public void TestsUserAccounts_Security_TimeOutCheck()
{
UserResetPasswordModel model = new UserResetPasswordModel {
Email = "*****@*****.**"
};
model.GenerateSecurityKey(DateTime.UtcNow);
var response = service.ValidateSecurityKey(new UserResetPasswordModel {
SecurityKey = model.SecurityKey
});
Assert.IsTrue(response.IsOK);
model.GenerateSecurityKey(DateTime.UtcNow.AddMinutes(-29));
response = service.ValidateSecurityKey(new UserResetPasswordModel {
SecurityKey = model.SecurityKey
});
Assert.IsTrue(response.IsOK);
model.GenerateSecurityKey(DateTime.UtcNow.AddMinutes(-31));
response = service.ValidateSecurityKey(new UserResetPasswordModel {
SecurityKey = model.SecurityKey
});
Assert.IsFalse(response.IsOK);
}
public ActionResult ChangePassword(UserResetPasswordModel userResetPasswordModel)
{
if (!ModelState.IsValid)
{
return(View(userResetPasswordModel));
}
else
{
UserResetPasswordDto userResetPasswordDto = new UserResetPasswordDto();
userResetPasswordDto.EmailId = userResetPasswordModel.EmailId;
userResetPasswordDto.Password = userResetPasswordModel.Password;
bool existUser = userSignUpDal.CheckValidEmailId(userResetPasswordModel.EmailId);
if (existUser == true)
{
int i = userSignUpDal.ResetPasswordForUser(userResetPasswordDto);
if (i > 0)
{
ViewBag.successText = "Successfully Updated Your Password";
}
else
{
ViewBag.failureText = "Your Password has not updated. Please try some time ";
}
}
else
{
ViewBag.failureText = "This MailId is not Exist.";
}
return(View());
}
}
public IActionResult ResetPassword(UserResetPasswordModel model)
{
this.logger.LogDebug(string.Format(CultureInfo.InvariantCulture, this.localizer["LogResetPasswordTry"].Value));
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
// Is the token valid ?
IActionResult existsResult = this.ResetPasswordExists(model.ResetPasswordToken);
User user;
if (existsResult is OkObjectResult)
{
UserPasswordLostResponseModel result = (existsResult as OkObjectResult).Value as UserPasswordLostResponseModel;
// Is the token related to the provided user ?
if (result.Email == model.Email && result.Username == model.Username)
{
user = this.userService.GetByEmail(result.Email);
this.userService.UpdatePassword(user.Id, model.Password);
return(this.Ok());
}
else
{
return(this.Conflict(new { message = this.localizer["LogResetPasswordUserConflict"].Value }));
}
}
else
{
return(existsResult);
}
}
public IActionResult ResetPassword([FromBody] UserResetPasswordModel resetPasswordModel)
{
if (resetPasswordModel == null ||
string.IsNullOrEmpty(resetPasswordModel.Password) ||
string.IsNullOrEmpty(resetPasswordModel.Token) ||
string.IsNullOrEmpty(resetPasswordModel.Email))
{
throw new MissingParameterException();
}
if (resetPasswordModel?.Password?.Length > Limits.MAX_PASSWORD)
{
throw new InputValueTooLargeException();
}
if (resetPasswordModel?.Token?.Length > Limits.MAX_RESETPWD_CODE)
{
throw new InputValueTooLargeException();
}
if (resetPasswordModel?.Email?.Length > Limits.MAX_EMAIL_ADDRESS)
{
throw new InputValueTooLargeException();
}
var ipAddress = HttpContext.Connection.RemoteIpAddress.ToString();
PwdManService.ResetPassword(resetPasswordModel, ipAddress);
return(new JsonResult(true));
}
public void TestsUserAccounts_User_Request_Password_Reset()
{
var USRM1 = db.Users.Where(u => u.Email == "*****@*****.**").FirstOrDefault();
var model = new UserResetPasswordModel();
// Fail wrong security key
model.Email = USRM1.Email;
model.SecurityKey = Crypto.Encrypt("rubbish");
model.NewPassword = "******";;
model.ConfirmPassword = "******";
var response = service.ResetPassword(model);
