public async Task SendPasswordReset(string email) { var user = await _context.RegisteredUsers.FirstOrDefaultAsync(ru => ru.Email.Equals(email.ToLowerInvariant())); if (user == null) { return; } var passwordReset = new PasswordReset { RegisteredUserId = user.Id, ExpiryDate = DateTime.UtcNow.AddMinutes(30), Key = Guid.NewGuid() }; await _context.PasswordResets.AddAsync(passwordReset); await _context.SaveChangesAsync(); var body = GeneratePasswordResetEmailBody(passwordReset.Key); _email.SendEmail(user.Email, body, "Turnip Tally Password Reset", false); }
public IActionResult PasswordReset([FromQuery(Name = "id")] string token) { PasswordReset passwordReset = new PasswordReset(); passwordReset.Token = token; return(View("PasswordReset", passwordReset)); }
public void CreatePasswordReset_Fail() { //Arrange var newUser = tu.CreateUserObject(); newPasswordReset = tu.CreatePasswordResetObject(newUser); var expected = tu.CreatePasswordResetObject(newUser); //Act using (var _db = tu.CreateDataBaseContext()) { ResetService rs = new ResetService(_db); var response = rs.CreatePasswordReset(newPasswordReset); try { _db.SaveChanges(); } catch (Exception exception) { } //Assert Assert.IsNotNull(response); Assert.AreNotEqual(response, expected); } }
public async Task <ActionResult> SendPasswordResetEmailAsync([FromBody] EmailPost post) { var requester = GetRequesterNoFail(); var foundUser = await service.FindByEmailAsync(post.email, requester); if (foundUser == null) { return(BadRequest("No user with that email")); } //Now, add a new password reset code or something. var code = new PasswordReset() { UserId = foundUser.id, Key = Guid.NewGuid().ToString() }; passwordResets.UpdateList(new[] { code }); await SendEmailAsync("PasswordResetSubject", "PasswordResetBody", post.email, new Dictionary <string, object>() { { "resetCode", code.Key }, { "resetTime", config.PasswordResetExpire } }); return(Ok("Email sent")); }
public async Task <ServiceResult> ResetPasswordAsync(PasswordReset model) { ServiceResult result = new ServiceResult(); PassportUser user = await userManager.FindByIdAsync(model.UserId); if (user == null) { result.Errors.Add(new ServiceResult.Error { Key = nameof(Errors.UserNotFound), Message = Errors.UserNotFound }); result.Code = 404; return(result); } IdentityResult identityResult = await userManager.ResetPasswordAsync(user, model.Token, model.Password); if (!identityResult.Succeeded) { foreach (IdentityError error in identityResult.Errors) { result.Errors.Add(new ServiceResult.Error { Key = error.Code, Message = error.Description, }); } result.Code = 400; } return(result); }
public IActionResult User_EditPassword(int id, [FromBody] PasswordReset psw_reset) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // get user from db User user = _context.Users.Single(a => a.ID == id); // if password is valid then we change it and update db if (ValidatePassword(psw_reset.Current_Password, user.Password)) { user.Password = HelperMethods.ConcatenatedSaltAndSaltedHash(psw_reset.New_Password); _context.Update(user); _context.SaveChanges(); return(Ok()); } else { ErrorMessage error = new ErrorMessage("Invalid Password", "Your current password does not match."); return(new BadRequestObjectResult(error)); } }
protected override void InitFromBundle(IMvxBundle parameters) { base.InitFromBundle(parameters); phoneService = Mvx.Resolve <IPhoneService>(); this.NewUser = getNewUser(); PasswordResets = new PasswordReset(); }
public async Task ResetPassword_GivenUsedPasswordReset_RequestRejected() { GetDatabaseContext getContext = ContextUtilities.CreateInMemoryContext(_output); Guid resetToken; // Arrange using (IDatabaseContext context = getContext()) { User john = ContextUtilities.CreateJohnDoe(); var reset = new PasswordReset { Requested = DateTime.UtcNow, User = john, Used = true }; context.PasswordResets.Add(reset); await context.SaveChangesAsync(); resetToken = reset.Token; } // Act (ResetPasswordController controller, _, _) = CreateController(getContext, null); IActionResult response = await controller.ResetPassword(new ResetPasswordDto { NewPassword = "******", PasswordResetToken = resetToken }); // Assert Assert.IsType <BadRequestObjectResult>(response); var badRequestResponse = (BadRequestObjectResult)response; Assert.Equal(RequestStringMessages.ResetCodeAlreadyUsedOrExpired, badRequestResponse.Value); }
