public bool ValidateUser(IUnitOfWork unitOfWork, string login, string password, bool allowEmptyPassword = false)
{
if (String.IsNullOrEmpty(login) || (!allowEmptyPassword && String.IsNullOrEmpty(password)))
return false;
var user = unitOfWork.GetRepository<User>().Find(u => u.Login.ToUpper() == login.ToUpper());
if (user == null) return false;
var passwordCryptographer = new PasswordCryptographer();
return passwordCryptographer.AreEqual(user.Password, password);
}
private void _ChangePassword(int id, string oldPass, string newPass, bool verifyOldPass)
{
#if !DEBUG
if (!AppContext.SecurityUser.IsAdmin && id != AppContext.SecurityUser.ID)
{
throw new Exception("Отказано в доступе");
}
#endif
using (var unitOfWork = _unitOfWorkFactory.CreateSystem())
{
var user = unitOfWork.GetRepository<User>().Find(u => u.ID == id);
if (user == null)
{
throw new Exception("Пользователь не найден");
}
var passwordCryptographer = new PasswordCryptographer();
if (verifyOldPass && !String.IsNullOrEmpty(user.Password))
{
if (!passwordCryptographer.AreEqual(user.Password, oldPass))
{
throw new Exception("Неверный текущий пароль");
}
}
string validationMessage = "";
if (newPass == null || !IsValidPassword(newPass, out validationMessage))
{
throw new Exception(validationMessage);
}
user.Password = passwordCryptographer.GenerateSaltedPassword(newPass);
user.ChangePasswordOnFirstLogon = false;
user.ChangePassword = DateTime.Today;
unitOfWork.GetRepository<User>().Update(user);
unitOfWork.SaveChanges();
}
}