Assert.IsFalse(response.IsOK);
//pass
model.GenerateSecurityKey();
model.Email = "";
response = service.ResetPassword(model);
Assert.IsTrue(response.IsOK);
Assert.AreEqual(model.Email, USRM1.Email);
db = new Repository(this.TContext); // save took place
var user = db.Users.Where(u => u.Email == model.Email).FirstOrDefault();
Assert.IsNotNull(user);
Assert.IsTrue(user.Password == Crypto.Hash(model.NewPassword, user.Salt));
}
/// <summary>
/// Approve password reset
/// </summary>
/// <param name="model">Password reset model</param>
/// <returns></returns>
public async Task <ApiOkResult> ResetPasswordApprove(UserResetPasswordModel model)
{
var user = await _appUserManager.FindByEmailAsync(model.Email);
if (user == null)
{
throw new EntityNotFoundException(model.Email, typeof(AppUser));
}
var resetPasswordEntity = await _userResetPasswordRepository.GetByUser(user.Id, model.Token);
if (resetPasswordEntity == null || (DateTime.UtcNow - resetPasswordEntity.CreateTime).TotalHours > 24)
{
throw new EntityNotFoundException(model.Token, typeof(UserResetPassword), "Can not find request to reset password");
}
var result = await _appUserManager.RemovePasswordAsync(user);
if (!result.Succeeded)
{
throw new MRSystemException("Can not reset password");
}
result = await _appUserManager.AddPasswordAsync(user, model.Password);
if (!result.Succeeded)
{
throw new MRSystemException("Can not reset password");
}
await _userResetPasswordRepository.ResetAllCodes(user.Id);
return(new ApiOkResult(true));
}
public async Task <IActionResult> ResetPassword(UserResetPasswordModel userReset)
{
if (!ModelState.IsValid)
{
ModelState.AddModelError("", "Yeni şifrə düzgün deyil");
return(View());
}
var user = await _userManager.FindByIdAsync(userReset.UserId);
if (user == null)
{
ModelState.AddModelError("", "İstifadəçi tapılmadı");
return(View());
}
var codeDecodedBytes = WebEncoders.Base64UrlDecode(userReset.Token);
var codeDecoded = Encoding.UTF8.GetString(codeDecodedBytes);
var result = await _userManager.ResetPasswordAsync(user, codeDecoded, userReset.Password);
if (!result.Succeeded)
{
foreach (var item in result.Errors)
{
ModelState.AddModelError("", item.Description);
}
return(View(userReset));
}
return(RedirectToAction("Login"));
}
public ActionResult RequestNewPassword(UserResetPasswordModel model)
{
if (ModelState.IsValid)
{
var response = accountService.RequestNewPassword(model);
if (response.IsOK)
{
ViewData["CurrentUser"] = this.CurrentUser ?? new UserSessionModel();
var emailModel = response.Model as SendEmailPasswordResetModel;
emailModel.RenderTextVersion = true;
emailModel.BodyTextVersion = RenderView(this, "SendEmailPasswordReset", emailModel);
emailModel.RenderTextVersion = false;
emailModel.BodyHtmlVersion = RenderView(this, "SendEmailPasswordReset", emailModel);
new EmailServices().SendEmail(emailModel);
}
if (ProcessServiceResponse(response))
{
return(View("RequestNewPasswordAcknowledgement"));
}
}
return(View(model));
}
public async Task <ActionResult> ResetPassword([FromBody] UserResetPasswordModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
try
{
var forgotPasswordCodeToken = await _accountService.GetForgotPasswordCodeToken(model.Email);
if (!model.Code.Equals(forgotPasswordCodeToken))
{
return(Unauthorized(ErrorMessage.INVALIDFORGOTPASSWORDTOKEN.ToString()));
}
await _accountService.ResetPassword(model.Email, model.Password);
return(Ok());
}
catch (ArgumentException aex)
{
_log.Error(aex);
return(Unauthorized(aex.Message));
}
}
private ActionResult ValidateUser(UserLoginModel Model, string ReturnUrl)
{
SetTermOfUse();
