public async Task <Response> ChangePasswordByToken(string id, [FromBody] ResetPasswordDTO model) { var user = _giraf._context.Users.FirstOrDefault(u => u.Id == id); if (user == null) { return(new ErrorResponse(ErrorCode.UserNotFound)); } if (model == null) { return(new ErrorResponse(ErrorCode.MissingProperties, "Token", "Password")); } if (model.Token == null || model.Password == null) { return(new ErrorResponse(ErrorCode.MissingProperties, "Token", "Password")); } var result = await _giraf._userManager.ResetPasswordAsync(user, model.Token, model.Password); if (!result.Succeeded) { return(new ErrorResponse(ErrorCode.InvalidProperties, "Token")); } await _signInManager.SignInAsync(user, isPersistent : false); _giraf._logger.LogInformation("User changed their password successfully."); return(new Response()); }
public async Task <IActionResult> ChangePassword(ResetPasswordDTO resetPasswordViewModel) { try { await _profileService.ResetPasswordByTokenAsync(resetPasswordViewModel); return(Ok()); } catch (InvalidDataException e) { return(BadRequest(e.Message)); } catch (TokenExpiredException e) { return(BadRequest(e.Message)); } catch (EntityNotExistException e) { return(BadRequest(e.Message)); } catch (Exception e) { return(BadRequest(e.Message)); } }
public async Task <IHttpActionResult> ResetPassword(ResetPasswordDTO resetPasswordDTO) { try { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } //IdentityResult result = await this._authenticationRepository.ResetPasswordAsync(resetPasswordDTO.UserID, resetPasswordDTO.ResetPasswordToken, resetPasswordDTO.NewPassword); IdentityResult result = await this._authenticationRepository.ResetPasswordAsync(resetPasswordDTO.UserID, resetPasswordDTO.Token, resetPasswordDTO.NewPassword); if (result.Succeeded == false) { return(BadRequest()); } return(Ok()); } catch (Exception ex) { return(BadRequest()); } }
private static IEnumerable <string> ValidatePassword(ResetPasswordDTO credentials, User user) { var oldPasswordHash = Cryptography.HashPassword(credentials.OldPassword); var anyUpperCaseLetterPattern = @"[A-Z]+"; var anyDigitPattern = @"\d+"; var anySpecialCharactertPattern = @"[^a-zA-Z0-9]"; if (oldPasswordHash != user.Password) { yield return(PasswordValidationMsgsEnum.WRONG_OLD_PASSWORD.Text); } if (credentials.NewPassword != credentials.NewPasswordRepeat) { yield return(PasswordValidationMsgsEnum.PASSWORDS_CONFIRMATION_DIFF.Text); } if (credentials.NewPassword.Length < 8 || !(Regex.IsMatch(credentials.NewPassword, anyUpperCaseLetterPattern) && Regex.IsMatch(credentials.NewPassword, anyDigitPattern) && Regex.IsMatch(credentials.NewPassword, anySpecialCharactertPattern))) { yield return(PasswordValidationMsgsEnum.PASSWORD_INSUFFICIENT_COMPLEXITY.Text); } yield break; }
public static bool ResetSenhaPadrão(ResetPasswordDTO credentials, out IEnumerable <string> validationErrors) { using (Data.Contexts.SMEManagementContext db = new Contexts.SMEManagementContext()) { User user = (from current in db.Users where current.Name == credentials.Username select current).FirstOrDefault(); validationErrors = default; if (user != null) { validationErrors = ValidatePassword(credentials, user); if (validationErrors.Count() < 1) { user.Password = Cryptography.HashPassword(credentials.NewPassword); return(db.SaveChanges() > 0); } } return(false); } }
