public void UpdateCustomerPassword(string username, string oldPassword, string newPassword)
{
Customer customer = AuthoriseRequest();
if (customer.CustomerUsername == username)
{
if (PasswordHash.Hash(oldPassword, customer.Salt) != customer.CustomerPassword)
{
throw new ApplicationException("The existing password did not match when attempting a password update.");
}
else
{
logger.Debug("Updating customer password for " + customer.CustomerUsername);
//customer.CustomerPassword = newPassword;
// Hash the password.
string salt = PasswordHash.GenerateSalt();
customer.CustomerPassword = PasswordHash.Hash(newPassword, salt);
customer.Salt = salt;
CRMCustomerPersistor.Update(customer);
}
}
else
{
throw new ApplicationException("You are not authorised to update customer password for username " + username + ".");
}
}
public void UpdateCustomer(Customer updatedCustomer)
{
Customer customer = AuthoriseRequest();
if (customer.CustomerUsername == updatedCustomer.CustomerUsername)
{
logger.Debug("Updating customer details for " + customer.CustomerUsername);
customer.FirstName = updatedCustomer.FirstName;
customer.LastName = updatedCustomer.LastName;
customer.EmailAddress = updatedCustomer.EmailAddress;
customer.SecurityQuestion = updatedCustomer.SecurityQuestion;
customer.SecurityAnswer = updatedCustomer.SecurityAnswer;
customer.City = updatedCustomer.City;
customer.Country = updatedCustomer.Country;
customer.WebSite = updatedCustomer.WebSite;
customer.TimeZone = updatedCustomer.TimeZone;
string validationError = Customer.ValidateAndClean(customer);
if (validationError != null)
{
throw new ApplicationException(validationError);
}
CRMCustomerPersistor.Update(customer);
}
else
{
throw new ApplicationException("You are not authorised to update customer for username " + updatedCustomer.CustomerUsername + ".");
}
}