string formId = "", pageNumber;
if (ReturnUrl == null || !ReturnUrl.Contains("/"))
{
ReturnUrl = "/Home/Index";
}
else
{
formId = ReturnUrl.Substring(0, ReturnUrl.IndexOf('/'));
pageNumber = ReturnUrl.Substring(ReturnUrl.LastIndexOf('/') + 1);
}
try
{
Epi.Web.Enter.Common.Message.UserAuthenticationResponse result = _isurveyFacade.ValidateUser(Model.UserName, Model.Password);
if (result.UserIsValid)
{
if (result.User.ResetPassword)
{
UserResetPasswordModel model = new UserResetPasswordModel();
model.UserName = Model.UserName;
model.FirstName = result.User.FirstName;
model.LastName = result.User.LastName;
ReadPasswordPolicy(model);
return(ResetPassword(model));
}
else
{
FormsAuthentication.SetAuthCookie(Model.UserName, false);
string UserId = Epi.Web.Enter.Common.Security.Cryptography.Encrypt(result.User.UserId.ToString());
Session["UserId"] = UserId;
//Session["UsertRole"] = result.User.Role;
Session["UserHighestRole"] = result.User.UserHighestRole;
Session["UserEmailAddress"] = result.User.EmailAddress;
Session["UserFirstName"] = result.User.FirstName;
Session["UserLastName"] = result.User.LastName;
Session["UGuid"] = result.User.UGuid;
return(RedirectToAction(Epi.Web.MVC.Constants.Constant.INDEX, "Home", new { surveyid = formId }));
//return Redirect(ReturnUrl);
}
}
//else
{
ModelState.AddModelError("", "The email or password you entered is incorrect.");
Model.ViewValidationSummary = true;
return(View(Model));
}
}
catch (Exception)
{
ModelState.AddModelError("", "The email or password you entered is incorrect.");
Model.ViewValidationSummary = true;
return(View(Model));
throw;
}
}
// var currentUser = context.Session["UserSessionModel"] as UserSessionModel;
public ServiceResponse RequestNewPassword(UserResetPasswordModel model)
{
this.Response = new ServiceResponse();
var emailUser = GetUserSessionModel(model.Email).Model as UserSessionModel;
if (emailUser == null)
{
this.Response.AddError("Email", ResourceModelUser.MU007);
}
else
{
var emailModel = new SendEmailPasswordResetModel();
emailModel.From = new MailAddress(Utilities.Config("dpo.sys.email.from"), "Daikin Office Project");
emailModel.To.Add(new MailAddress(emailUser.Email, emailUser.DisplayName));
model.GenerateSecurityKey();
emailModel.SecurityKey = model.SecurityKey;
emailModel.Subject = "Daikin Password Reset Request";
this.Response.Model = emailModel;
}
return(this.Response);
}
public bool SetNewPassword(UserResetPasswordModel model)
{
Users user = UserManager.GetByHash(model.ConfirmHash);
UserManager.NewPasswordUpdate(user.Id, model.NewPassword);
return(true);
}
public ActionResult RequestNewPassword(String UserEmail)
{
var model = new UserResetPasswordModel
{
Email = UserEmail
};
return(View(model));
}
public async Task <IActionResult> ApproveResetPassword([FromBody] UserResetPasswordModel model)
{
if (!ModelState.IsValid)
{
return(BadModelResponse());
}
return(Ok(await _loginManager.ResetPasswordApprove(model)));
}
public IActionResult ResetPassword(string token, string userId)
{
var model = new UserResetPasswordModel
{
Token = token,
UserId = userId
};
return(View(model));
}
private void ReadPasswordPolicy(UserResetPasswordModel Model)
{
Model.MinimumLength = SecurityAppSettings.GetIntValue(SecurityAppSettings.Key.PasswordMinimumLength);
Model.MaximumLength = SecurityAppSettings.GetIntValue(SecurityAppSettings.Key.PasswordMaximumLength);
Model.UseSymbols = SecurityAppSettings.GetBoolValue(SecurityAppSettings.Key.UseSymbols);
Model.UseNumeric = SecurityAppSettings.GetBoolValue(SecurityAppSettings.Key.UseNumbers);