public static async Task <RelayResponse> ResetPassword(PasswordReset credential, StagedUser stagedUser) { try { var client = new SigRClient(Settings.AdminSiteUrl, Settings.STSApiKey, "SiteHub"); var data = JsonConvert.SerializeObject(credential); var msg = new RelayMessage { ApiKey = Settings.AdminApiKey, Data = data, DestSiteId = stagedUser.SiteId, Identifier = stagedUser.Id, Operation = SiteOperation.ResetPW }; await client.StartAsync(); RelayResponse res = await client.ProcessRelayMessage(msg); return(res); } catch (Exception ex) { Utils.AddLogEntry("Error setting user status", EventLogEntryType.Error, 0, ex); return(new RelayResponse { Success = false, ErrorMessage = ex.Message }); } }
public async Task <PasswordReset> CreatePasswordResetEntry(IPAddress remoteIpAddress, string username) { PasswordReset pwdResetEntry = null; await Task.Run(() => { var sw = Stopwatch.StartNew(); using (var db = new LiteDatabase(_databaseName)) { var colPwdReset = db.GetCollection <PasswordReset>(PasswordReset.Collection); pwdResetEntry = new PasswordReset() { Id = Guid.NewGuid(), IpAddress = remoteIpAddress.ToString(), IsUsed = false, Timestamp = DateTime.Now, Username = username }; colPwdReset.Insert(pwdResetEntry); } sw.Stop(); _logger.LogDebug("{0} ms\tCreatePasswordResetEntry", sw.ElapsedMilliseconds); }); return(pwdResetEntry); }
public PasswordResetResponse ResetPassword(string passHash, string resetToken) { try { PasswordReset reset = PasswordReset.OneWhere(c => c.Token == resetToken, Database); if (reset == null) { throw new InvalidTokenException(); } Instant timeOfRequest = new Instant(reset.DateTime.Value); Instant now = new Instant(); if (now.DiffInMinutes(timeOfRequest) > reset.ExpiresInMinutes.Value) { throw new InvalidTokenException(); } Password.Set(reset.UserOfUserId, passHash, Database); FireEvent(ResetPasswordSucceeded); return(GetSuccess <PasswordResetResponse>(true, "Password was successfully reset")); } catch (Exception ex) { LastException = ex; FireEvent(ResetPasswordFailed); return(GetFailure <PasswordResetResponse>(ex)); } }
public ForgotPasswordResponse ForgotPassword(string emailAddress) { try { User user = User.GetByEmail(emailAddress, Database); PasswordReset reset = user.PasswordResetsByUserId.AddNew(); reset.Token = Guid.NewGuid().ToString(); reset.DateTime = new Instant(); reset.ExpiresInMinutes = PasswordResetTokensExpireInThisManyMinutes; reset.WasReset = false; user.Save(Database); PasswordResetEmailData data = new PasswordResetEmailData { Title = "Password Reset", UserName = user.UserName, ApplicationName = ApplicationNameProvider.GetApplicationName(), PasswordResetUrl = GetPasswordResetUrl(reset.Token) }; string subject = "Password Reset for {0}"._Format(data.ApplicationName); string email = user.Email; ComposePasswordResetEmail(subject, data).To(email).Send(); FireEvent(ForgotPasswordSucceeded); return(GetSuccess <ForgotPasswordResponse>(reset.Token, "Password email was sent to {0}"._Format(email))); } catch (Exception ex) { LastException = ex; FireEvent(ForgotPasswordFailed); return(GetFailure <ForgotPasswordResponse>(ex)); } }
public async Task PostReset_WhenPasswordNotConfirmed_ExpectSuccess() { Logout(); var user = dataSamples.Users.FirstOrDefault(u => !u.Item1.IsPasswordSet); user.Item2.Password = string.Empty; user.Item2.LoginMethod = LoginMethod.EMAIL; var emailLoginResponse = await _http.PostAsync("api/auth/login", user.Item2.GetStringContent()); Assert.Equal(200, (int)emailLoginResponse.StatusCode); var loginCode = await _http.GetObject <Guid>($"api/testdata/verification-codes/{user.Item1.UserName}"); var loginResponse = await _http.GetAsync($"api/auth/code/{loginCode}"); Assert.Equal(200, (int)loginResponse.StatusCode); var reset = new PasswordReset { NewPassword = GoodLongPassword }; var resetResponse = await _http.PostAsync("api/auth/reset-password", reset.GetStringContent()); resetResponse.StatusCode.AssertStatusCode(200); Logout(); Login(); }