public async Task <IActionResult> ResetPassword([FromBody] ResetPasswordDTO resetPasswordDTO) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var user = await db.Users.FirstOrDefaultAsync(o => o.UserName == resetPasswordDTO.UserName); if (user == null) { return(BadRequest("Invalid email")); } var token = await userManager.GeneratePasswordResetTokenAsync(user); var text = user.FirstName + Environment.NewLine; text += Environment.NewLine; text += "A password reset has been requested. Please use the link below to reset your password." + Environment.NewLine; text += Environment.NewLine; text += Settings.RootUrl + "auth/reset?e=" + user.Email + "&t=" + token + Environment.NewLine; var html = user.FirstName + Environment.NewLine; html += Environment.NewLine; html += "A password reset has been requested. Please use the link below to reset your password." + Environment.NewLine; html += Environment.NewLine; html += Settings.RootUrl + "auth/reset?e=" + user.Email + "&t=" + WebUtility.UrlEncode(token) + Environment.NewLine; await emailSender.SendEmailAsync(user.Email, user.FullName, "Password Reset", text, html); return(Ok()); }
public async Task <Response <string> > ResetPassword(ResetPasswordDTO model) { Response <string> response = new Response <string> { Success = false }; var user = await _userManager.FindByEmailAsync(model.Email); if (user == null) { response.Message = "No user associated with email"; return(response); } if (model.NewPassword != model.ConfirmPassword) { response.Message = "Password doesn't match its confirmation"; return(response); } var decodedToken = WebEncoders.Base64UrlDecode(model.Token); string normalToken = Encoding.UTF8.GetString(decodedToken); var result = await _userManager.ResetPasswordAsync(user, normalToken, model.NewPassword); if (result.Succeeded) { response.Success = true; response.Message = "Password has been reset successfully!"; return(response); } response.Message = "Something went wrong"; return(response); }
public async Task <IActionResult> ForgotPassword(ForgotPasswordDTO forgotPassword) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var user = await _userManager.FindByEmailAsync(forgotPassword.Email); if (user == null) { return(NotFound($"Usuário '{forgotPassword.Email}' não encontrado.")); } else { var code = await _userManager.GeneratePasswordResetTokenAsync(user); var resetPassword = new ResetPasswordDTO(); resetPassword.Code = code; resetPassword.Email = user.Email; resetPassword.UserId = user.Id; return(Ok(resetPassword)); // Comentando o trecho de codigo de envio de email //var forgot = await ForgotMainPassword(user); //if (forgot.Enviado) //return Ok(); //return Unauthorized(forgot.error); } }
public async Task <IActionResult> ResetPasswordToken(ResetPasswordDTO model) { try { await _userService.ResetPasswordTokenAsync(model); return(Ok()); } catch (DbUpdateConcurrencyException) { return(BadRequest(new { Message = "The record you attempted to edit was modified by another user after you got the original value" })); } catch (SqlNullValueException e) { return(NotFound(new { e.Message })); } catch (SecurityTokenInvalidLifetimeException e) { return(BadRequest(new { e.Message })); } catch (FormatException) { return(BadRequest(new { Message = "Token is not valid" })); } catch (Exception e) { return(BadRequest(new { e.Message })); } }
public async Task <ActionResult> ChangePassword([FromBody] ResetPasswordDTO model) { var user = await _userManager.FindByEmailAsync(model.Email); user.ShouldGetPassword = false; IdentityResult result = await _userManager.ChangePasswordAsync(user, model.OldPassword, model.NewPassword); if (result.Succeeded) { var res = await _signInManager.PasswordSignInAsync(model.Email, model.NewPassword, false, false); if (res.Succeeded) { var appUser = _userManager.Users.Include(u => u.UserRoles).FirstOrDefault(r => r.Email == model.Email); crtUser = appUser; using (DatabaseContext dbc = new DatabaseContext()) { return(Ok(await GenerateJwtToken(model.Email, appUser))); } } return(Unauthorized()); } else { return(BadRequest(result.Errors)); } }
