/// <summary>
/// User update password
/// </summary>
/// <param name="websiteId"></param>
/// <param name="userId"></param>
/// <param name="userUpdatePasswordModel"></param>
/// <returns></returns>
public async Task UpdatePassword(int websiteId, int userId, UserUpdatePasswordModel userUpdatePasswordModel)
{
if (userUpdatePasswordModel.NewPassword == null ||
userUpdatePasswordModel.NewPassword.Length < Constants.Utility.PasswordMinLength)
{
throw new ValidationException(Constants.MessageResponse.NewPasswordNotMeetExpected);
}
var userRepository = unitOfWork.GetRepository <User>();
var user = await userRepository.FindByAsync(x => x.Id == userId &&
x.WebsiteId == websiteId);
if (user == null)
{
throw new NotFoundException(string.Format(
Constants.MessageResponse.NotFoundError, nameof(User), nameof(userUpdatePasswordModel.Id)));
}
var isValid = Security.ValidatePassword(user.Email, userUpdatePasswordModel.OldPassword, user.Password);
if (!isValid)
{
throw new ValidationException(string.Format(Constants.MessageResponse.OldPasswordIncorrect));
}
user.Password = Security.CreateHashPassword(user.Email, userUpdatePasswordModel.NewPassword);
user.UpdatedDate = DateTime.UtcNow;
userRepository.Update(user);
await unitOfWork.CommitAsync();
}
public async Task <bool> ChangePassword(int id, UserUpdatePasswordModel model, UserIdentity <int> issuer)
{
var user = await _userRepository.FindByUserIdAsync(id);
if (user == null)
{
return(false);
}
var result = await _userManagement.ChangePasswordAsync(user, model.OldPassword, model.NewPassword);
if (!result.Succeeded)
{
return(false);
}
user.UpdateBy(issuer);
_userRepository.Update(user);
await _uow.SaveChangesAsync();
EmailTemplate emailTemplate = _emailTemplateRepository.GetEmailTemplateByName("ChangeUserPasswordEmail");
emailTemplate.EmailContent = emailTemplate.EmailContent.Replace("#email", user.Email);
emailTemplate.EmailContent = emailTemplate.EmailContent.Replace("#username", user.UserName);
await _emailSender.SendEmailAsync(user.Email, emailTemplate.EmailSubject, emailTemplate.EmailContent, true);
return(true);
}
public ActionResult Manage(UserUpdatePasswordModel model)
{
if (ModelState.IsValid)
{
var userProfile = base.db.Users.FirstOrDefault(u => u.Name == User.Identity.Name);
if (userProfile != null)
{
var hash = General.HashString(model.CurrentPassword + userProfile.Salt.ToString());
if (hash == userProfile.Password)
{
hash = General.HashString(model.NewPassword + userProfile.Salt.ToString());
userProfile.Password = hash;
db.Entry(userProfile).State = EntityState.Modified;
db.SaveChanges();
return(RedirectToAction("Manage", new { Message = ManageMessageId.ChangePasswordSuccess }));
}
}
ModelState.AddModelError("", Resources.Global.Account_Login_LoginFailed);
}
return(View(model));
}
public async Task <IActionResult> UpdatePassword([FromBody] UserUpdatePasswordModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
return(Json(await _managerUserControl.UpdatePassword(model)));
}
public async Task <bool> UpdatePassword(UserUpdatePasswordModel model)
{
var currentUser = await _repositoryUser.Get(_userId);
if (!await _managerUser.CheckPasswordAsync(currentUser, model.Password))
{
_eAccessDenied("Incorrect password");
}
var result = await _managerUser.ChangePasswordAsync(currentUser, model.Password, model.NewPassword);
return(result.Succeeded);
}
public ActionResult UpdatePassword()
{
var user = _session.Load <User>(_executionContext.UserId);
if (user != null)
{
UserUpdatePasswordModel model = new UserUpdatePasswordModel()
{
Username = user.Username
};
return(View(model));
}
return(RedirectToAction("Index", "Home"));
}
public void TestUpdatePasswordAsync_OldPasswordNotEqual_ShouldThrowValidationException()
{
var websiteId = 1;
var userId = 1;
var userUpdatePasswordModel = new UserUpdatePasswordModel()
{
OldPassword = "******",
NewPassword = "******",
WebsiteId = 1
};
ValidationException ex = Assert.Throws <ValidationException>(() => userService.UpdatePassword(websiteId, userId, userUpdatePasswordModel).GetAwaiter().GetResult());
Assert.AreEqual(
Constants.MessageResponse.OldPasswordIncorrect,
ex.Message);
}
public IActionResult UpdatePassword([FromBody] UserUpdatePasswordModel model)
{
int.TryParse(HttpContext.User.Identity.Name, out var id);
int.TryParse(_config["security:pwdsize"], out var size);
var salt = PasswordService.GenerateSalt(size);
var user = _dataService.GetUserById(id);
var pwd = PasswordService.HashPassword(model.Password, salt, size);
var updated = _dataService.UpdatePassword(id, pwd, salt);
if (updated == false)
{
return(BadRequest());
}
return(Ok());
}
public void TestUpdatePasswordAsync_ValidInput_ShouldNewPasswordChanged()
{
var websiteId = 1;
var userId = 1;
var userUpdatePasswordModel = new UserUpdatePasswordModel()
{
OldPassword = "******",
NewPassword = "******",
WebsiteId = 1
};
Assert.DoesNotThrowAsync(() => userService.UpdatePassword(websiteId, userId, userUpdatePasswordModel));
var userUpdated = users.SingleOrDefault(x => x.Id == userId && x.WebsiteId == websiteId);
var isValid = Security.ValidatePassword(userUpdated.Email, userUpdatePasswordModel.NewPassword, userUpdated.Password);
Assert.IsTrue(isValid);
}
public void TestUpdatePasswordAsync_UserIdNotExisted_ShouldThrowNotFoundException()
{
var websiteId = 1;
var userId = 10;
var userUpdatePasswordModel = new UserUpdatePasswordModel()
{
OldPassword = "******",
NewPassword = "******",
WebsiteId = 1
};
NotFoundException ex = Assert.Throws <NotFoundException>(() => userService.UpdatePassword(websiteId, userId, userUpdatePasswordModel).GetAwaiter().GetResult());
Assert.AreEqual(
string.Format(
Constants.MessageResponse.NotFoundError, nameof(User), nameof(userUpdatePasswordModel.Id)),
ex.Message);
}
public ActionResult UpdatePassword(UserUpdatePasswordModel model)
{
var user = _session.Load <User>(_executionContext.UserId);
if (!Encryption.Verify(model.OldPassword, user.Password))
{
ModelState.AddModelError("OldPassword", "Incorrect original password");
return(View("UpdatePassword", model));
}
if (model.NewPassword != model.ConfirmNewPassword)
{
ModelState.AddModelError("ConfirmNewPassword", "New password confirmation incorrect");
return(View("UpdatePassword", model));
}
user.ChangePassword(Encryption.HashPassword(model.NewPassword));
return(RedirectToAction("Index", "Home"));
}
public async Task <IActionResult> UpdatePassword(UserUpdatePasswordModel userUpdatePasswordModel)
{
await userService.UpdatePassword(this.WebsiteId, this.UserId, userUpdatePasswordModel);
return(Ok(new ApiResponse <UserUpdatePasswordModel>()));
}
