(user.ConfirmationToken); }
public bool ChangePassword(string email, string currentPassword, string newPassword) { if (string.IsNullOrEmpty(email)) { return(false); } if (string.IsNullOrEmpty(currentPassword)) { return(false); } if (string.IsNullOrEmpty(newPassword)) { return(false); } var user = GetByUserEmail(email); if (user == null) { return(false); } var hashedPassword = user.Password; var verificationSucceeded = hashedPassword != null && PasswordAssertionConcern.VerifyHash(currentPassword, hashedPassword); if (verificationSucceeded) { user.PasswordFailuresSinceLastSuccess = 0; } else { var failures = user.PasswordFailuresSinceLastSuccess; if (failures < User.MaxInvalidPasswordAttempts) { user.PasswordFailuresSinceLastSuccess += 1; user.LastPasswordFailureDate = DateTime.UtcNow; } else if (failures >= User.MaxInvalidPasswordAttempts) { user.LastPasswordFailureDate = DateTime.UtcNow; user.LastLockoutDate = DateTime.UtcNow; user.IsLockedOut = true; } BeginTransaction(); _userRepository.Update(user); Commit(); return(false); } var newHashedPassword = PasswordAssertionConcern.ComputeHash(newPassword, "SHA512", null); user.Password = newHashedPassword; user.LastPasswordChangedDate = DateTime.UtcNow; BeginTransaction(); _userRepository.Update(user); Commit(); return(true); }
public static void Initialize() { using (MainContext context = new MainContext()) { context.Database.EnsureCreated(); if (context.Users.Any(x => x.Email == "*****@*****.**")) { return; } var users = new[] { new User { FirstName = "User", LastName = "Client", Email = "*****@*****.**", IsApproved = true, PasswordFailuresSinceLastSuccess = 0, LastPasswordFailureDate = null, LastActivityDate = null, LastLockoutDate = null, LastLoginDate = null, ConfirmationToken = null, CreationDate = DateTime.Now, IsLockedOut = false, LastPasswordChangedDate = null, PasswordVerificationToken = null, PrivateKey = null, PasswordVerificationTokenExpirationDate = null, PictureUrl = null, Comment = null, Password = PasswordAssertionConcern.ComputeHash("123456") } }; context.Users.AddRange(users); context.SaveChanges(); } }
public string EncryptPassword(string password) { return(PasswordAssertionConcern.ComputeHash(password)); }