public async Task Validate(IUserSession userSession, ResetPassword command)
{
var failures = new List <ValidationFailure>();
if (command.EncryptedPassword == null || string.IsNullOrEmpty(command.EncryptedPassword.Password))
{
failures.Add(new ValidationFailure("EncryptedPassword", ValidationFailureType.Missing));
}
if (command.ResetPasswordToken == Guid.Empty)
{
failures.Add(new ValidationFailure("ResetPasswordToken", ValidationFailureType.Missing));
}
else
{
try
{
PasswordResetToken passwordResetToken =
await _readOnlyRepo.GetById(command.ResetPasswordToken);
if (passwordResetToken.Created > _timeProvider.Now().AddDays(2))
{
failures.Add(new ValidationFailure("ResetPasswordToken", ValidationFailureType.Expired));
}
}
catch (ItemNotFoundException <PasswordResetToken> )
{
failures.Add(new ValidationFailure("ResetPasswordToken", ValidationFailureType.DoesNotExist));
}
}
if (failures.Any())
{
throw new CommandValidationException(failures);
}
}
public async Task <ActionResult <IResponseObject> > GetPasswordResetToken(string id)
{
PasswordResetToken token = await _passwordResetTokenRepository.GetById(id);
if (token == null)
{
IResponseObject errorResponse = _responseObjectFactory
.CreateErrorResponseObject(HttpStatusCode.NotFound, NotFoundErrorTitle, NotFoundErrorDetail);
return(NotFound(errorResponse));
}
return(_responseObjectFactory.CreateResponseObject(new { token.Id }));
}
public async Task Handle(IUserSession userIssuingCommand, ResetPassword command)
{
PasswordResetToken passwordResetToken = await _tokenReadRepo.GetById(command.ResetPasswordToken);
UserEmailLogin user = await _repo.GetById <UserEmailLogin>(passwordResetToken.UserId);
user.ChangePassword(command.EncryptedPassword);
await _repo.Update(user);
await _tokenReadRepo.Delete(command.ResetPasswordToken);
NotifyObservers(new PasswordReset(passwordResetToken.UserId));
}
public async Task <ActionResult <IResponseObject> > PatchUserPassword(UserPasswordResetUpdateDTO passwordResetDTO)
{
PasswordResetToken token = await _passwordResetTokenRepository.GetById(passwordResetDTO.PasswordResetTokenId);
if (token == null || DateTime.Now >= token.Expiration)
{
return(BadRequest(UserUpdateErrorTitle, UserUpdatePasswordResetErrorDetail));
}
User user = await _userRepository.GetByEmail(token.Email);
if (user == null)
{
return(BadRequest(UserUpdateErrorTitle, UserUpdatePasswordResetUserErrorDetail));
}
user.PasswordHash = _passwordHasher.HashPassword(passwordResetDTO.Password);
await _passwordResetTokenRepository.DeleteByEmail(user.Email);
return(await TryPerformUserUpdate(user));
}