public async Task <SetPasswordStatus> SetPasswordAsync(string uniqueIdentifier, string password)
{
var status = new SetPasswordStatus();
if (string.IsNullOrEmpty(uniqueIdentifier))
{
status.AddError(_localizer["Unique identifier is required."]);
return(status);
}
_logger.LogDebug("Setting password for {0}", uniqueIdentifier);
if (!PasswordIsStrongEnough(password))
{
status.AddError(_localizer["Password does not meet minimum strength requirements."]);
status.PasswordDoesNotMeetStrengthRequirements = true;
return(status);
}
var hash = _passwordHashService.HashPassword(password);
var removeStatus = await RemovePasswordAsync(uniqueIdentifier);
if (removeStatus.HasError)
{
status.AddError(_localizer["Failed to update old password."]);
return(status);
}
var addStatus = await _passwordHashStore.AddPasswordHashAsync(uniqueIdentifier, hash);
status.Add(addStatus);
return(status);
}
public async Task <SetPasswordResult> SetPasswordAsync(string uniqueIdentifier, string password)
{
if (!PasswordIsStrongEnough(password))
{
return(SetPasswordResult.PasswordDoesNotMeetStrengthRequirements);
}
var hash = _passwordHashService.HashPassword(password);
if (await RemovePasswordAsync(uniqueIdentifier) == RemovePasswordResult.ServiceFailure)
{
return(SetPasswordResult.ServiceFailure);
}
var result = await _passwordHashStore.AddPasswordHashAsync(uniqueIdentifier, hash);
return(result ? SetPasswordResult.Success : SetPasswordResult.ServiceFailure);
}
public async Task <ActionResult> Create(UserCreateViewModel model)
{
//Check for duplicates here
if (!ModelState.IsValid)
{
model.Roles = (await _roleService.GetAllAsync()).Select(r => new RoleViewModel()
{
Id = r.Id, Name = r.Name, IsSelected = model.Roles.Any(ur => ur.Id == r.Id)
}).ToList();
return(View(model));
}
var user = _mapper.Map <Model.DataModel.User>(model);
user.UserXRoles = new List <UserXRole>();
user.UserXRoles.AddRange(model.Roles.Where(sr => sr.IsSelected).Select(o => new UserXRole()
{
RoleId = o.Id, User = user
}));
user.Password = _passwordHashService.HashPassword(model.Password);
var result = await _userService.CreateAsync(user, User.UserId());
if (!result.Succeeded)
{
model.Roles = (await _roleService.GetAllAsync()).Select(r => new RoleViewModel()
{
Id = r.Id, Name = r.Name, IsSelected = model.Roles.Any(ur => ur.Id == r.Id)
}).ToList();
result.Errors.ForEach(e => ModelState.AddModelError("", e));
return(View(model));
}
return(RedirectToAction(nameof(Index)));
}
public async Task <GetOneTimeCodeResponse> GetOneTimeCodeAsync(string sendTo, TimeSpan validity, string redirectUrl = null)
{
var otc = await _oneTimeCodeStore.GetOneTimeCodeAsync(sendTo);
if (otc?.ExpiresUTC > DateTime.UtcNow.AddMinutes(2))
{
// if they locked the last code, they have to wait until it is almost expired
// if they didn't recieve the last code, unfortunately they still need to wait. We can't resent the code
// because it is hashed and we don't know what it is.
return(new GetOneTimeCodeResponse(GetOneTimeCodeResult.TooManyRequests));
}
var rngProvider = new RNGCryptoServiceProvider();
var byteArray = new byte[8];
rngProvider.GetBytes(byteArray);
var longCode = BitConverter.ToUInt64(byteArray, 0);
var longCodeString = longCode.ToString();
var longCodeHash = GetFastHash(longCodeString);
var shortCode = (longCode % 1000000).ToString("000000");
var shortCodeHash = _passwordHashService.HashPassword(shortCode); // a fast hash salted with longCodeHash might be a sufficient alternative
otc = new OneTimeCode()
{
SentTo = sendTo,
ShortCodeHash = shortCodeHash,
ExpiresUTC = DateTime.UtcNow.Add(validity),
LongCodeHash = longCodeHash,
RedirectUrl = redirectUrl,
FailedAttemptCount = 0,
};
await _oneTimeCodeStore.RemoveOneTimeCodeAsync(sendTo);
var codeSaved = await _oneTimeCodeStore.AddOneTimeCodeAsync(otc);
if (!codeSaved)
{
return(new GetOneTimeCodeResponse(GetOneTimeCodeResult.ServiceFailure));
}
return(new GetOneTimeCodeResponse(GetOneTimeCodeResult.Success)
{
ShortCode = shortCode,
LongCode = longCodeString
});
}
public string HashPassword(TUser user, string password)
{
return(_passwordHashService.HashPassword(password));
}