/// <summary> /// Update password of current user /// </summary> /// <param name="model">It Contains updated password</param> /// <returns>SaveResult</returns> public SaveResult ChangePassword(PasswordReset model) { bool success = false; string message = ""; var userety = _userRepository.GetByEmail(model.Email); if (userety != null) { var passwordHash = SimpleHash.ComputeHash(model.Password, "SHA1", null); model.Password = passwordHash; model.UserId = userety.UserId; var upety = this.Mapper.CreateUserPasswordEntity(model); upety.PasswordDate = DateTime.UtcNow; upety.CreatedDate = DateTime.UtcNow; _userRepository.ChangePassword(upety); success = true; } else { success = false; message = "User does not exisst."; } return(success ? SaveResult.SuccessResult : SaveResult.FailureResult(message)); }
public void UpdatePasswordReset_Pass() { //Arrange var newUser = tu.CreateUserObject(); newPasswordReset = tu.CreatePasswordResetObject(newUser); var expectedResultExpirationTime = newPasswordReset.ExpirationTime; var expectedResult = newPasswordReset; //Act using (_db = tu.CreateDataBaseContext()) { newPasswordReset = rs.CreatePasswordReset(_db, newPasswordReset); try { _db.SaveChanges(); } catch (Exception exception) { } newPasswordReset.ExpirationTime = DateTime.Now.AddYears(5); var response = rs.UpdatePasswordReset(_db, newPasswordReset); _db.SaveChanges(); var result = rs.GetPasswordReset(_db, expectedResult.ResetToken); // Assert Assert.IsNotNull(response); Assert.IsNotNull(result); Assert.AreEqual(result.ResetToken, expectedResult.ResetToken); Assert.AreNotEqual(result.ExpirationTime, expectedResultExpirationTime); } }
public string Confirm(ResetPassword forget) { DB_A33B8A_emercarEntities _context = new DB_A33B8A_emercarEntities(); User user = _context.Users.Where(p => p.Email == forget.mail).FirstOrDefault(); PasswordReset userActivation = _context.PasswordResets.Where(p => p.ID == user.UserID).SingleOrDefault(); var oldone = forget.oldpass; var newone = forget.newpass; oldone = Hash.EncodePassword(oldone, user.Code); if (oldone == user.Pass) { _context.PasswordResets.Remove(userActivation); user.Pass = Hash.EncodePassword(newone, user.Code); var sql = "Update dbo.Users SET Pass = {0} WHERE UserID = {1}"; _context.Database.ExecuteSqlCommand(sql, newone, user.UserID); _context.SaveChanges(); ViewBag.message = "Password Reset"; return("Password Reset"); } else { throw new HttpException(400, "Incorrect Password"); } }
public async Task <PasswordReset> RequestResetAsync(MoxUser user) { if (user == null) { throw new ArgumentNullException($"Parameter {nameof(user)} cannot be null!"); } var httpContext = this._httpContextAccessor.HttpContext; var resetToken = await this._userManager.GeneratePasswordResetTokenAsync(user); var reset = new PasswordReset() { UserId = user.Id, ResetToken = resetToken, Completed = false, CreatedOn = DateTime.Now, RequestedByClientInfo = httpContext?.Connection?.RemoteIpAddress?.ToString() ?? "Okänt", CompletedOn = null, ValidUntil = DateTime.Today.AddDays(1) }; this._context.Add(reset); await this._context.SaveChangesAsync(); return(reset); }
// Change to new password public ClientView ResetPassword(PasswordReset newPassword) { try { var ResetCode = newPassword.Link.Split('/').Last(); var entity = db.Users.FirstOrDefault(a => a.ResetPasswordCode.Equals(ResetCode)); if (entity == null) { return(null); } else { // If user is valid, change old password with new one + hash new password entity.Password = newPassword.Password.Hash(); entity.ResetPasswordCode = ""; db.SaveChanges(); return(new ClientView()); } } catch (Exception ex) { GlobalVariable.log.Write(LogLevel.Error, ex); return(null); } }
public async Task <PasswordReset> CreatePasswordReset(string email) { var resetRequest = new PasswordReset(_passwordResets.ExpireTime, email); await _passwordResets.Insert(resetRequest); return(resetRequest); }
