Exemplo n.º 1
0
        private async Task AssertMemberPasswordMatches(Guid?memberId, string password, string message)
        {
            if (memberId == null)
            {
                throw new OdkServiceException(message);
            }

            MemberPassword memberPassword = await _memberRepository.GetMemberPassword(memberId.Value);

            if (memberPassword == null)
            {
                throw new OdkServiceException(message);
            }

            if (string.IsNullOrWhiteSpace(memberPassword.Password))
            {
                message = "Please use the forgotten password feature to reset your password. " +
                          "The website has been moved to a new system. " +
                          "Your password is stored securely and could not be moved across with the rest of your data.";
                throw new OdkServiceException(message);
            }

            if (PasswordHasher.ComputeHash(password, memberPassword.Salt) != memberPassword.Password)
            {
                throw new OdkServiceException(message);
            }
        }
Exemplo n.º 2
0
 public async Task UpdateMemberPassword(MemberPassword password)
 {
     await Context
     .Update <MemberPassword>()
     .Set(x => x.Password, password.Password)
     .Set(x => x.Salt, password.Salt)
     .Where(x => x.MemberId).EqualTo(password.MemberId)
     .ExecuteAsync();
 }
        public IHttpActionResult ChangePassword(ChangePasswordRequest request)
        {
            var response = new ChangePasswordResponse();

            try
            {
                var isValidRequest = false;

                var memberId = request.GetMemberId();
                var member = MembershipAdapter.GetMember(memberId);

                if (request.IsValidModel())
                {
                    if (!request.PasswordsMatch())
                    {
                        request.AddError("Password", "Passwords do not match");
                    }
                }

                if (member.Authenticate(request.CurrentPassword))
                {
                    if (!request.HasErrors())
                    {
                        isValidRequest = true;
                    }
                }
                else
                {
                    request.AddError("Current password", "Current password is invalid");
                }

                if (isValidRequest)
                {
                    var memberPassword = new MemberPassword();

                    memberPassword.MemberId = member.Id;
                    memberPassword.InitializePassword(request.Password);

                    memberPassword = MembershipAdapter.UpdatePassword(memberPassword);

                    var email = new ChangePasswordEmail
                    {
                        DomainName = ConfigHelper.DomainName,
                        DomainBaseUrl = ConfigHelper.DomainBaseUrl,
                        Alias = member.Profile.Alias
                    };

                    var emailBuilder = new EmailBuilder(EmailReference.HTML.Templates.Main, EmailReference.HTML.Contents.ChangePassword);
                    var emailBody = emailBuilder.BuildBody<ChangePasswordEmail>(email);
                    var emailResult = EmailHelper.SendEmail(ConfigHelper.NoReplayEmailAddress,
                                                            ConfigHelper.DomainName,
                                                            member.Email,
                                                            member.Profile.Alias,
                                                            email.Subject,
                                                            emailBody,
                                                            true);

                    if (emailResult)
                    {
                        response.IsSuccessful = true;
                        response.StatusMessage = "Password update succeeded";
                    }
                }
                else
                {
                    response.IsSuccessful = false;
                    response.StatusMessage = "Password update was unsuccessful";
                    response.Errors.AddRange(request.GetErrors());
                }
            }
            catch (Exception ex)
            {
                request.CurrentPassword = string.Empty;
                request.Password = string.Empty;
                request.PasswordConfirm = string.Empty;

                this.Log<ChangePasswordRequest>(LogCategories.Error, request, ex.Message);

                response.IsSuccessful = false;
                response.StatusMessage = this.StatusMessageForExpection;
                response.Errors.Add(ex.Message);
            }

            return Ok(response);
        }
        public IHttpActionResult ResetPasswordToken(ResetPasswordRequest request)
        {
            var response = new SignInResponse();

            try
            {
                var isValidRequest = false;

                var memberId = request.GetMemberId();
                var member = MembershipAdapter.GetMember(request.Token);

                if (request.IsValidModel())
                {
                    if (!request.PasswordsMatch())
                    {
                        request.AddError("Password", "Passwords do not match");
                    }
                    else
                    {
                        if (member.Exists())
                        {
                            if (memberId == member.Id)
                            {
                                if (member.HasTokens())
                                {
                                    if (member.Tokens.ElementAt(0).IsValid(TokenTypes.PasswordReset))
                                    {
                                        isValidRequest = true;
                                    }
                                }
                            }
                        }
                    }
                }

                if (isValidRequest)
                {
                    var memberPassword = new MemberPassword();
                    memberPassword.MemberId = member.Id;
                    memberPassword.InitializePassword(request.Password);

                    MembershipAdapter.UpdatePassword(memberPassword);

                    var memberToken = new MemberToken
                    {
                        Token = member.Tokens.ElementAt(0).Token,
                        MemberId = member.Id,
                        TokenType = member.Tokens.ElementAt(0).TokenType,
                        ExpirationDate = member.Tokens.ElementAt(0).ExpirationDate,
                        ConfirmedDate = DateTime.Now.ToUniversalTime(),
                        RequestDate = member.Tokens.ElementAt(0).RequestDate
                    };

                    MembershipAdapter.UpdateToken(memberToken);

                    response.MemberId = member.Id.ToString();
                    response.Alias = member.Profile.Alias;
                    response.IsActive = member.IsActive;
                    response.IsAdmin = member.IsAdmin;

                    var email = new ResetPasswordEmail
                    {
                        DomainName = ConfigHelper.DomainName,
                        DomainBaseUrl = ConfigHelper.DomainBaseUrl,
                        Alias = member.Profile.Alias
                    };

                    var emailBuilder = new EmailBuilder(EmailReference.HTML.Templates.Main, EmailReference.HTML.Contents.ResetPassword);
                    var emailBody = emailBuilder.BuildBody<ResetPasswordEmail>(email);
                    var emailResult = EmailHelper.SendEmail(ConfigHelper.NoReplayEmailAddress,
                                                            ConfigHelper.DomainName,
                                                            member.Email,
                                                            member.Profile.Alias,
                                                            email.Subject,
                                                            emailBody,
                                                            true);

                    if (emailResult)
                    {
                        response.IsSuccessful = true;
                        response.StatusMessage = "Reset password succeeded";
                    }
                }
                else
                {
                    response.IsSuccessful = false;
                    response.StatusMessage = "Reset password was unsuccessful";
                    response.Errors.AddRange(request.GetErrors());
                }
            }
            catch (Exception ex)
            {
                request.Password = string.Empty;
                request.PasswordConfirm = string.Empty;

                this.Log<ResetPasswordRequest>(LogCategories.Error, request, ex.Message);

                response.IsSuccessful = false;
                response.StatusMessage = this.StatusMessageForExpection;
                response.Errors.Add(ex.Message);
            }

            return Ok(response);
        }
        public MemberPassword UpdatePassword(MemberPassword memberPassword)
        {
            using (context = new DomainContext())
            {
                var memberIdVariable = "@memberId";
                var saltValueVariable = "@saltValue";
                var passwordVariable = "@password";

                var command = string.Format("exec UpdatePassword {0}, {1}, {2}",
                                            memberIdVariable,
                                            saltValueVariable,
                                            passwordVariable);

                var memberId = new SqlParameter(memberIdVariable, memberPassword.MemberId);
                var saltValue = new SqlParameter(saltValueVariable, memberPassword.SaltValue);
                var password = new SqlParameter(passwordVariable, memberPassword.Password);

                context.Database.ExecuteSqlCommand(command, memberId, saltValue, password);
            }

            return memberPassword;
        }