public async Task <IActionResult> ChangePasswordAsync([FromBody] ChangePasswordBindingModel collection)
{
Log.Debug($"ChangePassword => {JsonConvert.SerializeObject(collection)}");
try {
if (string.IsNullOrEmpty(collection?.Password) || string.IsNullOrEmpty(collection.NewPassword) || string.IsNullOrEmpty(collection.ConfirmPassword))
{
return(BadRequest(_localizer[DataTransferer.DefectivePassword().Message]));
}
if (collection.NewPassword != collection.ConfirmPassword)
{
return(BadRequest(_localizer[DataTransferer.PasswordsMissmatch().Message]));
}
var account = await _accountService.FirstAsync(new AccountGetFirstSchema {
Id = CurrentAccount.Id
}).ConfigureAwait(true);
if (account == null)
{
return(BadRequest(_localizer[DataTransferer.UserNotFound().Message]));
}
if (_cryptograph.IsEqual(collection.Password, account.Password))
{
await _accountService.UpdateAsync(new AccountUpdateSchema {
Id = account.Id.Value,
Password = _cryptograph.RNG(collection.NewPassword)
}).ConfigureAwait(false);
return(Ok(_localizer[DataTransferer.PasswordChanged().Message]));
}
else
{
return(Unauthorized(_localizer[DataTransferer.WrongPassword().Message]));
}
}
catch (Exception ex) {
Log.Error(ex, ex.Source);
return(Problem(_localizer[DataTransferer.SomethingWentWrong().Message]));
}
}
public async Task <IServiceResult> ExternalSigninAsync(ExternalUserBindingModel externalUser, AccountProfileResult accountProfile)
{
if (accountProfile == null && accountProfile.AccountId.HasValue)
{
return(DataTransferer.DefectiveEntry());
}
if (accountProfile.StatusId != Status.Active)
{
return(DataTransferer.UserIsNotActive());
}
var now = DateTime.UtcNow;
var accountQuery = new AccountGetFirstSchema {
Id = accountProfile.AccountId,
StatusId = Status.Active.ToInt()
};
var account = await FirstAsync(accountQuery);
if (account == null)
{
return(DataTransferer.UserNotFound());
}
// todo: check the account
using (var transaction = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled)) {
try {
var accountDeviceQuery = new AccountDeviceGetFirstSchema {
AccountId = account.Id,
DeviceId = externalUser.DeviceId
};
var accountDevice = await _accountDeviceService.FirstAsync(accountDeviceQuery);
if (accountDevice == null)
{
return(DataTransferer.DeviceIdNotFound());
}
int deviceId;
if (accountDevice != null)
{
deviceId = accountDevice.Id.Value;
// set a new token
await _accountDeviceService.UpdateAsync(new AccountDeviceUpdateSchema {
Id = accountDevice.Id.Value
});
}
else
{
// create new device for account
deviceId = await _accountDeviceService.AddAsync(new AccountDeviceAddSchema {
AccountId = account.Id,
DeviceId = externalUser.DeviceId,
DeviceName = externalUser.DeviceName,
DeviceType = externalUser.DeviceType,
CreatedAt = now,
StatusId = Status.Active.ToInt()
});
}
// clean forgot password tokens
//account.Id.Value, transaction
await _accountProfileService.CleanForgotPasswordTokensAsync(account.Id.Value);
//if(accountProfileCleanTokens.StatusCode != 200) {
// Log.Error($"Can't update 'ForgotPasswordTokens' to NULL for AccountId={account.Id}");
// return DataTransferer.SomethingWentWrong();
//}
// set last signed in at
var accountUpdate = new AccountUpdateSchema {
Id = account.Id.Value,
LastSignedinAt = now
};
await UpdateAsync(accountUpdate);
if (accountUpdate.StatusCode != 200)
{
Log.Error($"Can't update 'LastSignedinAt' after a successfully signing in for AccountId={account.Id}");
}
transaction.Complete();
var token = _jwtHandler.Bearer(new Account(account.Id.Value, deviceId, account.Username, now).ToClaimsIdentity());
return(DataTransferer.Ok(token));
}
catch (Exception ex) {
Log.Error(ex, ex.Source);
return(DataTransferer.InternalServerError(ex));
}
}
}
public async Task <IActionResult> ChangeForgotenPasswordAsync([FromBody] ChangeForgotenPasswordBindingModel collection)
{
Log.Debug($"ChangeForgotenPassword => {JsonConvert.SerializeObject(collection)}");
try {
if (string.IsNullOrEmpty(collection?.Username))
{
return(BadRequest(_localizer[DataTransferer.DefectiveEmailOrCellPhone().Message]));
}
collection.Username = collection.Username.Trim();
if (string.IsNullOrEmpty(collection.NewPassword) && string.IsNullOrEmpty(collection.ConfirmPassword))
{
return(BadRequest(_localizer[DataTransferer.DefectivePassword().Message]));
}
if (collection.NewPassword != collection.ConfirmPassword)
{
return(BadRequest(_localizer[DataTransferer.PasswordsMissmatch().Message]));
}
if (string.IsNullOrWhiteSpace(collection.Token))
{
return(BadRequest(_localizer[DataTransferer.UnofficialRequest().Message]));
}
var query = new AccountProfileGetFirstSchema {
LinkedId = collection.Username
};
if (collection.Username.IsPhoneNumber())
{
query.TypeId = AccountProfileType.Phone.ToInt();
}
else if (new EmailAddressAttribute().IsValid(collection.Username))
{
query.TypeId = AccountProfileType.Email.ToInt();
}
else
{
return(BadRequest(_localizer[DataTransferer.InvalidEmailOrCellPhone().Message]));
}
var accountProfile = await _accountProfileService.FirstAsync(query).ConfigureAwait(true);
if (accountProfile == null)
{
if (query.TypeId == AccountProfileType.Phone.ToInt())
{
return(BadRequest(_localizer[DataTransferer.PhoneNotFound().Message]));
}
if (query.TypeId == AccountProfileType.Email.ToInt())
{
return(BadRequest(_localizer[DataTransferer.EmailNotFound().Message]));
}
}
var cachedToken = _memoryCache.Get(collection.Username);
if (cachedToken == null)
{
return(BadRequest(_localizer[DataTransferer.ChangingPasswordWithoutToken().Message]));
}
var account = await _accountService.FirstAsync(new AccountGetFirstSchema {
Id = accountProfile.AccountId.Value
}).ConfigureAwait(true);
if (account == null)
{
return(BadRequest(_localizer[DataTransferer.UserNotFound().Message]));
}
if (collection.Token != cachedToken.ToString())
{
Log.Warning($"Account => {account}, AccountProfile => {accountProfile}, It tried to change its password with a wrong 'ForgotPasswordToken'");
return(BadRequest(_localizer[DataTransferer.ChangingPasswordWithWrongToken().Message]));
}
_memoryCache.Remove(collection.Username);
await _accountService.UpdateAsync(new AccountUpdateSchema {
Id = account.Id.Value,
Password = _cryptograph.RNG(collection.NewPassword)
}).ConfigureAwait(false);
return(Ok(_localizer[DataTransferer.PasswordChanged().Message]));
}
catch (Exception ex) {
Log.Error(ex, ex.Source);
return(Problem(_localizer[DataTransferer.SomethingWentWrong().Message]));
}
}