public async Task <IActionResult> ResetPassword(ResetPasswordDto resetPasswordDto) { IDatabaseContext context = _getDatabaseContext(); PasswordReset passwordReset = await context.PasswordResets.Include(p => p.User).FirstOrDefaultAsync(r => r.Token == resetPasswordDto.PasswordResetToken); if (passwordReset == null) { _logger.LogDebug("{0}(resetToken={1}): Couldn't find the password reset token", nameof(ResetPassword), resetPasswordDto.PasswordResetToken); return(BadRequest(RequestStringMessages.ResetCodeInvalid)); } if (passwordReset.Used || (passwordReset.Requested - DateTime.UtcNow > _resetTokenValidTimeSpan)) { _logger.LogInformation("{0}(resetToken={1}): Tried to reset password for user {2} with an expired or used token", nameof(ResetPassword), resetPasswordDto.PasswordResetToken, passwordReset.UserId); return(BadRequest(RequestStringMessages.ResetCodeAlreadyUsedOrExpired)); } passwordReset.User.PasswordHash = _passwordService.HashPassword(resetPasswordDto.NewPassword); passwordReset.Used = true; await context.SaveChangesAsync(); _logger.LogInformation("{0}(resetToken={1}): Reset password for user {2}", nameof(ResetPassword), resetPasswordDto.PasswordResetToken, passwordReset.UserId); return(Ok()); }
public ActionResult PasswordResetRequest(FormCollection collection) { if (collection != null && !User.Identity.IsAuthenticated) { if (collection["email-input"] != null && collection["email-input"].Contains('@')) { string Email = collection["email-input"]; string PasswordResetCode = ShopApp.Utility.Utilities.RandomString(8); var user = db.Users.Where(i => i.Email == Email).FirstOrDefault(); if (user != null) { Task.Run(() => EmailManager.SendEmailAsync(user.FirstName, user.LastName, Email, PasswordResetCode)); PasswordReset ResetCode = new PasswordReset(Email, PasswordResetCode); db.PasswordResetCodes.Add(ResetCode); ConcurencyHandling.SaveChangesWithConcurencyHandling(db); } Session["ResetPasswordEmail"] = Email; return(RedirectToAction("PasswordReset", "User")); } else { ViewBag.ErrorMessage = "Prosze podać email"; } } else { ViewBag.ErrorMessage = "Nieprawidłowe dane"; } return(View()); }
public static void resetPassword() { PasswordReset reset = new PasswordReset(); Console.Clear(); Console.Write("Input your e-mail:"); String email = Console.ReadLine(); bool valid = reset.resetPasswordViaEmail(email); while (!valid) { Console.Clear(); Console.WriteLine("Invalid email!"); Console.WriteLine("1.Try again" + "\n2.Exit"); Console.Write("Value:"); int number = int.Parse(Console.ReadLine()); if (number == 1) { Console.Clear(); Console.Write("Input your e-mail:"); email = Console.ReadLine(); valid = reset.resetPasswordViaEmail(email); } if (number == 2) { break; } } }
public async Task <IActionResult> CheckPasswordResetToken([FromQuery] string token) { try { if (token != null) { PasswordReset pwr = await UserHandler.CheckPasswordResetHash(token); if (pwr.UserId != null) { return(Ok(pwr.UserId)); } return(Unauthorized()); } else { return(Unauthorized()); } } catch (Exception ex) { string errorMessage = handleCatch(ex); return(StatusCode(505, errorMessage)); } }
/// <summary> /// populates a PasswordReset with its child entities /// </summary> /// <param name="passwordReset"></param> /// <param name="fillChilds"></param> private void FillPasswordResetWithChilds(PasswordReset passwordResetObject, bool fillChilds) { // populate child data for a passwordResetObject if (passwordResetObject != null) { } }
public ActionResult ExpiredPassword(ResetPasswordViewModel model) { if (!ModelState.IsValid) { return(View(model)); } //var webApiResponse = await this.WebApiPost("api/password/expired", false, model); PasswordReset pwdResetModel = new PasswordReset() { Username = model.Email, Email = model.Email, Password = model.Password }; SaveResult result = _service.ExpiredPassword(pwdResetModel); if (result.Success) { // Login after user changes password on Locked account // (New User, Admin Password Reset, Expired Password < 3 days) LoginViewModel loginModel = new LoginViewModel() { Email = model.Email, Password = model.Password }; return(Login(loginModel, "")); } ViewBag.Message = "Error resetting password. Please try again. " + result.Message; return(View()); }
