public Candidate AuthenticateCandidate(string username, string password)
{
var user = _userReadRepository.Get(username, false);
if (user != null)
{
user.AssertState("Authenticate user", UserStatuses.Active, UserStatuses.PendingActivation, UserStatuses.Locked);
if (_authenticationService.AuthenticateUser(user.EntityId, password))
{
var candidate = _candidateReadRepository.Get(user.EntityId);
if (user.LoginIncorrectAttempts > 0)
{
user.SetStateActive();
_userWriteRepository.Save(user);
}
return(candidate);
}
RegisterFailedLogin(user);
}
return(null);
}
public void ResetForgottenPassword(string username, string passwordCode, string newPassword)
{
var user = _userReadRepository.Get(username);
var candidate = _candidateReadRepository.Get(user.EntityId);
if (user.PasswordResetCode != null && user.PasswordResetCode.Equals(passwordCode, StringComparison.CurrentCultureIgnoreCase))
{
if (user.PasswordResetCodeExpiry != null && DateTime.UtcNow > user.PasswordResetCodeExpiry)
{
throw new CustomException("Password reset code has expired.", Interfaces.Users.ErrorCodes.UserPasswordResetCodeExpiredError);
}
_authenticationService.ResetUserPassword(user.EntityId, newPassword);
user.SetStateActive();
user.LastLogin = DateTime.UtcNow;
_userWriteRepository.Save(user);
_serviceBus.PublishMessage(new CandidateUserUpdate(user.EntityId, CandidateUserUpdateType.Update));
_auditRepository.Audit(user, AuditEventTypes.UserResetPassword, user.EntityId);
SendPasswordResetConfirmationMessage(candidate);
}
else
{
RegisterFailedPasswordReset(user);
throw new CustomException("Password reset code \"{0}\" is invalid for user \"{1}\"", Interfaces.Users.ErrorCodes.UserPasswordResetCodeIsInvalid, passwordCode, username);
}
}
public Candidate AuthenticateCandidate(string username, string password)
{
var user = _userReadRepository.Get(username, false);
if (user != null)
{
user.AssertState("Authenticate user", UserStatuses.Active, UserStatuses.PendingActivation, UserStatuses.Locked, UserStatuses.Dormant);
if (_authenticationService.AuthenticateUser(user.EntityId, password))
{
var candidate = _candidateReadRepository.Get(user.EntityId);
if (user.LoginIncorrectAttempts > 0)
{
user.LoginIncorrectAttempts = 0;
}
if (user.Status == UserStatuses.Dormant)
{
user.Status = UserStatuses.Active;
}
user.LastLogin = DateTime.UtcNow;
_userWriteRepository.Save(user);
_serviceBus.PublishMessage(new CandidateUserUpdate(user.EntityId, CandidateUserUpdateType.Update));
return(candidate);
}
RegisterFailedLogin(user);
}
return(null);
}
public void UpdateUsername(Guid userId, string newUsername)
{
var user = _userReadRepository.Get(userId);
user.PendingUsername = newUsername;
user.PendingUsernameCode = _codeGenerator.GenerateAlphaNumeric();
_userWriteRepository.Save(user);
}
public void ResendActivationCode(string username)
{
var user = _userReadRepository.Get(username, false);
if (user == null)
{
throw new CustomException("Unknown username", UserErrorCodes.UnknownUserError);
}
user.AssertState("Resend activate code", UserStatuses.PendingActivation);
var candidate = _candidateReadRepository.Get(user.EntityId);
var currentDateTime = DateTime.Now;
var expiry = currentDateTime.AddDays(_activationCodeExpiryDays);
if (!string.IsNullOrEmpty(user.ActivationCode) && (user.ActivateCodeExpiry > currentDateTime))
{
// Reuse existing token and set new expiry date
user.PasswordResetCodeExpiry = expiry;
}
else
{
// generate new code and set expiry date
var activationCode = _codeGenerator.GenerateAlphaNumeric();
user.SetStatePendingActivation(activationCode, expiry);
}
_userWriteRepository.Save(user);
SendActivationCode(candidate, user.ActivationCode);
}
private User CreateAndSaveUserInMongoDb()
{
var user = CreateUser();
var actualUser = _userWriteRepository.Save(user);
return(actualUser);
}
public void SendPasswordResetCode(string username)
{
var user = _userReadRepository.Get(username, false);
if (user == null)
{
_logger.Info(string.Format("Cannot send password reset code, username not found: \"{0}\".", username));
return;
}
var candidate = _candidateReadRepository.Get(user.EntityId);
var currentDateTime = DateTime.Now;
var expiry = currentDateTime.AddDays(_passwordResetCodeExpiryDays);
string passwordResetCode;
if (!string.IsNullOrEmpty(user.PasswordResetCode) && (user.PasswordResetCodeExpiry > currentDateTime))
{
// Reuse existing token and set new expiry date
passwordResetCode = user.PasswordResetCode;
}
else
{
// generate new code and send
passwordResetCode = _codeGenerator.GenerateAlphaNumeric();
}
user.SetStatePasswordResetCode(passwordResetCode, expiry);
_userWriteRepository.Save(user);
// Send Password Reset Code
SendPasswordResetCodeViaCommunicationService(candidate, user.PasswordResetCode);
}
public void LockUser(User user)
{
// Create and set an unlock code, set code expiry, save user, send email containing unlock code.
