/// <summary>
/// Returns Both the answer and the QuestionID of the answer
/// </summary>
/// <param name="obj">UserName</param>
/// <returns>
/// Dictionary of Answers and thier corresponding QuestionIDs via LoginDTO
/// </returns>
public ResetPasswordResponseDTO GetSecurityQandAs(LoginDTO loginDTO)
{
var foundcredential = (from credential in db.Credentials
where credential.UserName == loginDTO.UserName
select credential).FirstOrDefault();
ResetPasswordResponseDTO response = new ResetPasswordResponseDTO();
if (foundcredential == null)
{
// fail response
response.isSuccessful = false;
}
else
{
var answers = db.SecurityAccounts.Where(a => a.UserID == foundcredential.UserID).ToList();
var answersDictionary = new Dictionary <int, string>();
foreach (var a in answers)
{
answersDictionary.Add(a.SecurityQuestionID, a.Answer);
}
// Creates the response
response.Answers = answersDictionary;
response.isSuccessful = true;
}
return(response);
}
public void InCorrectAnswers()
{
LoginDTO username = new LoginDTO()
{
UserName = "******"
};
ResetPasswordResponseDTO incommingAnswers = new ResetPasswordResponseDTO()
{
Answers = new Dictionary <int, string>()
{
{ 2, "asdf" },
{ 6, "Lakers" },
{ 9, "Huntington Beach" }
}
};
CheckAnswers correct = new CheckAnswers()
{
username = username,
incommingAnswers = incommingAnswers
};
var response = (ResetPasswordResponseDTO)correct.Execute().Result;
Assert.False(response.isSuccessful);
}
public IHttpActionResult GetQuestions([FromBody] UserCredential userCredentials)
{
ResetPasswordResponseDTO response = service.GetQuestions(userCredentials);
response.Messages = new List <string>();
if (response.isSuccessful == false)
{
response.Messages.Add("User not found");
return(Content(HttpStatusCode.NotFound, response.Messages));
}
response.Messages.Add("Success!");
return(Ok(response));
}
/// <summary>
/// checks answers
/// </summary>
/// <param name="incommingAnswers">incomming answers </param>
/// <param name="username">username</param>
/// <returns>true if answers are correct else false</returns>
public ResetPasswordResponseDTO CheckAnswers(ResetPasswordResponseDTO incommingAnswers, UserCredential username)
{
LoginDTO user = new LoginDTO()
{
UserName = username.Username
};
CheckAnswers checkAnswers = new CheckAnswers()
{
incommingAnswers = incommingAnswers,
username = user
};
return((ResetPasswordResponseDTO)checkAnswers.Execute().Result);
}
public IHttpActionResult GetAnswers([FromBody] IncommingAnswersDTO incommingAnswers)
{
ResetPasswordResponseDTO response = service.CheckAnswers(incommingAnswers.resetPasswordResponseDTO, incommingAnswers.userCredential);
response.Messages = new List <string>();
if (response.isSuccessful == false)
{
response.Messages.Add("Incorrect Answers");
return(Content(HttpStatusCode.Unauthorized, response));
}
response.Messages.Add("Success!");
return(Ok(response));
}
public IHttpActionResult SetPassword([FromBody] UserCredential usernewCredentials)
{
ResetPasswordResponseDTO response = service.ReplaceOldPassword(usernewCredentials);
//response.Messages = new List<string>();
if (response.isSuccessful == false)
{
if (response.Messages.Contains("Bad Password"))
{
return(Content(HttpStatusCode.Unauthorized, response));
}
return(Content(HttpStatusCode.NotFound, response));
}
return(Ok(response));
}
/// <summary>
/// Get questions for user
/// </summary>
/// <param name="loginDTO">user</param>
/// <returns>user's security questions</returns>
public ResetPasswordResponseDTO GetQuestions(UserCredential userCredential)
{
LoginDTO loginDTO = new LoginDTO()
{
UserName = userCredential.Username
};
ResetPasswordResponseDTO response = new ResetPasswordResponseDTO();
GetQuestions getQuestions = new GetQuestions()
{
