Exemplo n.º 1
0
        public IWebSession ChangePassword(string oldPassword, string newPassword)
        {
            var userId = m_session.User.Id;

            oldPassword = oldPassword.Trim();
            newPassword = newPassword.Trim();

            if (oldPassword == newPassword)
            {
                return(null);
            }

            if (newPassword.Length < 6)
            {
                throw new InvalidOperationException("Heslo musí mít alespoň 6 znaků");
            }

            using (var tran = m_database.OpenTransaction())
            {
                var user = m_database.SelectFrom <IUser>().Where(i => i.Id == WebSession.User.Id).Execute().FirstOrDefault();
                if (user == null)
                {
                    return(null);
                }

                if (!WebSession.VerifyPassword(user.PasswordHash, oldPassword, user.UsesDefaultPassword))
                {
                    throw new InvalidOperationException("Staré heslo není platné");
                }

                user.PasswordHash        = PasswordHashHelper.Hash(newPassword);
                user.UsesDefaultPassword = false;

                m_database.Save(user);

                WebSession.Logout();
                WebSession.Login(user.EMail, newPassword);

                WebSession.Logout();

                tran.Commit();
            }

            m_repository.InvalidateUserCache(userId);

            return(WebSession);
        }
Exemplo n.º 2
0
        public IWebSession Login(string user, string password)
        {
            try
            {
                m_log.Info($"Login requested for user {user}");

                WebSession.Login(user, password);

                if (WebSession.User == null)
                {
                    m_log.Error($"Login failed for user {user}");
                    return(WebSession);
                }
            }
            catch (Exception ex)
            {
                m_log.Error($"Login failed for user {user}", ex);
                throw;
            }

            m_log.Info($"{user} successfully logged in");

            return(WebSession);
        }