public async Task <IActionResult> SetPassword([FromBody] SetPasswordInputModel model)
{
if (ModelState.IsValid)
{
if (!ApplicationIdIsNullOrValid(model.ApplicationId))
{
return((new ActionResponse("Invalid application id", HttpStatusCode.BadRequest)).ToJsonResult());
}
var getUserResponse = await _userOrchestrator.GetUserAsync();
if (getUserResponse.HasError)
{
return(getUserResponse.Status.ToJsonResult());
}
var user = getUserResponse.Result;
if (!string.IsNullOrEmpty(model.OldPassword))
{
var scheckStatus = await _passwordService.CheckPasswordAsync(user.SubjectId, model.OldPassword, PasswordLockMode.TrustedClient);
if (scheckStatus.HasError)
{
return(Unauthenticated("Old password was incorrect, locked, or missing."));
}
}
else if (!UserSignedInRecentlyEnoughToChangeSecuritySettings())
{
return(Unauthenticated("Please reauthenticate to proceed."));
}
var status = await _passwordService.SetPasswordAsync(user.SubjectId, model.NewPassword);
if (status.IsOk)
{
await _eventNotificationService.NotifyEventAsync(user.Email, EventType.SetPassword);
await _messageService.SendPasswordChangedNoticeAsync(model.ApplicationId, user.Email);
return(Ok());
}
if (status.PasswordDoesNotMeetStrengthRequirements)
{
ModelState.AddModelError("NewPassword", "Password does not meet minimum password strength requirements (try something longer).");
}
else
{
ModelState.AddModelError("", "Something went wrong.");
}
}
return(new ActionResponse(ModelState).ToJsonResult());
}
public async Task <ActionResponse> AuthenticatePasswordAsync(AuthenticatePasswordInputModel model)
{
var user = await _userStore.GetUserByEmailAsync(model.Username); //todo: handle non-email addresses
if (user == null)
{
return(Unauthenticated("The email address or password wasn't right"));
}
else
{
var checkPasswordResult = await _passwordService.CheckPasswordAsync(user.SubjectId, model.Password);
switch (checkPasswordResult)
{
case CheckPasswordResult.NotFound:
case CheckPasswordResult.PasswordIncorrect:
return(Unauthenticated("The email address or password wasn't right"));
case CheckPasswordResult.TemporarilyLocked:
return(Unauthenticated("Your password is temporarily locked. Use a one time code to sign in."));
case CheckPasswordResult.Success:
return(Redirect(ValidatedNextUrl(model.NextUrl)));
case CheckPasswordResult.ServiceFailure:
default:
return(ServerError("Hmm. Something went wrong. Please try again."));
}
}
}
public async Task <WebStatus> AuthenticatePasswordAsync(AuthenticatePasswordInputModel model)
{
_logger.LogDebug("Begin password authentication for {0}", model.Username);
var genericErrorMessage = _localizer["The username or password wasn't right."];
var userResponse = await _userStore.GetUserByUsernameAsync(model.Username);
if (userResponse.HasError)
{
await _eventNotificationService.NotifyEventAsync(model.Username, EventType.AccountNotFound, nameof(AuthenticatePasswordAsync));
_logger.LogDebug("User not found: {0}", model.Username);
return(Unauthenticated(genericErrorMessage));
}
var user = userResponse.Result;
var trustedBrowserResponse = await _trustedBrowserStore.GetTrustedBrowserAsync(user.SubjectId, _httpContext.Request.GetBrowserId());
var passwordLockMode = trustedBrowserResponse.IsOk ? PasswordLockMode.TrustedClient : PasswordLockMode.UntrustedClient;
var checkPasswordStatus = await _passwordService.CheckPasswordAsync(user.SubjectId, model.Password, passwordLockMode);
_logger.LogDebug(checkPasswordStatus.Text);
if (checkPasswordStatus.IsOk)
{
await _eventNotificationService.NotifyEventAsync(user.Email, EventType.SignInSuccess, SignInType.Password.ToString());
return(await SignInAndRedirectAsync(SignInMethod.Password, model.Username, model.StaySignedIn, model.NextUrl, null));
}
switch (checkPasswordStatus.StatusCode)
{
case CheckPasswordStatusCode.TemporarilyLocked:
return(Unauthenticated(_localizer["Your password is temporarily locked. Use a one time code to sign in."]));
case CheckPasswordStatusCode.PasswordIncorrect:
case CheckPasswordStatusCode.NotFound:
await _eventNotificationService.NotifyEventAsync(user.Email, EventType.SignInFail, $"{SignInType.Password} {checkPasswordStatus.StatusCode}");
return(Unauthenticated(genericErrorMessage));
default:
return(ServerError(_localizer["Hmm. Something went wrong. Please try again."]));
}
}