public ValidationResult ValidateSecurityAnswerRequest(SecurityAnswerRequest request)
{
var validator = new SecurityAnswerCheckRequestValidator(_queries);
var result = validator.Validate(request);
return(result);
}
public SecurityAnswerRequest CreateSecurityAnswersRequest()
{
SecurityAnswerRequest request = new SecurityAnswerRequest
{
PasswordResetToken = "",
SecurityAnswer1 = "SecurityAnswer1",
SecurityAnswer2 = "SecurityAnswer2",
SecurityAnswer3 = "SecurityAnswer3"
};
return(request);
}
public ActionResult CheckSecurityAnswers(SecurityAnswerRequest request)
{
try
{
UserAccountManager _userAccountManager = new UserAccountManager(new MongoClient(MONGODB_CONNECTION_STRING));
return(_userAccountManager.CheckSecurityAnswers(request));
}
catch
{
return(new StatusCodeResult(StatusCodes.Status500InternalServerError));
}
}
public ValidationResult Validate(SecurityAnswerRequest request)
{
var data = Mapper.DynamicMap <SecurityAnswerRequest, SecurityAnswerData>(request);
var result = _validator.Validate(data);
return(new ValidationResult
{
Errors = result.Errors
.GroupBy(o => o.PropertyName)
.Select(o => o.First())
.ToDictionary(k => k.PropertyName, v => v.ErrorMessage)
});
}
public ActionResult CheckSecurityAnswers(SecurityAnswerRequest request)
{
// List of steps:
// Check if password reset is valid (exists in DB) [*]
// Check how many attempts are left on the token [*]
// Check creation time of token [*]
// Check if security answers are valid [*]
// Update the token (increment attempts, invalidate token if too many attempts etc) [*]
// Reset the password [*]
// Send an email notifying user []
PasswordResetToken token = _resetService.GetToken(request.PasswordResetToken);
if (token == null)
{
return(new BadRequestObjectResult("Invalid password reset link"));
}
if (token.Attempts >= 3)
{
return(new BadRequestObjectResult("Too many attempts have been attempted with this link, please create a new link."));
}
if (token.DateCreated.AddMinutes(10) > DateTime.UtcNow)
{
return(new BadRequestObjectResult("The password reset link has expired, please create a new link."));
}
var user = _userAccountService.ReadUserFromDBUsingId(token.UserId);
if (user.SecurityAnswer1 != request.SecurityAnswer1 ||
user.SecurityAnswer2 != request.SecurityAnswer2 ||
user.SecurityAnswer3 != request.SecurityAnswer3)
{
token.Attempts++;
_resetService.UpdateToken(token);
return(new BadRequestObjectResult("Security answer(s) are not correct"));
}
return(new OkObjectResult("Able to reset password"));
}
public async Task <SecurityAnswerCheckResponse> SecurityAnswerRequest(SecurityAnswerRequest request)
{
return(await _memberApiProxy.ConfirmSecurityAnswerRequestAsync(request));
}
public async Task <ValidationResult> ValidateSecurityAnswerRequest(SecurityAnswerRequest request)
{
return(await _memberApiProxy.ValidateSecurityAnswerRequestAsync(request));
}
public async Task <SecurityAnswerCheckResponse> ConfirmSecurityAnswerRequestAsync(SecurityAnswerRequest request)
{
var result = await HttpClient.SecurePostAsJsonAsync(Token, "api/Player/ConfirmSecurityAnswer", request);
return(await EnsureApiResult <SecurityAnswerCheckResponse>(result));
}
public async Task <ValidationResult> ValidateSecurityAnswerRequestAsync(SecurityAnswerRequest request)
{
var result = await HttpClient.SecurePostAsJsonAsync(Token, "api/Player/ValidateSecurityAnswerRequest", request);
return(await EnsureApiResult <ValidationResult>(result));
}