public async Task <IActionResult> ActivePassword([FromBody] ResetPasswordDTO resetPasswordDTO) { try { if (!ModelState.IsValid) { return(BadRequest(new { error = "Không được để trống" })); } if (!resetPasswordDTO.ConfirmPassword.Equals(resetPasswordDTO.NewPassword)) { return(BadRequest(new { error = "Mật khẩu mới và xác nhận mật khẩu không chính xác" })); } var accountFromDb = await _repo.GetAccount(resetPasswordDTO.Email); if (accountFromDb == null) { return(BadRequest(new { error = "Tài khoản không tồn tại" })); } var accountOTP = await _cRUDRepo.GetOneWithConditionTracking <AccountOTP>(ao => ao.AccountId == accountFromDb.Id && ao.ValidUntil > DateTime.Now); if (accountOTP == null) { return(BadRequest(new { Error = "OTP đã hết hạn" })); } if (resetPasswordDTO.OTP != accountOTP.OTP) { return(BadRequest(new { Error = "OTP không đúng" })); } var result = await _repo.ResetPassword(accountFromDb, accountOTP.Token, resetPasswordDTO.NewPassword); if (result) { _cRUDRepo.Delete(accountOTP); if (await _repo.SaveAll()) { return(Ok()); } } return(BadRequest()); } catch (System.Exception e) { throw e; } }
public async Task <IActionResult> Resetpassword([FromBody] ResetPasswordDTO model) { try { var user = await _userManager.FindByEmailAsync(model.Email); if (user == null) { return(StatusCode(404, "User not found")); } var result = await _userManager.ResetPasswordAsync(user, model.Token, model.Email); if (!result.Succeeded) { foreach (var item in result.Errors) { ModelState.AddModelError("", item.Description); } return(StatusCode(400, ModelState)); } return(StatusCode(204, "Password Changed")); } catch (Exception e) { return(StatusCode(500, e.Message)); } }
public override SubmitResult RequestPasswordReset(ResetPasswordDTO dto) { if (SecurityUnit.UserRepository.EmailExists(dto.Email)) { User u = AuthUnit.AuthUserRepository.FindSingle(d => d.Email == dto.Email); var mails = SecurityUnit.ServiceProvider.GetService <IAuthenticationMailService>(); dto.NewPassword = Utils.RandomAlphaNumeric(8, CharType.Small); dto.ServerUrl = Shell.GetConfigAs <string>("ServerUrl", false); dto.LogonName = u.LogonName; dto.UserFullName = u.Name; var res = mails.SendResetEmail(dto); if (res.IsSuccess) { u.Password = dto.NewPassword.ToMD5(); AuthUnit.AuthUserRepository.Update(u); var sRes = AuthUnit.SaveChanges(); sRes.Data["EmailRes"] = res; return(sRes); } else { var sRes = res.MapToResult <SubmitResult>(); sRes.Message = SecurityUnit.TranslateIfMobile("mail_sending_failed"); return(sRes); } } else { return(new SubmitResult(1, SecurityUnit.TranslateIfMobile("no_such_email"))); } }
public async Task ResetPasswordByTokenAsync(ResetPasswordDTO model) { var decryptedToken = Encrypting.Decrypt(HttpUtility.UrlDecode(model.Token), _configuration["EncryptionKey"], true); var tokenParts = decryptedToken.Split("|"); if (tokenParts.Length < 2) { throw new InvalidDataException("TokenViewModel is not valid"); } var email = tokenParts[0]; var expireTime = tokenParts[1]; if (DateTime.Compare(DateTime.UtcNow, DateTime.Parse(expireTime)) == 1) { throw new TokenExpiredException("TokenViewModel is expired"); } var user = await(await _userRepository.GetAllAsync(u => u.Email == email)).FirstOrDefaultAsync(); if (user == null) { throw new EntityNotExistException("This user is not exist"); } user.Password = _hashMd5Service.GetMd5Hash(model.Password); await _userRepository.UpdateAsync(user); }
