public SecureHash ResetPassword(long userLoginId, string password, bool userVerified = true)
{
using (IDataAccessAdapter myAdapter = PersistenceLayer.GetDataAccessAdapter())
{
var userLoginEntity = new UserLoginEntity(userLoginId);
if (myAdapter.FetchEntity(userLoginEntity))
{
userLoginEntity.IsNew = false;
var securehash = _oneWayHashingService.CreateHash(password);
userLoginEntity.Password = securehash.HashedText;
userLoginEntity.Salt = securehash.Salt;
userLoginEntity.UserVerified = userVerified;
userLoginEntity.LastPasswordChangeDate = DateTime.Now;
if (userVerified)
{
userLoginEntity.ResetPwdQueryString = null;
}
myAdapter.SaveEntity(userLoginEntity, true);
return(securehash);
}
return(null);
}
}
public UserLoginEntity CreateUserLoginEntity(UserLogin userLogin, long userId)
{
if (userLogin == null)
{
throw new ArgumentNullException("userLogin");
}
string password = string.Empty;
string salt = string.Empty;
if (userId == 0 && !string.IsNullOrEmpty(userLogin.Password) && string.IsNullOrEmpty(userLogin.Salt))
{
var secureHash = _oneWayHashingService.CreateHash(userLogin.Password);
password = secureHash.HashedText;
salt = secureHash.Salt;
}
else
{
if (!string.IsNullOrEmpty(userLogin.Password) && string.IsNullOrEmpty(userLogin.Salt))
{
var secureHash = _oneWayHashingService.CreateHash(userLogin.Password);
password = secureHash.HashedText;
salt = secureHash.Salt;
}
else
{
password = userLogin.Password;
salt = userLogin.Salt;
}
}
return(new UserLoginEntity(userLogin.Id == 0 ? userId : userLogin.Id)
{
UserName = userLogin.UserName,
Password = password,
Salt = salt,
IsActive = true,
DateCreated =
userLogin.DateCreated != DateTime.MinValue ? userLogin.DateCreated : DateTime.Now,
DateModified = DateTime.Now,
IsLocked = userLogin.Locked,
LoginAttempts = userLogin.FailedAttempts,
UserVerified = userLogin.UserVerified,
HintAnswer = !string.IsNullOrEmpty(userLogin.HintAnswer) ? _cryptographyService.Encrypt(userLogin.HintAnswer) : userLogin.HintAnswer,
HintQuestion = userLogin.HintQuestion,
IsSecurityQuestionVerified = userLogin.IsSecurityQuestionVerified,
IsNew = userLogin.Id == 0,
LastPasswordChangeDate = userLogin.LastPasswordChangeDate != DateTime.MinValue ? userLogin.LastPasswordChangeDate : DateTime.Now,
IsTwoFactorAuthrequired = userLogin.IsTwoFactorAuthrequired
});
}
public void SaveProfile(ProfileEditModel profileEditModel)
{
var user = Mapper.Map <ProfileEditModel, User>(profileEditModel);
user.UserLogin.IsSecurityQuestionVerified = true;
user.UserLogin.UserVerified = true;
if (profileEditModel.Id > 0 && string.IsNullOrEmpty(profileEditModel.Password))
{
var existingUser = _userRepository.GetUser(profileEditModel.Id);
user.UserLogin.Password = existingUser.UserLogin.Password;
user.UserLogin.Salt = existingUser.UserLogin.Salt;
}
else if (!string.IsNullOrEmpty(profileEditModel.Password))
{
var secureHash = _oneWayHashingService.CreateHash(profileEditModel.Password);
user.UserLogin.Password = secureHash.HashedText;
user.UserLogin.Salt = secureHash.Salt;
}
_addressService.SaveAfterSanitizing(user.Address);
_userRepository.SaveUser(user);
}
public UserEditModel Save(UserEditModel userToSave)
{
_userModelValidator.ValidateAndThrow(userToSave);
var userAddress = _addressService.SaveAfterSanitizing(Mapper.Map <AddressEditModel, Address>(userToSave.Address));
OrganizationRoleUser organizationRoleUser = Mapper.Map <OrganizationRoleUserModel, OrganizationRoleUser>(_sessionContext.UserSession.CurrentOrganizationRole);
userToSave.DataRecorderMetaData = new DataRecorderMetaData(organizationRoleUser, DateTime.Now, DateTime.Now);
var user = Mapper.Map <UserEditModel, User>(userToSave);
var isPasswordUpdatedOrCreated = false;
SecureHash secureHash = null;
if (userToSave.Id > 0 && string.IsNullOrEmpty(userToSave.Password))
{
var existingUser = _userRepository.GetUser(userToSave.Id);
user.UserLogin.Password = existingUser.UserLogin.Password;
user.UserLogin.Salt = existingUser.UserLogin.Salt;
