/// <summary>
/// Updates user password and is validated by a reset token.
/// Throws InvalidTokenException if token is invalid.
/// </summary>
/// <param name="user"></param>
/// <param name="token"></param>
/// <param name="newPassword"></param>
public IdentityResult ChangePasswordWithToken(ApplicationUser user, string token, string newPassword)
{
User entity = DB.db.Users.FirstOrDefault(x => x.Id == user.UserId);
// check if token mathes and is not expired.
if (token != entity.ResetToken || entity.ResetTokenExpire < DateTime.Now)
{
return(new IdentityResult("Invalid token."));
}
// check if the password was already used.
List <string> previousPasswords = entity.PasswordHistories.Select(x => x.Password).ToList();
if (previousPasswords.Any(x => PasswordManager.ValidatePassword(newPassword, x)))
{
return(new IdentityResult("Cannot use previous password."));
}
entity.Password = PasswordManager.HashPassword(newPassword);
entity.PasswordHistories.Add(new PasswordHistory
{
Password = entity.Password,
CreateDate = DateTime.Now
});
entity.ResetToken = null;
entity.ResetTokenExpire = null;
DB.SaveChanges();
return(IdentityResult.Success);
}
/// <summary>
/// Finds user by username and password
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns></returns>
public override Task <ApplicationUser> FindAsync(string userName, string password)
{
ApplicationUser user = _store.FindUserByUsername(userName);
// if passwords dont match or user is not found then return null.
if (user == null || !PasswordManager.ValidatePassword(password, user.PasswordHash))
{
return(Task.FromResult <ApplicationUser>(null));
}
return(Task.Factory.StartNew(() => user));
}
/// <summary>
/// Updates user password but requires old password fo verification.
/// Throws InvalidPasswordException if old password verification is not valid.
/// </summary>
/// <param name="user"></param>
/// <param name="currentPassword"></param>
/// <param name="newPassword"></param>
public IdentityResult ChangePassword(ApplicationUser user, string currentPassword, string newPassword)
{
User entity = DB.db.Users.FirstOrDefault(x => x.Id == user.UserId);
if (!PasswordManager.ValidatePassword(currentPassword, entity.Password))
{
return(new IdentityResult("Inccorect current password"));
}
// check if the password was already used.
List <string> previousPasswords = entity.PasswordHistories.Select(x => x.Password).ToList();
if (previousPasswords.Any(x => PasswordManager.ValidatePassword(newPassword, x)))
{
return(new IdentityResult("Cannot use previous password."));
}
entity.Password = PasswordManager.HashPassword(newPassword);
DB.SaveChanges();
return(IdentityResult.Success);
}