public async Task ResetPasswordTokenAsync(ResetPasswordDTO model) { var passwordReset = await _passwordResetRepository.GetFirstAsync( reset => reset.VerificationToken == model.Token && !reset.Used, reset => reset.User); if (passwordReset == null || passwordReset.Used) { throw new SecurityTokenException("Token is not valid"); } if (passwordReset.ExpirationTime < DateTime.UtcNow) { throw new SecurityTokenInvalidLifetimeException("The token has expired"); } if (passwordReset.User == null) { throw new SqlNullValueException("No users found with this email address"); } await _emailService.SendEmailAsync(passwordReset.User.Email, "Password changed", "Your password was reset. If you didn't reset your password, please, contact us."); passwordReset.User.Password = model.Password.CreateMd5(); await _userRepository.UpdateAsync(passwordReset.User); passwordReset.Used = true; passwordReset.ResetDate = DateTime.UtcNow; await _passwordResetRepository.UpdateAsync(passwordReset); }
public async Task <IActionResult> ResetPassword(ResetPasswordDTO model) { var user = await userManager.FindByNameAsync(model.UserName); if (user is null) { return(BadRequest()); } if (ModelState.IsValid) { var result = await userManager.ResetPasswordAsync(user, model.Token, model.Password); if (result.Succeeded) { return(RedirectToAction("Login", new { UCB = model.UCB })); } else { ModelState.AddModelError("", "خطایی رخ داد"); } } return(View(model)); }
public async Task <IActionResult> ResetPassword([FromBody] ResetPasswordDTO resetPasswordDto) { if (!ModelState.IsValid) { return(BadRequest()); } var user = await userManager.FindByEmailAsync(resetPasswordDto.Email); if (user == null) { return(BadRequest("Invalid Request")); } var resetPassResult = await userManager.ResetPasswordAsync(user, resetPasswordDto.Token, resetPasswordDto.Password); if (!resetPassResult.Succeeded) { var errors = resetPassResult.Errors.Select(e => e.Description); return(BadRequest(new { Errors = errors })); } return(Ok()); }
public async Task <IActionResult> ResetPassword( [FromBody] ResetPasswordDTO resetPasswordModel) { if (string.IsNullOrWhiteSpace(resetPasswordModel.Token) || string.IsNullOrWhiteSpace(resetPasswordModel.Email)) { return(BadRequest("Can not reset password, invalid token or email")); } var user = await accountBusiness.FindUserAsync(resetPasswordModel.Email); if (user is null) { return(BadRequest("Can not reset password for invalid user.")); } // reset password var response = await accountBusiness.ResetPasswordAsync(resetPasswordModel.NewPassword, resetPasswordModel.Token, user); if (!response.Succeeded) { var errors = response.Errors.Select(x => x.Description).ToList(); return(BadRequest(errors)); } return(Ok()); }
public HttpResponseMessage ResetPassword(ResetPasswordDTO resetPasswordDTO) { var userProfile = db.UserProfiles.FirstOrDefault(Usr => Usr.Email == resetPasswordDTO.Email); if (userProfile != null && userProfile.Membership.IsConfirmed.GetValueOrDefault(false)) { if (userProfile.Membership.PasswordVerificationToken == resetPasswordDTO.Code && userProfile.Membership.PasswordVerificationTokenExpirationDate >= WebUI.Common.Common.DateTimeNowLocal()) { userProfile.Membership.PasswordVerificationToken = null; userProfile.Membership.PasswordVerificationTokenExpirationDate = null; userProfile.Membership.Password = Crypto.Hash(resetPasswordDTO.Password); userProfile.Membership.PasswordFailuresSinceLastSuccess = 0; userProfile.Membership.PasswordChangedDate = WebUI.Common.Common.DateTimeNowLocal(); db.SaveChanges(); } else { return(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "Token invalid or expired. You can request a new token by using the forgotten password link again.")); } } else { return(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "Invalid request")); } return(Request.CreateResponse(HttpStatusCode.OK)); }