user.UserLogin.UserVerified = existingUser.UserLogin.UserVerified;//For a scenario: User is created and then immediatly updated
user.UserLogin.LastPasswordChangeDate = existingUser.UserLogin.LastPasswordChangeDate;
user.UserLogin.LastLogged = existingUser.UserLogin.LastLogged;
}
else if (!string.IsNullOrEmpty(userToSave.Password))
{
secureHash = _oneWayHashingService.CreateHash(userToSave.Password);
user.UserLogin.Password = secureHash.HashedText;
user.UserLogin.Salt = secureHash.Salt;
isPasswordUpdatedOrCreated = true;
user.UserLogin.LastPasswordChangeDate = DateTime.Now;
}
user.Address = userAddress;
if (isPasswordUpdatedOrCreated)//&& user.Id > 0 && userToSave.UsersRoles.Count() == 1 && userToSave.UsersRoles.Single().RoleId == (long)Roles.Customer)
{
user.UserLogin.UserVerified = false;
}
user.UserLogin.IsTwoFactorAuthrequired = userToSave.OverRideTwoFactorAuthrequired ? userToSave.IsTwoFactorAuthrequired : (bool?)null;
user = _userRepository.SaveUser(user);
if (isPasswordUpdatedOrCreated && secureHash != null && !(user.Id > 0 && userToSave.UsersRoles.Count() == 1 && userToSave.UsersRoles.Single().RoleId == (long)Roles.Customer))
{
_passwordChangelogService.Update(user.Id, secureHash, _sessionContext.UserSession.CurrentOrganizationRole.OrganizationRoleUserId);
}
userToSave.Id = user.Id;
//map & save user roles
_orgRoleUserRepository.DeactivateAllOrganizationRolesForUser(user.Id);
foreach (var organizationRoleModel in userToSave.UsersRoles)
{
organizationRoleModel.UserId = user.Id;
var orgRoleUser = _orgRoleUserRepository.SaveOrganizationRoleUser(Mapper.Map <OrganizationRoleUserModel, OrganizationRoleUser>(organizationRoleModel));
var roleId = GetParentRoleIdByRoleId(orgRoleUser.RoleId);
switch (roleId)
{
case (long)Roles.Technician:
var technician = Mapper.Map <TechnicianModel, Technician>(userToSave.TechnicianProfile);
technician.TechnicianId = orgRoleUser.Id;
var repository = ((IRepository <Technician>)_technicianRepository);
repository.Save(technician);
if (!string.IsNullOrWhiteSpace(userToSave.TechnicianProfile.Pin))
{
_pinChangeLogService.Update(userToSave.TechnicianProfile.Pin.Encrypt(), orgRoleUser.Id, organizationRoleUser.Id);
}
break;
case (long)Roles.MedicalVendorUser:
var physician = Mapper.Map <PhysicianModel, Physician>(userToSave.PhysicianProfile);
physician.PhysicianId = orgRoleUser.Id;
physician.AuthorizedStateLicenses =
_physicianLicenseModelFactory.CreateMultiple(userToSave.PhysicianProfile.Licenses,
orgRoleUser.Id);
_physicianRepository.SavePhysician(physician);
break;
case (long)Roles.CorporateAccountCoordinator:
var accountCoordinator = Mapper.Map <AccountCoordinatorProfileModel, AccountCoordinatorProfile>(userToSave.AccountCoordinatorProfile);
accountCoordinator.AccountCoordinatorId = orgRoleUser.Id;
var accountCoordinatorRepository = ((IRepository <AccountCoordinatorProfile>)_accountCoordinatorProfileRepository);
accountCoordinatorRepository.Save(accountCoordinator);
break;
case (long)Roles.CallCenterRep:
var callCenterRepProfile = new CallCenterRepProfile
{
CallCenterRepId = orgRoleUser.Id,
CanRefund = false,
CanChangeNotes = false,
DialerUrl = organizationRoleModel.DialerUrl
};
_callCenterRepProfileRepository.Save(callCenterRepProfile);
break;
}
}
if (userToSave.UsersRoles.Any(x => x.RoleId == (long)Roles.NursePractitioner))
{
var userNpiInfo = new UserNpiInfo
{
UserId = userToSave.Id,
Npi = !string.IsNullOrEmpty(userToSave.Npi) ? userToSave.Npi : null,
Credential = !string.IsNullOrEmpty(userToSave.Credential) ? userToSave.Credential : null
};
_userNpiInfoRepository.Save(userNpiInfo);
}
var systemUserInfo = new SystemUserInfo
{
EmployeeId = userToSave.UsersRoles.Count() == 1 && userToSave.UsersRoles.Any(x => x.RoleId == (long)Roles.Customer) ? string.Empty : userToSave.EmployeeId,
UserId = userToSave.Id
};
_systemUserInfoRepository.Save(systemUserInfo);
return(userToSave); //this does not return the same object. the saved user are out of sync at this point.!!
}