var unlockCodeExpiryDays = _userAccountConfiguration.UnlockCodeExpiryDays;
var accountUnlockCode = _codeGenerator.GenerateAlphaNumeric();
var expiry = DateTime.UtcNow.AddDays(unlockCodeExpiryDays);
user.SetStateLocked(accountUnlockCode, expiry);
_userWriteRepository.Save(user);
}
private bool SetUserStatusPendingDeletion(User user)
{
_logService.Info("Setting User: {0} Status to PendingDeletion", user.EntityId);
_auditRepository.Audit(user, AuditEventTypes.UserSoftDelete, user.EntityId);
user.Status = UserStatuses.PendingDeletion;
_userWriteRepository.Save(user);
_serviceBus.PublishMessage(new CandidateUserUpdate(user.EntityId, CandidateUserUpdateType.Update));
_logService.Info("Set User: {0} Status to PendingDeletion", user.EntityId);
return(true);
}
public void Activate(string username, string activationCode)
{
var user = _userReadRepository.Get(username);
user.AssertState("Activate user", UserStatuses.PendingActivation);
if (!user.ActivationCode.Equals(activationCode, StringComparison.InvariantCultureIgnoreCase))
{
throw new CustomException("Invalid activation code \"{0}\" for user \"{1}\"", ErrorCodes.UserActivationCodeError, activationCode, username);
}
user.SetStateActive();
_userWriteRepository.Save(user);
}
public void Register(string username, Guid userId, string activationCode, UserRoles roles)
{
var user = _userReadRepository.Get(username, false);
if (user != null && !user.IsInState(UserStatuses.PendingActivation, UserStatuses.PendingDeletion))
{
throw new CustomException("Username already in use and is not in pending activation or deletion status", Domain.Entities.ErrorCodes.EntityStateError);
}
var newUser = new User
{
EntityId = userId,
Username = username,
Roles = roles
};
newUser.SetStatePendingActivation(activationCode, DateTime.UtcNow.AddDays(_activationCodeExpiryDays));
_userWriteRepository.Save(newUser);
}
public void Activate(Guid id, string activationCode)
{
var user = _userReadRepository.Get(id);
user.AssertState("Activate user", UserStatuses.PendingActivation);
if (!user.ActivationCode.Equals(activationCode, StringComparison.InvariantCultureIgnoreCase))
{
throw new CustomException("Invalid activation code \"{0}\" for user with id \"{1}\"", ErrorCodes.UserActivationCodeError, activationCode, id);
}
user.SetStateActive();
user.ActivationDate = DateTime.UtcNow;
user.LastLogin = DateTime.UtcNow;
_userWriteRepository.Save(user);
_serviceBus.PublishMessage(new CandidateUserUpdate(user.EntityId, CandidateUserUpdateType.Update));
_auditRepository.Audit(user, AuditEventTypes.UserActivatedAccount, user.EntityId);
}
public void UnlockAccount(string username, string accountUnlockCode)
{
var user = _userReadRepository.Get(username);
user.AssertState("Unlock user account", UserStatuses.Locked);
if (user.AccountUnlockCodeExpiry < DateTime.Now)
{
// NOTE: account unlock code has expired, send a new one.
_sendAccountUnlockCodeStrategy.SendAccountUnlockCode(username);
throw new CustomException("Account unlock code has expired, new account unlock code has been sent.",
ErrorCodes.AccountUnlockCodeExpired);
}
if (!user.AccountUnlockCode.Equals(accountUnlockCode, StringComparison.InvariantCultureIgnoreCase))
{
throw new CustomException("Account unlock code \"{0}\" is invalid for user \"{1}\"", ErrorCodes.AccountUnlockCodeInvalid, accountUnlockCode, username);
}
user.SetStateActive();
_userWriteRepository.Save(user);
}
protected void SetAccountDormant(User user, Candidate candidate, DateTime lastLogin)
{
_logService.Info("Setting User with Id: {0} to Dormant and disabling comms", user.EntityId);
var candidateUser = new
{
User = user,
Candidate = candidate
};
_auditRepository.Audit(candidateUser, AuditEventTypes.CandidateUserMakeDormant, user.EntityId);
if (!user.LastLogin.HasValue)
{
user.LastLogin = lastLogin;
}
user.Status = UserStatuses.Dormant;
_userWriteRepository.Save(user);
candidate.DisableAllOptionalCommunications();
_candidateWriteRepository.Save(candidate);
_logService.Info("Set User with Id: {0} to Dormant and disabled comms", user.EntityId);
}
