/// <summary>
/// The GetSecurityQuestions method.
/// Gets security questions pertaining to a user which includes validations.
/// <para>
/// @author: Jennifer Nguyen
/// @updated: 04/25/2018
/// </para>
/// </summary>
/// <returns>A ResponseDto which includes the ResetPasswordDto</returns>
public ResponseDto <ResetPasswordDto> GetSecurityQuestions()
{
var resetPasswordPreLogicValidationStrategy = new ResetPasswordPreLogicValidationStrategy(_resetPasswordDto,
ResetPasswordValidationTypes.GetSecurityQuestionsValidation);
// Validate data transfer object
var result = resetPasswordPreLogicValidationStrategy.ExecuteStrategy();
if (result.Error != null)
{
return(new ResponseDto <ResetPasswordDto>
{
Data = null,
Error = result.Error
});
}
// Instantiatiate new Collection of SecurityQuestionDtos in ResetPasswordDto
_resetPasswordDto.SecurityQuestionDtos = new Collection <SecurityQuestionDto>();
// Get the security questions from the database
using (var userGateway = new UserGateway())
{
var gatewayResult = userGateway.GetSecurityQuestions(_resetPasswordDto.Username);
if (gatewayResult.Error != null)
{
return(new ResponseDto <ResetPasswordDto>()
{
Data = null,
Error = GeneralErrorMessages.GENERAL_ERROR
});
}
// Add SecurityQuestion to a list of SecurityQuestionDtos
foreach (var securityQuestion in gatewayResult.Data)
{
var securityQuestionDto = new SecurityQuestionDto(securityQuestion.Question);
_resetPasswordDto.SecurityQuestionDtos.Add(securityQuestionDto);
}
}
return(new ResponseDto <ResetPasswordDto>()
{
Data = _resetPasswordDto
});
}
/// <summary>
/// The ConfirmSecurityQuestionAnswers method.
/// Confirms security answers pertaining to the security questions of a user.
/// <para>
/// @author: Jennifer Nguyen
/// @updated: 04/25/2018
/// </para>
/// </summary>
/// <returns>A ResponseDto which includes the ResetPasswordDto</returns>
public ResponseDto <ResetPasswordDto> ConfirmSecurityQuestionAnswers()
{
var resetPasswordPreLogicValidationStrategy = new ResetPasswordPreLogicValidationStrategy(_resetPasswordDto,
ResetPasswordValidationTypes.ConfirmSecurityQuestionAnswersValidation);
var payloadHasher = new PayloadHasher();
// Validate data transfer object
var result = resetPasswordPreLogicValidationStrategy.ExecuteStrategy();
if (result.Error != null)
{
return(new ResponseDto <ResetPasswordDto>
{
Data = null,
Error = result.Error
});
}
IList <SecurityQuestionWithSaltDto> securityQuestionWithSalts;
// Get security questions and security answer hashes
using (var userGateway = new UserGateway())
{
// Get list of SecurityQuestionWithSalt
var securityAnswerSaltsResult = userGateway.GetSecurityQuestionWithSalt(_resetPasswordDto.Username);
if (securityAnswerSaltsResult.Error != null)
{
return(new ResponseDto <ResetPasswordDto>()
{
Data = null,
Error = GeneralErrorMessages.GENERAL_ERROR
});
}
securityQuestionWithSalts = securityAnswerSaltsResult.Data;
}
foreach (var securityQuestionWithSalt in securityQuestionWithSalts)
{
foreach (var securityQuestion in _resetPasswordDto.SecurityQuestionDtos)
{
// Hash the security answers in data transfer object
if (securityQuestionWithSalt.Question == securityQuestion.Question &&
securityQuestionWithSalt.Answer != securityQuestion.Answer)
{
securityQuestion.Answer = payloadHasher.Sha256HashWithSalt(salt: securityQuestionWithSalt.Salt,
payload: securityQuestion.Answer);
// Confirm security answers match
if (securityQuestionWithSalt.Answer != securityQuestion.Answer)
{
return(new ResponseDto <ResetPasswordDto>()
{
Data = null,
Error = ResetPasswordErrorMessages.SECURITY_QUESTIONS_AND_ANSWERS_NO_MATCH
});
}
}
}
}
return(new ResponseDto <ResetPasswordDto>()
{
Data = _resetPasswordDto
});
}
public ResponseDto <ResetPasswordDto> SsoUpdatePassword()
{
var resetPasswordPreLogicValidationStrategy = new ResetPasswordPreLogicValidationStrategy(_resetPasswordDto,
ResetPasswordValidationTypes.UpdatePasswordValidation);
var saltGenerator = new SaltGenerator();
var payloadHasher = new PayloadHasher();
UserAccount userAccount;
// Validate data transfer object
var result = resetPasswordPreLogicValidationStrategy.ExecuteStrategy();
if (result.Error != null)
{
return(new ResponseDto <ResetPasswordDto>
{
Data = null,
Error = result.Error
});
}
// Get the existing UserAccount model associated with the username
using (var userGateway = new UserGateway())
{
var gatewayResult = userGateway.GetUserByUsername(_resetPasswordDto.Username);
if (gatewayResult.Error != null)
{
return(new ResponseDto <ResetPasswordDto>()
{
Data = null,
Error = GeneralErrorMessages.GENERAL_ERROR
});
}
userAccount = gatewayResult.Data;
}
// Set the new password to the UserAccount model
userAccount.Password = _resetPasswordDto.Password;
// Hash password
var passwordSalt = new PasswordSalt(saltGenerator.GenerateSalt(128));
userAccount.Password = payloadHasher.Sha256HashWithSalt(passwordSalt.Salt, userAccount.Password);
// Update the password in the database
using (var userGateway = new UserGateway())
{
var gatewayResult = userGateway.UpdatePassword(userAccount, passwordSalt);
if (gatewayResult.Error != null)
{
return(new ResponseDto <ResetPasswordDto>()
{
Data = null,
Error = GeneralErrorMessages.GENERAL_ERROR
});
}
}
return(new ResponseDto <ResetPasswordDto>()
{
Data = _resetPasswordDto
});
}