public async Task <bool> ResetPasswordAsync(ResetPasswordDTO model) { var result = await TheUnitOfWork.AccountRepo.ResetPasswordAsync(model); TheUnitOfWork.SaveChanges(); return(result); }
public async Task NewPassword(ResetPasswordDTO resetPasswordDTO) { var token = resetPasswordDTO.ResetToken.Replace("\\", "").Replace("\"", ""); var userId = _context.RefreshTokens .Where(RefreshToken => RefreshToken.Token == token) .Select(RefreshToken => RefreshToken.UserId).First(); var userEntity = await GetUserByIdInternal(userId); if (userEntity == null) { throw new NotFoundException(nameof(User)); } var timeNow = DateTime.Now; //byte[] salt = new byte[] { }; //foreach(char i in userEntity.Salt.ToCharArray()) //{ // salt.Append(Convert.ToByte(i)); //} userEntity.Password = SecurityHelper.HashPassword(resetPasswordDTO.Password, Convert.FromBase64String(userEntity.Salt)); userEntity.UpdatedAt = timeNow; _context.Users.Update(userEntity); await _context.SaveChangesAsync(); await _authService.RevokeRefreshToken(token, userId); }
public async Task <IActionResult> ResetPassword(ResetPasswordDTO model) { if (ModelState.IsValid) { var user = await _userManager.FindByEmailAsync(model.Email); if (user != null) { var result = await _userManager.ResetPasswordAsync(user, model.Token, model.Password); if (result.Succeeded) { return(View("ResetPasswordConfirmation")); } foreach (var error in result.Errors) { ModelState.AddModelError(string.Empty, error.Description); } return(View(model)); } return(View("ResetPasswordConfirmation")); } return(View(model)); }
public virtual Result SendResetEmail(ResetPasswordDTO dto) { var body = Writer.FillStringParameters(ResetPasswordHTMLTemplate, dto); var c = CreateClient(); var mess = CreateMessage(dto.Email, "Your Password was Reset", body, true, Config.SenderName ?? "no-reply"); return(SendEmail(c, mess)); }
public IActionResult ResetPassword(string token, string email) { var model = new ResetPasswordDTO { Token = token, Email = email }; return(View(model)); }
public async Task ResetPasswordAsync(ResetPasswordDTO resetPasswordModel) { var user = await _userManager.FindByEmailAsync(resetPasswordModel.Email); var identityResult = await _userManager.ResetPasswordAsync(user, resetPasswordModel.ResetToken, resetPasswordModel.Password); identityResult.ThrowExceptionOnFailure(); }
public async Task <ActionResult> ResetPassword([FromBody] ResetPasswordDTO dto) { var isAdministrator = User.IsInRole("ADMINISTRATOR"); var userLogin = User.FindFirst(ClaimTypes.NameIdentifier).Value; await _accountService.ResetPassword(dto, isAdministrator, userLogin); return(NoContent()); }
public ActionResult ResetPassword(string id) { ResetPasswordDTO model = new ResetPasswordDTO() { Code = id }; return(id == null?View("Error") : View(model)); }
public void ValidateResetPassword_FailWithShortPassword() { ResetPasswordDTO resetPassword = new ResetPasswordDTO() { Username = "******", NewPassword = "******" }; Assert.IsNotNull(Validations.ValidateResetPassword(resetPassword)); }
public void ValidateResetPassword_seccssededWithValidData() { ResetPasswordDTO resetPassword = new ResetPasswordDTO() { Username = "******", NewPassword = "******" }; Assert.IsNull(Validations.ValidateResetPassword(resetPassword)); }
public void ValidateResetPassword_FailWithEmptyUserName() { ResetPasswordDTO resetPassword = new ResetPasswordDTO() { Username = "", NewPassword = "******" }; Assert.IsNotNull(Validations.ValidateResetPassword(resetPassword)); }