private static void ChangePasswordInternal(User user, string newPassword)
{
var hashedPassword = Crypto.GenerateSaltedHash(newPassword, Constants.PBKDF2HashAlgorithmId);
user.PasswordHashAlgorithm = Constants.PBKDF2HashAlgorithmId;
user.HashedPassword = hashedPassword;
}
public virtual User Create(
string username,
string password,
string emailAddress)
{
// TODO: validate input
// TODO: consider encrypting email address with a public key, and having the background process that send messages have the private key to decrypt
var existingUser = FindByUsername(username);
if (existingUser != null)
{
throw new EntityException(Strings.UsernameNotAvailable, username);
}
var existingUsers = FindAllByEmailAddress(emailAddress);
if (existingUsers.AnySafe())
{
throw new EntityException(Strings.EmailAddressBeingUsed, emailAddress);
}
var hashedPassword = Crypto.GenerateSaltedHash(password, Constants.PBKDF2HashAlgorithmId);
var apiKey = Guid.NewGuid();
var newUser = new User(username)
{
ApiKey = apiKey,
EmailAllowed = true,
UnconfirmedEmailAddress = emailAddress,
EmailConfirmationToken = Crypto.GenerateToken(),
HashedPassword = hashedPassword,
PasswordHashAlgorithm = Constants.PBKDF2HashAlgorithmId,
CreatedUtc = DateTime.UtcNow,
Roles = new List <Role> {
RoleRepository.GetEntity(2)
}
};
// Add a credential for the password and the API Key
newUser.Credentials.Add(CredentialBuilder.CreateV1ApiKey(apiKey));
newUser.Credentials.Add(new Credential(CredentialTypes.Password.Pbkdf2, newUser.HashedPassword));
if (!Config.ConfirmEmailAddresses)
{
newUser.ConfirmEmailAddress();
}
newUser.Roles.Add(RoleRepository.GetEntity(2));
UserRepository.InsertOnCommit(newUser);
UserRepository.CommitChanges();
return(newUser);
}
public virtual User Create(
string username,
string password,
string emailAddress)
{
// TODO: validate input
// TODO: consider encrypting email address with a public key, and having the background process that send messages have the private key to decrypt
var existingUser = FindByUsername(username);
if (existingUser != null)
{
throw new EntityException(Strings.UsernameNotAvailable, username);
}
existingUser = FindByEmailAddress(emailAddress);
if (existingUser != null)
{
throw new EntityException(Strings.EmailAddressBeingUsed, emailAddress);
}
var hashedPassword = Crypto.GenerateSaltedHash(password, Constants.PBKDF2HashAlgorithmId);
var newUser = new User(
username,
hashedPassword)
{
ApiKey = Guid.NewGuid(),
EmailAllowed = true,
UnconfirmedEmailAddress = emailAddress,
EmailConfirmationToken = Crypto.GenerateToken(),
PasswordHashAlgorithm = Constants.PBKDF2HashAlgorithmId,
CreatedUtc = DateTime.UtcNow
};
if (!Config.ConfirmEmailAddresses)
{
newUser.ConfirmEmailAddress();
}
UserRepository.InsertOnCommit(newUser);
UserRepository.CommitChanges();
return(newUser);
}
