public async Task <CredentialsValidationResponse> ValidateCredentialsAsync(
[FromBody] CredentialsValidationRequest request)
{
var credentials = await _customerCredentialsService.GetAsync(request.Login);
if (credentials == null)
{
_log.Info("Login not found", request.Login.SanitizeEmail());
return(new CredentialsValidationResponse {
Error = CredentialsError.LoginNotFound
});
}
var isValid = _customerCredentialsService.Validate(credentials, request.Password);
if (isValid)
{
return new CredentialsValidationResponse {
CustomerId = credentials.CustomerId
}
}
;
return(new CredentialsValidationResponse {
Error = CredentialsError.PasswordMismatch
});
}
public async Task <PasswordResetErrorCodes> PasswordResetAsync(string customerEmail, string identifier,
string newPassword)
{
var credentials = await _customerCredentialsService.GetAsync(customerEmail);
if (credentials == null)
{
_log.Info("Customer credentials do not exist", customerEmail.SanitizeEmail());
return(PasswordResetErrorCodes.CustomerDoesNotExist);
}
var activeIdentifier = await _passwordResetRepository.GetIdentifierAsync(credentials.CustomerId);
if (activeIdentifier == null)
{
return(PasswordResetErrorCodes.ThereIsNoIdentifierForThisCustomer);
}
if (activeIdentifier.ExpiresAt < DateTime.UtcNow)
{
return(PasswordResetErrorCodes.ProvidedIdentifierHasExpired);
}
if (activeIdentifier.Identifier != identifier)
{
return(PasswordResetErrorCodes.IdentifierMismatch);
}
var updateTask = _customerCredentialsService.UpdatePasswordAsync(customerEmail, newPassword);
var cleanUpTask = ClearAllCallRecordsAsync(credentials.CustomerId);
await Task.WhenAll(updateTask, cleanUpTask);
await _passwordResetRepository.RemoveAsync(credentials.CustomerId);
_log.Info($"Successfully reset the password for {credentials.CustomerId}");
return(PasswordResetErrorCodes.None);
}