public async Task <PasswordResetEnum> ResetPassword(string email, string countryCode) { PasswordReset resetUserPassword = new PasswordReset { Email = email, CountryCode = countryCode, DeviceId = GlobalAccess.DeviceId }; var result = await authenticationService.ResetPassword(resetUserPassword); if (!result.IsSuccess) { switch (result.Content) { case Constants.DEVICE_NOT_MATCHED: return(PasswordResetEnum.DeviceIdNotMatched); case Constants.EMAIL_NOT_EXIST: return(PasswordResetEnum.EmailNotExist); } } else { PasswordResetResponse res = result.DeserializeObject <PasswordResetResponse>(); if (res.Status) { return(PasswordResetEnum.ResetSuccess); } } return(PasswordResetEnum.ResetFailure); }
public ActionResult ResetPassword(ResetPasswordViewModel model) { if (!ModelState.IsValid) { return(View(model)); } PasswordReset rpwdModel = new PasswordReset() { Password = model.Password, Email = model.Email, Token = model.Token }; SaveResult result = _service.ResetPassword(rpwdModel); if (result.Success) { // Login after user resets forgotten password LoginViewModel loginModel = new LoginViewModel() { Email = model.Email, Password = model.Password }; return(Login(loginModel, "")); } else { ViewBag.Message = "Error resetting password. Please try again. " + result.Message; return(View()); } }
public async Task <IActionResult> ResetPassword([Bind(nameof(ResetPasswordViewModel.Email))] ResetPasswordViewModel model) { var user = await userManager.FindByEmailAsync(model.Email); if (user != null) { string passwordResetToken = await userManager.GeneratePasswordResetTokenAsync(user); string passwordResetLink = Url.Action("ResetPasswordConfirm", "Home", new { userId = user.Id, token = passwordResetToken }, HttpContext.Request.Scheme); // url/Home/ResetPasswordConfirm?userId=1234&token=asd123 var IsMailSend = PasswordReset.PasswordResetSendEmailWithSendGrid(passwordResetLink, user.Email); ViewBag.Status = "success"; } else { ModelState.AddModelError("", "Sistemde böyle kayıtlı bir mail adresi bulunamadı."); } return(View(model)); }
public void GetPasswordReset_Pass() { //Arrange var newUser = tu.CreateUserObject(); newPasswordReset = tu.CreatePasswordResetObject(newUser); var expected = newPasswordReset; //Act using (_db = tu.CreateDataBaseContext()) { newPasswordReset = rs.CreatePasswordReset(_db, newPasswordReset); try { _db.SaveChanges(); } catch (Exception exception) { } var result = rs.GetPasswordReset(_db, newPasswordReset.ResetToken); //Assert Assert.IsNotNull(result); Assert.AreEqual(result.ResetToken, expected.ResetToken); } }
public void UpdatePasswordReset_Fail() { //Arrange var newUser = tu.CreateUserObject(); newPasswordReset = tu.CreatePasswordResetObject(newUser); PasswordReset expectedResult = newPasswordReset; //Act using (_db = tu.CreateDataBaseContext()) { var response = rs.UpdatePasswordReset(_db, newPasswordReset); try { _db.SaveChanges(); } catch (Exception) { // catch error // rollback changes _db.Entry(newPasswordReset).State = System.Data.Entity.EntityState.Detached; } var result = rs.GetPasswordReset(_db, expectedResult.ResetToken); // Assert Assert.IsNotNull(response); Assert.IsNull(result); } }
private static bool ForcePasswordReset(string userName, string password, byte[] salt) { PasswordReset window = new PasswordReset(password); window.ShowDialog(); if (window.Status) { byte[] hash = CreateHash(window.Password, salt); MySqlCommand update = new MySqlCommand(); string SQL = "UPDATE Login SET hashedPassword = @newHash, firstLogin = 0 WHERE userName = @userName;"; update.CommandText = SQL; update.Parameters.AddWithValue("@newHash", hash); update.Parameters.AddWithValue("@userName", userName); return Database.Update(update); } return false; }
private PasswordReset SetupUserForPasswordReset(Users usr) { string baseUrl = ConfigurationManager.AppSettings["RealEstateBaseUrl"].ToString(); string token = Guid.NewGuid().ToString().Replace("-", ""); PasswordReset reset = new PasswordReset(); reset.Url = baseUrl; reset.Token = token; reset.Expires = DateTime.Now.AddHours(3); reset.UserId = usr.UserId; return reset; }