public void UpdatePassword(PasswordUpdateRequest model)
{
DataProvider.ExecuteNonQuery(GetConnection, "dbo.Credential_Update_Password", inputParamMapper : delegate(SqlParameterCollection paramCollection)
{
paramCollection.AddWithValue("@UserName", model.UserName);
paramCollection.AddWithValue("@Password", model.Password);
}, returnParameters: null
);
}
public void UpdatePassword(PasswordUpdateRequest model)
{
string hashedPassword = GenerateHashedPassword(model.Password);
string proc = "[dbo].[Users_Update_Password_Cycle]";
_dataProvider.ExecuteNonQuery(proc, delegate(SqlParameterCollection paramCol)
{
paramCol.AddWithValue("@token", model.Token);
paramCol.AddWithValue("@password", hashedPassword);
});
}
public HttpResponseMessage UpdatePassword(PasswordUpdateRequest model)
{
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
_credentialService.UpdatePassword(model);
SuccessResponse response = new SuccessResponse();
return(Request.CreateResponse(HttpStatusCode.OK, response));
}
public async Task <IHttpActionResult> UpdatePassword(PasswordUpdateRequest model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = await AppUserManager.FindByNameAsync(User.Identity.Name);
if (user == null)
{
return(BadRequest("Auth db corrupted"));
}
IdentityResult result = await AppUserManager.ChangePasswordAsync(user.Id, model.OldPassword, model.Password);
return(result.Succeeded ? Ok() : GetErrorResult(result));
}
public void UpdatePassword(PasswordUpdateRequest model)
{
string salt;
string passwordHash;
string password = model.Password;
salt = _cryptographyService.GenerateRandomString(RAND_LENGTH);
passwordHash = _cryptographyService.Hash(password, salt, HASH_ITERATION_COUNT);
this.DataProvider.ExecuteNonQuery(
"Users_UpdatePassword",
inputParamMapper : delegate(SqlParameterCollection paramCol)
{
paramCol.AddWithValue("@Id", model.Id);
paramCol.AddWithValue("@Salt", salt);
paramCol.AddWithValue("@Pass", passwordHash);
}
);
}
[Route("ResetPassword")] // Confirm Reset Password - Should be reaching here from email.
public async Task <IActionResult> ResetPassword(string username, string authCode)
{
ResultsItem pwResetAuthResult = await AuthorizationLogic.AuthorizeResetPassword(username, authCode);
if (pwResetAuthResult.IsSuccess)
{
PasswordUpdateRequest request = new PasswordUpdateRequest
{
Username = username,
EmailAuthCode = authCode,
AuthenticationHash = Utilities.GenerateHmacSHA256Hash($"{username}{authCode}_ptpwresetreq", "PTPWRESET")
};
TempData["ResetPasswordRequest"] = Utilities.Serialize(request);
return(View("ExecutePasswordReset", request));
}
return(Content(pwResetAuthResult.Message));
}
public ActionResult <SuccessResponse> UpdatePasswordAnon(PasswordUpdateRequest model)
{
int iCode = 200;
BaseResponse response;
try
{
_userService.UpdatePassword(model);
response = new SuccessResponse();
}
catch (Exception ex)
{
iCode = 500;
response = new ErrorResponse(ex.Message);
base.Logger.LogError(ex.ToString());
}
return(StatusCode(iCode, response));
}
public IHttpActionResult UpdatePassword(PasswordUpdateRequest request)
{
if (string.IsNullOrEmpty(UserContext.User?.Username))
{
return(Ok(new
{
success = false,
reasons = new string[] { NullUserKey }
}));
}
var result = AccountInfo.UpdatePassword(UserContext.User, request.CurrentPassword, request.NewPassword, false);
return(Ok(new
{
success = result.Success,
reasons = new string[] { GetPasswordResultKey(result) }
}));
}
public ActionResult <SuccessResponse> UpdatePassword(PasswordUpdateRequest model)
{
int iCode = 200;
BaseResponse response;
try
{
int userId = _authService.GetCurrentUserId();
_userService.UpdatePassword(model, userId);
response = new SuccessResponse();
}
catch (Exception ex)
{
iCode = 500;
response = new ErrorResponse(ex.Message);
}
return(StatusCode(iCode, response));
}
public HttpResponseMessage Put(PasswordUpdateRequest model)
{
try
{
if (ModelState.IsValid)
{
_userService.UpdatePassword(model);
SuccessResponse resp = new SuccessResponse();
return(Request.CreateResponse(HttpStatusCode.OK, resp));
}
else
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState));
}
}
catch (Exception ex)
{
log.Error(ex.Message, ex);
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
}
}
public async Task <JsonResult> ChooseNewResetPassword(PasswordUpdateRequest passRequest)
{
if (passRequest.NewPassword.Length < 8 || passRequest.NewPassword.Length > 30)
{
return(Json(ResultsItem.Error("Password changed failed: Password length must be from 8 - 30 characters.")));
}
if (passRequest.NewPassword != passRequest.ConfirmNewPassword)
{
return(Json(ResultsItem.Error("Passwords does not match.")));
}
PasswordUpdateRequest savedRequest = TempData["ResetPasswordRequest"] == null ? null : Utilities.Deserialize <PasswordUpdateRequest>(TempData["ResetPasswordRequest"].ToString());
if (savedRequest == null || string.IsNullOrEmpty(savedRequest.AuthenticationHash))
{
return(Json(ResultsItem.Error("Password reset form expired. Please request another password reset.")));
}
if (savedRequest.Username != passRequest.Username)
{
return(Json(ResultsItem.Error("Passwords does not match.")));
}
if (Utilities.GenerateHmacSHA256Hash($"{savedRequest.Username}{savedRequest.EmailAuthCode}_ptpwresetreq", "PTPWRESET") != passRequest.AuthenticationHash)
{
return(Json(ResultsItem.Error("Authentication failed.")));
}
// Change password
var pwChangeResult = await AuthorizationLogic.ChangePassword(passRequest.Username, passRequest.NewPassword);
if (!pwChangeResult.IsSuccess)
{
return(Json(pwChangeResult));
}
string successMessage = "Your password has been successfully reset. Please login again";
TempData["message"] = successMessage;
return(Json(ResultsItem.Success(successMessage)));
}
public HttpResponseMessage Update(PasswordUpdateRequest model)
{
try
{
if (ModelState.IsValid)
{
IUserAuthData currentUser = _principal.Identity.GetCurrentUser();
model.Id = currentUser.Id;
_userService.Update(model);
SuccessResponse resp = new SuccessResponse();
return(Request.CreateResponse(HttpStatusCode.OK, resp));
}
else
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState));
}
}
catch (Exception ex)
{
log.Error(ex.Message, ex);
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
}
}
