public ActionResult EditCredentials(EditCredentialsDTO request)
{
if (ModelState.IsValid)
{
if (request.CurrentPassword != request.NewPassword)
{
if (BinaryComparer.AreEqual(Account.Password, SHA512Hasher.Hash(request.CurrentPassword)))
{
PartnerBLL partnerBLL = new PartnerBLL(WebApp.Connector);
Uri requestUrl = Request.Url;
string baseUrl = new UriBuilder(requestUrl.Scheme, requestUrl.Host, requestUrl.Port).ToString();
partnerBLL.ChangePasswordEmailSubject = LocalizationProvider["ChangePasswordEmailSubject"];
partnerBLL.ChangePasswordEmailTemplate = LocalizationProvider["ChangePasswordEmailTemplate"];
partnerBLL.ChangePassword(Account, request.NewPassword, baseUrl);
TempData["Result"] = "PasswordHasBeenChanged";
return(RedirectToAction("MyProfile"));
}
else
{
AddError("CurrentPassword", "CurrentPasswordDoesntMatch");
return(View());
}
}
else
{
AddError("NewPassword", "NewAndCurrentPasswordAreTheSame");
return(View());
}
}
else
{
return(BadRequestWithErrors());
}
}
private static byte[] Generate(string value)
{
using (RandomNumberGenerator randomNumberGenerator = new RNGCryptoServiceProvider())
{
byte[] data = new byte[256];
randomNumberGenerator.GetBytes(data);
return(SHA512Hasher.Hash($"{value}|TimeStamp={DateTime.UtcNow.Ticks}|Random={FormatHelper.FromArrayToHexString(data)}"));
}
}
public ChangePasswordResult ChangePassword(PartnerDTO partner, string password, string baseUrl)
{
Repository.Update(partner.Id, new Dictionary <string, object>()
{
{ "Password", SHA512Hasher.Hash(password) }
});
string fullName = partner.FullName;
MailAddress to = new MailAddress(partner.EmailAddress, fullName);
if (baseUrl.LastIndexOf('/') == baseUrl.Length - 1)
{
baseUrl = baseUrl.Substring(0, baseUrl.Length - 1);
}
string logoUrl = new UriBuilder(baseUrl)
{
Path = "/png/Logo_361x86.png"
}.ToString();
string body = string.Format(ChangePasswordEmailTemplate, logoUrl, fullName);
EmailSender.Send(to, ChangePasswordEmailSubject, body);
return(ChangePasswordResult.OK);
}
public LoginResult Login(PartnerCredentialDTO credential, IPAddress ipAddress, bool keepOpened, out PartnerSessionDTO session)
{
Connector.IsTransaction = true;
PartnerBLL partnerBLL = new PartnerBLL(Connector);
PartnerDTO partner = partnerBLL.ReadByUsername(credential.Username);
if (partner != null)
{
if (!partner.IsLocked)
{
byte[] credentialPassword = SHA512Hasher.Hash(credential.Password);
if (BinaryComparer.AreEqual(credentialPassword, partner.Password))
{
if (partner.HasEmailAddressBeenVerified)
{
DateTime loggedAt = DateTime.UtcNow;
session = new PartnerSessionDTO()
{
Partner = partner,
IPAddress = ipAddress,
LoggedAt = loggedAt
};
if (!keepOpened)
{
session.ExpiresOn = loggedAt.AddMinutes(16);
}
Create(session);
Connector.CommitTransaction();
return(LoginResult.OK);
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.EmailAddressHasNotBeenVerified);
}
}
else
{
PartnerLoginAttemptBLL loginAttemptBLL = new PartnerLoginAttemptBLL(Connector);
PartnerLoginAttemptDTO loginAttempt = new PartnerLoginAttemptDTO()
{
Partner = partner,
IPAddress = ipAddress
};
loginAttemptBLL.Create(loginAttempt);
Guid partnerId = partner.Id;
PartnerSessionDTO lastSession = ReadLastByPartner(partnerId);
List <PartnerLoginAttemptDTO> loginAttempts = loginAttemptBLL.ReadByPartnerAndTimeStampAsDate(partnerId, lastSession?.LoggedAt ?? DateTime.UtcNow.Date).ToList();
if (loginAttempts.Count >= 3)
{
partnerBLL.Update(partnerId, new Dictionary <string, object>()
{
{ "IsLocked", true }
});
}
Connector.CommitTransaction();
session = null;
return(LoginResult.PasswordDoesntMatch);
}
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.AccountIsLocked);
}
}
else
{
Connector.RollbackTransaction();
session = null;
return(LoginResult.AccountDoesntExist);
}
}
public void Join(PartnerCredentialDTO credential)
{
Username = credential.Username;
Password = SHA512Hasher.Hash(credential.Password);
}