public async Task ExecuteAsync(UpdateUnauthenticatedUserPasswordCommand command, IExecutionContext executionContext) { if (IsLoggedInAlready(command, executionContext)) { throw new Exception("UpdateUnauthenticatedUserPasswordCommand cannot be used when the user is already logged in."); } await ValidateMaxLoginAttemptsNotExceeded(command, executionContext); var userArea = _userAreaRepository.GetByCode(command.UserAreaCode); var userLoginInfo = await GetUserLoginInfoAsync(command, executionContext); if (userLoginInfo == null) { var failedLoginLogCommand = new LogFailedLoginAttemptCommand(command.UserAreaCode, command.Username); await _commandExecutor.ExecuteAsync(failedLoginLogCommand); throw new InvalidCredentialsAuthenticationException(nameof(command.OldPassword)); } var updatePasswordCommand = new UpdateUserPasswordByUserIdCommand() { UserId = userLoginInfo.UserId, NewPassword = command.NewPassword }; // User is not logged in, so will need to elevate permissions here to change the password. var systemExecutionContext = await _executionContextFactory.CreateSystemUserExecutionContextAsync(executionContext); await _commandExecutor.ExecuteAsync(updatePasswordCommand, systemExecutionContext); // We pass out the userid since we do the auth inside the command and it might be useful to the callee command.OutputUserId = userLoginInfo.UserId; }
/// <summary> /// Logs a failed login attempt. A history of logins is used /// to prevent brute force login attacks. /// </summary> /// <param name="userAreaCode">The code of the user area attempting to be logged into.</param> /// <param name="username">The username attempting to be logged in with.</param> public void LogFailedLoginAttempt(string userAreaCode, string username) { var command = new LogFailedLoginAttemptCommand(userAreaCode, username); _commandExecutor.Execute(command); }
/// <summary> /// Logs a failed login attempt. A history of logins is used /// to prevent brute force login attacks. /// </summary> /// <param name="userAreaCode">The code of the user area attempting to be logged into.</param> /// <param name="username">The username attempting to be logged in with.</param> public async Task LogFailedLoginAttemptAsync(string userAreaCode, string username) { var command = new LogFailedLoginAttemptCommand(userAreaCode, username); await _commandExecutor.ExecuteAsync(command); }