Model.UseLowerCase = SecurityAppSettings.GetBoolValue(SecurityAppSettings.Key.UseLowerCase);
Model.UseUpperCase = SecurityAppSettings.GetBoolValue(SecurityAppSettings.Key.UseUpperCase);
Model.UseUserIdInPassword = SecurityAppSettings.GetBoolValue(SecurityAppSettings.Key.UseUserIdInPassword);
Model.UseUserNameInPassword = SecurityAppSettings.GetBoolValue(SecurityAppSettings.Key.UseUserNameInPassword);
Model.NumberOfTypesRequiredInPassword = SecurityAppSettings.GetIntValue(SecurityAppSettings.Key.NumberOfTypesRequiredInPassword);
Model.Symbols = SecurityAppSettings.GetStringValue(SecurityAppSettings.Key.Symbols);
}
private void ReadPasswordPolicy(UserResetPasswordModel Model)
{
Model.MinimumLength = Convert.ToInt16(ConfigurationManager.AppSettings["PasswordMinimumLength"]);
Model.MaximumLength = Convert.ToInt16(ConfigurationManager.AppSettings["PasswordMaximumLength"]);
Model.UseSymbols = Convert.ToBoolean(ConfigurationManager.AppSettings["UseSymbols"]); //= false;
Model.UseNumeric = Convert.ToBoolean(ConfigurationManager.AppSettings["UseNumbers"]); //= false;
Model.UseLowerCase = Convert.ToBoolean(ConfigurationManager.AppSettings["UseLowerCase"]);
Model.UseUpperCase = Convert.ToBoolean(ConfigurationManager.AppSettings["UseUpperCase"]);
Model.UseUserIdInPassword = Convert.ToBoolean(ConfigurationManager.AppSettings["UseUserIdInPassword"]);
Model.UseUserNameInPassword = Convert.ToBoolean(ConfigurationManager.AppSettings["UseUserNameInPassword"]);
Model.NumberOfTypesRequiredInPassword = Convert.ToInt16(ConfigurationManager.AppSettings["NumberOfTypesRequiredInPassword"]);
Model.Symbols = ConfigurationManager.AppSettings["Symbols"];
}
public int ResetPassword([System.Web.Http.FromBody] UserResetPasswordModel model)
{
int ret = -1;
User u = null;
string resetToken = string.Empty;
if (model != null && !string.IsNullOrEmpty(model.Email))
{
using (var repo = Resolver.Resolve <IUserRepository>())
{
u = repo.SelectByExternalId(model.Email);
if (u != null)
{
if (u.Password == null)
{
u.Password = new UserPasswordDetails();
}
resetToken = u.Password.ResetToken = Utils.Crypto.GetHash(Guid.NewGuid().ToString());
u.Password.ConfirmToken = string.Empty;
repo.Update(u);
MessageQueueManager.Current.GetQueue(MessageQueueType.Email).AddMessages(new Message[] { new Message()
{
Id = Guid.NewGuid().ToString(),
Subject = Ifly.Resources.Frontpage.Email_PasswordReset_Subject,
Body = new GenericMessageBody
(
new Tuple <string, string>("Recipient", model.Email),
new Tuple <string, string>("Body", string.Format(Ifly.Resources.Frontpage.Email_PasswordReset_Body, string.Format("{0}://{1}/change-password?email={2}&token={3}",
Request.Url.Scheme, Request.Url.Authority, Server.UrlEncode(model.Email), resetToken)))
).ToString()
} });
}
else
{
throw new System.Web.HttpException((int)System.Net.HttpStatusCode.NotFound, "Not found");
}
}
}
else
{
throw new System.Web.HttpException((int)System.Net.HttpStatusCode.BadRequest, "Bad request");
}
return(ret);
}
public void ResetPassword(UserResetPasswordModel model)
{
model.NewPassword = hashCryptoHelper.HashString(model.NewPassword);
var userData = userDataRepository.FetchAll().Where(x => x.TokenHash == model.Token).FirstOrDefault();
userServiceValidationHelper.ValidateUserData(userData);
userServiceValidationHelper.ValidateUserPasswordToken(userData);
userData.PassHash = model.NewPassword;
userData.IsTokenUsed = true;
userData.FailedLoginCount = 0;
userDataRepository.Update(userData);
userDataRepository.Save();
}
public void TestsUserAccounts_User_RequestNewPassword()
{
var USRM1 = db.Users.Where(u => u.Email == "*****@*****.**").FirstOrDefault();