loginDTO = loginDTO
};
response = (ResetPasswordResponseDTO)getQuestions.Execute().Result;
return(response);
}
public ResetPasswordResponseDTO SetNewPass(LoginDTO newCredentials)
{
var foundcredentials = (from credential in db.Credentials
where credential.UserName == newCredentials.UserName
select credential).FirstOrDefault();
var newSalt = (from salt in db.Salts
where salt.UserID == foundcredentials.UserID
select salt).FirstOrDefault();
ResetPasswordResponseDTO response = new ResetPasswordResponseDTO();
if (foundcredentials == null)
{
// faile response
response.isSuccessful = false;
}
else
{
using (var dbTransaction = db.Database.BeginTransaction())
{
try
{
foundcredentials.Password = newCredentials.Password;
newSalt.SaltValue = newCredentials.SaltValue;
db.SaveChanges();
dbTransaction.Commit();
// Creates the response
response.isSuccessful = true;
}
catch (SqlException)
{
response.isSuccessful = false;
response.Messages.Add("Your request could not be made. Please try again.");
}
catch (DataException)
{
response.isSuccessful = false;
response.Messages.Add("Your request could not be made. Please try again.");
}
}
}
return(response);
}
public async Task <IActionResult> ResetPassword(
[FromBody] ResetPasswordDTO resetPasswordDTO)
{
var errorResponse = new ResetPasswordResponseDTO
{
Errors = new string[] { "Reset Password Failed" }
};
if (!ModelState.IsValid)
{
return(BadRequest(errorResponse));
}
//finds the email of the users account
var user = await _userManager.FindByEmailAsync(resetPasswordDTO.Email);
if (user == null)
{
return(BadRequest(errorResponse));
}
var resetPassResult = await _userManager.ResetPasswordAsync(user,
resetPasswordDTO.Token, resetPasswordDTO.Password);
if (!resetPassResult.Succeeded)
{
var errors = resetPassResult.Errors.Select(e => e.Description);
return(BadRequest(new ResetPasswordResponseDTO {
Errors = errors
}));
}
await _userManager.SetLockoutEndDateAsync(user, null);
return(Ok(new ResetPasswordResponseDTO {
IsResetPasswordSuccessful = true
}));
}
/// <summary>
/// Set nw password for user
/// </summary>
/// <returns>return true if successful else false</returns>
public Outcome Execute()
{
var response = new Outcome();
var messages = new List <string>();
ResetPasswordResponseDTO validResponse = new ResetPasswordResponseDTO();
// Returns error if user credentials are null
if (incommingCredentials == null)
{
validResponse.isSuccessful = false;
messages.Add(AccountConstants.REGISTRATION_INVALID);
validResponse.Messages = messages;
response.Result = validResponse;
return(response);
}
var validator = new UserCredValidator();
var results = validator.Validate(incommingCredentials);
IList <ValidationFailure> failures = results.Errors;
// Returns any error messages if there was any when validating
if (failures.Any())
{
foreach (ValidationFailure failure in failures)
{
messages.Add(failure.ErrorMessage);
}
validResponse.isSuccessful = false;
validResponse.Messages = messages;
response.Result = validResponse;
return(response);
}
if (new BadPasswordService().BadPassword(incommingCredentials.Password) == true)
{
validResponse.isSuccessful = false;
messages.Add("Bad Password");
validResponse.Messages = messages;
response.Result = validResponse;
return(response);
}
HMAC256 hashPassword = new HMAC256();
string newSALT = hashPassword.GenerateSalt();
HashDTO hashDTO = new HashDTO()
{
Original = incommingCredentials.Password + newSALT
};
string newPassword = hashPassword.Hash(hashDTO);
LoginDTO newCredentials = new LoginDTO()
{
UserName = incommingCredentials.Username,
Password = newPassword,
SaltValue = newSALT
};
LoginGateway loginGateway = new LoginGateway();
response.Result = loginGateway.SetNewPass(newCredentials);
return(response);
}
