public HttpResponseMessage ChangeUserPassword([FromBody] UserDetail userdeatil)
{
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.ExpectationFailed);
try
{
using (EverestPortalContext context = new EverestPortalContext())
{
var user = context.Users.FirstOrDefault <Models.Security.User>(x => x.UserID == userdeatil.UserID);
if (user != null)
{
AuthController authController = new AuthController();
var oldPasswordHashed = authController.GenerateHashedPassword(userdeatil.OldPassword);
if (user.Password != oldPasswordHashed)
{
response = Request.CreateResponse(HttpStatusCode.OK, new { isSuccess = false, message = "The old password is incorrect." });
}
else
{
var passwordHashed = authController.GenerateHashedPassword(userdeatil.Password);
var passwordHistoryExist = context.PasswordHistories.Where(x => x.UserID.Equals(user.UserID))
.OrderByDescending(x => x.CreatedDate).Take(12).FirstOrDefault(x => x.Password == passwordHashed);
if (passwordHistoryExist != null || user.Password == passwordHashed)
{
response = Request.CreateResponse(HttpStatusCode.OK, new { isSuccess = false, message = " You cannot reuse one of your last 13 passwords" });
}
else
{
context.PasswordHistories.Add(
new Models.Security.PasswordHistory
{
UserID = user.UserID,
Password = passwordHashed,
CreatedDate = DateTime.Now
});
user.Password = passwordHashed;
user.FailedPasswordAttempt = 0;
user.IsPasswordVerified = true;
user.PasswordCreatedDate = DateTime.Now;
context.SaveChanges();
response = Request.CreateResponse(HttpStatusCode.OK, new { isSuccess = true, message = "" });
}
}
}
}
}
catch (Exception ex)
{
}
return(response);
}
public DataTable LoginInfo(string userName, string pwd)
{
AuthController authController = new AuthController();
pwd = authController.GenerateHashedPassword(pwd);
int passwordExpirationAge = 90;
if (ConfigurationManager.AppSettings["PasswordExpirationAge"] != null)
{
passwordExpirationAge = Convert.ToInt32(ConfigurationManager.AppSettings["PasswordExpirationAge"]);
}
DataTable dataTable = new DataTable();
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings[ConnectionString].ConnectionString))
{
conn.Open();
using (SqlCommand cmd = new SqlCommand("[dbo].CheckUserLogin", conn))
{
cmd.Parameters.Add(new SqlParameter("@userName", SqlDbType.VarChar));
cmd.Parameters.Add(new SqlParameter("@pwd", SqlDbType.VarChar));
cmd.Parameters.Add(new SqlParameter("@pwdAgeForNewPwd", SqlDbType.Int));
cmd.Parameters.Add(new SqlParameter("@pwdAgeForRegularPwd", SqlDbType.Int));
cmd.Parameters["@userName"].Value = userName;
cmd.Parameters["@pwd"].Value = pwd;
cmd.Parameters["@pwdAgeForNewPwd"].Value = 1;
cmd.Parameters["@pwdAgeForRegularPwd"].Value = passwordExpirationAge;
cmd.CommandType = CommandType.StoredProcedure;
SqlDataReader dataReader = cmd.ExecuteReader();
dataTable.Load(dataReader);
}
}
return(dataTable);
}
public HttpResponseMessage ChangePasswordByResetToken([FromBody] UserDetail userdeatil)
{
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.ExpectationFailed);
try
{
using (EverestPortalContext context = new EverestPortalContext())
{
var result = context.ResetTokens.FirstOrDefault(x => x.Token == userdeatil.Token);
if (result != null && result.user != null)
{
//if (result.ExpiryDate >= DateTime.Now && result.user.IsPasswordVerified)
if (result.ExpiryDate >= DateTime.Now)
{
AuthController authController = new AuthController();
var passwordHashed = authController.GenerateHashedPassword(userdeatil.Password);
var passwordHistoryExist = context.PasswordHistories.Where(x => x.UserID.Equals(result.user.UserID))
.OrderByDescending(x => x.CreatedDate).Take(12).FirstOrDefault(x => x.Password == passwordHashed);
if (passwordHistoryExist != null || result.user.Password == passwordHashed)
{
response = Request.CreateResponse(HttpStatusCode.OK, new { isSuccess = false, message = " You cannot reuse one of your last 13 passwords" });
}
else
{
context.PasswordHistories.Add(
new Models.Security.PasswordHistory
{
UserID = result.user.UserID,
Password = passwordHashed,
CreatedDate = DateTime.Now
});
result.user.Password = passwordHashed;
result.user.FailedPasswordAttempt = 0;
result.user.IsPasswordVerified = true;
result.user.PasswordCreatedDate = DateTime.Now;
result.ExpiryDate = DateTime.Now;
context.SaveChanges();
response = Request.CreateResponse(HttpStatusCode.OK, new { isSuccess = true, message = "" });
}
}
else if (result.ExpiryDate < DateTime.Now)
{
response = Request.CreateResponse(HttpStatusCode.OK, new { isSuccess = false, message = "Your password reset link has been expired." });
}
else
{
response = Request.CreateResponse(HttpStatusCode.OK, new { isSuccess = false, message = "Your account has not yet been verified. Please contact support." });
}
}
else
{
response = Request.CreateResponse(HttpStatusCode.OK, new { isSuccess = false, message = "User inactive or email address invalid." });
}
}
}
catch (Exception ex)
{
}
return(response);
}