var model = new UserResetPasswordModel();
// Fail
model.Email = "dsfdsf";
var errors = service.RequestNewPassword(model).GetMessages(MessageTypeEnum.Error);
Assert.IsTrue(errors.Any(m => m.Key == "Email"));
//fail
model.Email = USRM1.Email;
errors = service.RequestNewPassword(model).GetMessages(MessageTypeEnum.Error);
Assert.IsFalse(errors.Any(m => m.Key == "Email"));
}
public async Task <BaseServiceResponse> ResetPassword(UserResetPasswordModel model)
{
var response = new BaseServiceResponse();
try
{
if (model.Email == null)
{
return(response);
}
var user = await db.FindByEmail(model.Email.ToLower());
if (user == null)
{
return(response);
}
string resetToken = hasher.Hash(model.Email).Hash;
user.Reset = resetToken;
await db.UpdateAsync(user);
var resetModel = new PasswordResetModel()
{
ActionUrl = $"http://www.aliseeks.com/user/reset?token={resetToken}",
Name = user.Username,
SenderName = "Alex",
Subject = "Password Reset",
ToAddress = user.Email
};
await email.SendPasswordResetTo(resetModel);
}
catch (Exception e)
{
var sentry = new SentryEvent(e);
await raven.CaptureNetCoreEventAsync(sentry);
}
return(response);
}
// var lastUpdate = Db.UserQueryByEmail(context.User.Identity.Name).Select(u => u.Timestamp).FirstOrDefault();
public ServiceResponse ValidateSecurityKey(UserResetPasswordModel model)
{
this.Response = new ServiceResponse();
if (model.DecryptSecurityKey() == false)
{
this.Response.AddError(ResourceModelUser.MU009);
return(this.Response);
}
if (new TimeSpan(DateTime.UtcNow.Ticks - model.SecurityTicks).TotalMinutes > 30)
{
this.Response.AddError(ResourceModelUser.MU009);
return(this.Response);
}
this.Response.Model = model;
return(this.Response);
}
public ActionResult ResettingPasswordFromSecurityLink(UserResetPasswordModel model)
{
if (ModelState.IsValid)
{
var response = accountService.ValidateSecurityKey(model);
if (ProcessServiceResponse(response))
{
response = accountService.ResetPassword(model);
if (ProcessServiceResponse(response))
{
FormsAuthentication.SignOut();
return(View("PasswordResetAcknowledgement"));
}
}
}
return(View(model));
}
public ActionResult ResetPassword(UserResetPasswordModel Model, string Action, string ReturnUrl)
{
switch (Action.ToUpper())
{
case "CANCEL":
return(RedirectToAction(ViewActions.Index, ControllerNames.Login));
default:
break;
}
if (!ModelState.IsValid)
{
UserResetPasswordModel model = new UserResetPasswordModel();
model.UserName = Model.UserName;
ReadPasswordPolicy(model);
// ModelState.AddModelError("", "Passwords do not match. Please try again.");
return(View("ResetPassword", model));
}
if (!ValidatePassword(Model))
{
ModelState.AddModelError("", "Password is not strong enough. Please try again.");
return(View("ResetPassword", Model));
}
_securityFacade.UpdateUser(new UserDTO()
{
UserName = Model.UserName, PasswordHash = Model.Password, Operation = OperationMode.UpdatePassword, ResetPassword = true
});
UserLoginModel UserLoginModel = new UserLoginModel();
UserLoginModel.Password = Model.Password;
UserLoginModel.UserName = Model.UserName;
return(ValidateUser(UserLoginModel, ReturnUrl));
}
public ActionResult ResetPassword(UserResetPasswordModel Model, string Action, string ReturnUrl)
{
switch (Action.ToUpper())
{
case "CANCEL":
return(RedirectToAction(Epi.Web.MVC.Constants.Constant.INDEX, "Login"));
default:
break;
}
if (!ModelState.IsValid)
{
UserResetPasswordModel model = new UserResetPasswordModel();
model.UserName = Model.UserName;
ReadPasswordPolicy(model);
// ModelState.AddModelError("", "Passwords do not match. Please try again.");
return(View("ResetPassword", model));
