public void UpdatePassword(User user, string password)
{
CheckLoginStatus();
PasswordValidationHelper.ValidatePassword(password);
var detailedUser = _db.Find("Username", user.Username).FirstOrDefault();
detailedUser.SetPassword(password);
_db.Update(detailedUser);
}
public async Task ResetPassword(AuthenticationUser user, string oldPassword, string newPassword)
{
if (string.IsNullOrEmpty(newPassword))
{
throw new BadRequestException("Password reset failed, new password cannot be empty", ErrorCodes.EmptyPassword);
}
if (oldPassword != null && oldPassword == newPassword)
{
throw new BadRequestException("Password reset failed, new password cannot be equal to the old one", ErrorCodes.SamePassword);
}
if (newPassword.ToLower() == user.Login?.ToLower())
{
throw new BadRequestException("Password reset failed, new password cannot be equal to login name", ErrorCodes.PasswordSameAsLogin);
}
if (newPassword.ToLower() == user.DisplayName?.ToLower())
{
throw new BadRequestException("Password reset failed, new password cannot be equal to display name", ErrorCodes.PasswordSameAsDisplayName);
}
string errorMsg;
if (!PasswordValidationHelper.ValidatePassword(newPassword, true, out errorMsg))
{
throw new BadRequestException("Password reset failed, new password is invalid", ErrorCodes.TooSimplePassword);
}
if (await IsChangePasswordCooldownInEffect(user))
{
throw new ConflictException("Password reset failed, password reset cooldown in effect", ErrorCodes.ChangePasswordCooldownInEffect);
}
if (!await _userRepository.ValidateUserPasswordForHistoryAsync(user.Id, newPassword))
{
throw new BadRequestException("The new password matches a previously used password.", ErrorCodes.PasswordAlreadyUsedPreviously);
}
var newGuid = Guid.NewGuid();
user.UserSalt = newGuid;
user.Password = HashingUtilities.GenerateSaltedHash(newPassword, user.UserSalt);
await _userRepository.UpdateUserOnPasswordResetAsync(user);
}
public void StoreUser(User user, string password)
{
CheckLoginStatus();
if (_db.Exists("Username", user.Username))
{
throw new ArgumentException($"Username '{ user.Username }' already exists.");
}
var newUser = new DetailedUser
{
Username = user.Username,
Name = user.Name,
LastName = user.LastName,
DateCreated = DateTime.Now
};
PasswordValidationHelper.ValidatePassword(password);
newUser.SetPassword(password);
_db.Add(newUser);
}