}
if (!ValidatePassword(Model))
{
ModelState.AddModelError("", "Password is not strong enough. Please try again.");
return(View("ResetPassword", Model));
}
_isurveyFacade.UpdateUser(new Enter.Common.DTO.UserDTO()
{
UserName = Model.UserName, PasswordHash = Model.Password, Operation = Constant.OperationMode.UpdatePassword, ResetPassword = true
});
UserLoginModel UserLoginModel = new UserLoginModel();
UserLoginModel.Password = Model.Password;
UserLoginModel.UserName = Model.UserName;
return(ValidateUser(UserLoginModel, ReturnUrl));
}
public ServiceResponse ResetPassword(UserResetPasswordModel model)
{
this.Response = new ServiceResponse();
if (model.DecryptSecurityKey() == false)
{
this.Response.AddError(ResourceModelUser.MU009);
return(this.Response);
}
Validation.IsPasswordConfirmed(this.Response.Messages, model.NewPassword, model.ConfirmPassword, "ConfirmPassword");
this.Db.ReadOnly = false;
var user = this.Db.UserQueryByEmail(model.Email).FirstOrDefault();
user.Password = Crypto.Hash(model.NewPassword, user.Salt);
this.Db.SaveChanges();
this.Response.Model = model;
return(this.Response);
}
private bool ValidatePassword(UserResetPasswordModel Model)
{
//int minLength = Convert.ToInt16(ConfigurationManager.AppSettings["PasswordMinimumLength"]);
//int maxLength = Convert.ToInt16(ConfigurationManager.AppSettings["PasswordMaximumLength"]);
//bool useSymbols = Convert.ToBoolean(ConfigurationManager.AppSettings["UseSymbols"]); //= false;
//bool useNumeric = Convert.ToBoolean(ConfigurationManager.AppSettings["UseNumbers"]); //= false;
//bool useLowerCase = Convert.ToBoolean(ConfigurationManager.AppSettings["UseLowerCase"]);
//bool useUpperCase = Convert.ToBoolean(ConfigurationManager.AppSettings["UseUpperCase"]);
//bool useUserIdInPassword = Convert.ToBoolean(ConfigurationManager.AppSettings["UseUserIdInPassword"]);
//bool useUserNameInPassword = Convert.ToBoolean(ConfigurationManager.AppSettings["UseUserNameInPassword"]);
//int numberOfTypesRequiredInPassword = Convert.ToInt16(ConfigurationManager.AppSettings["NumberOfTypesRequiredInPassword"]);
ReadPasswordPolicy(Model);
int successCounter = 0;
if (Model.UseSymbols && HasSymbol(Model.Password))
{
successCounter++;
}
if (Model.UseUpperCase && HasUpperCase(Model.Password))
{
successCounter++;
}
if (Model.UseLowerCase && HasLowerCase(Model.Password))
{
successCounter++;
}
if (Model.UseNumeric && HasNumber(Model.Password))
{
successCounter++;
}
if (Model.UseUserIdInPassword)
{
if (Model.Password.ToString().Contains(Model.UserName.Split('@')[0].ToString()))
{
successCounter = 0;
}
}
if (Model.UseUserNameInPassword)
{
if (Model.Password.ToString().Contains(Model.FirstName) || Model.Password.ToString().Contains(Model.LastName))
{
successCounter = 0;
}
}
if (Model.Password.Length < Model.MinimumLength || Model.Password.Length > Model.MaximumLength)
{
return(false);
}
if (Model.NumberOfTypesRequiredInPassword <= successCounter && successCounter != 0)
{
return(true);
}
return(false);
}
//[HttpGet]
public ActionResult ResetPassword(UserResetPasswordModel model)
{
return(View("ResetPassword", model));
}
public async Task <IActionResult> ResetPassword(CancellationToken cancellationToken, UserResetPasswordModel model)
{
var userAgent = Request.UserAgent();
var command = new UserManagementCommand <UserResetPasswordModel>(model, User, userAgent);
var result = await Mediator.Send(command, cancellationToken).ConfigureAwait(false);
return(Ok(result));
}
public async Task <IActionResult> Reset([FromBody] UserResetPasswordModel model)
{
await user.ResetPassword(model);
return(Ok());
}
