public static void SendInvitationEmail(Guid interviewId, string username)
{
DbContext context = DataController.CreateDbContext();
var interviewInfo = context.Interviews
.Where(i => i.ID == interviewId)
.Select(interview => new
{
Interview = interview,
Applicant = new
{
FirstName = interview.Applicant.FirstName,
LastName = interview.Applicant.LastName,
EmailAddress = interview.Applicant.EmailAddress
}
})
.FirstOrDefault();
var userInfo = context.Users
.Where(u => u.ID == username)
.Select(u => new
{
FirstName = u.FirstName,
LastName = u.LastName,
EmailAddress = u.EmailAddress
}).FirstOrDefault();
EmailController.SendInvitationEmail(
interviewInfo.Applicant.FirstName, interviewInfo.Applicant.LastName, interviewInfo.Applicant.EmailAddress,
userInfo.FirstName, userInfo.LastName, userInfo.EmailAddress,
interviewId);
}
public static void CreateUser(string username, string password, string emailAddress, string firstName, string lastName, AuthToken token, bool isAdmin)
{
if (!token.IsAdmin)
{
throw new AuthenticationException("Admin must perform this action");
}
DbContext context = DataController.CreateDbContext();
if (UserExists(username))
{
throw new AuthenticationException("Username is taken.");
}
if (EmailAddressExists(emailAddress))
{
throw new AuthenticationException("Email address is already in use.");
}
CreateUser(context, username, password, emailAddress, firstName, lastName, isAdmin);
context.SaveChanges();
EmailController.SendNewUserEmail(firstName, lastName, username, emailAddress);
}
public static void UpdateUser(string username, string firstName, string lastName, string emailAddress, AuthToken token)
{
if (!token.IsAdmin)
{
throw new AuthenticationException("Admin must perform this action");
}
DbContext context = DataController.CreateDbContext();
User user = context.Users.FirstOrDefault(u => u.ID == username);
if (user == null)
{
throw new AuthenticationException("User does not exist!");
}
if (EmailAddressExists(emailAddress, username))
{
throw new AuthenticationException("Email address is already in use");
}
user.FirstName = firstName;
user.LastName = lastName;
user.EmailAddress = emailAddress;
context.SaveChanges();
}
public static void SendPasswordResetEmail(string username)
{
DbContext context = DataController.CreateDbContext();
var userInfo = (from user in context.Users
where user.ID == username
select new
{
user.FirstName,
user.LastName,
user.EmailAddress,
UserName = user.ID
}).FirstOrDefault();
if (userInfo == null)
{
throw new AuthenticationException("User not found.");
}
EmailController.SendPasswordResetEmail(
userInfo.FirstName,
userInfo.LastName,
userInfo.EmailAddress,
userInfo.UserName);
}
public static AuthToken ValidateUser(string username, string password, bool requireActiveAccount)
{
DbContext context = DataController.CreateDbContext();
User user = context.Users.FirstOrDefault(u => u.ID == username);
if (user == null)
{
throw new AuthenticationException("Invalid login.");
}
if (DateTime.UtcNow - user.LastLoginDate < Settings.Default.MinTimeBetweenLoginAttempts)
{
throw new AuthenticationException(string.Format("Please wait at least {0} seconds between login attempts.", Settings.Default.MinTimeBetweenLoginAttempts.Seconds));
}
if (DateTime.UtcNow - user.LastLoginDate < Settings.Default.AccountLockDuration && user.LoginAttempts > Settings.Default.MaxLoginAttempts)
{
throw new AuthenticationException(string.Format("Your account has been locked for {0} minutes due to too many incorrect login attempts.", Settings.Default.AccountLockDuration.Minutes));
}
byte[] passwordHash = user.PasswordHash;
byte[] computedHash = SaltAndHashPassword(password, user.PasswordSalt);
bool isValid = Enumerable.SequenceEqual(computedHash, passwordHash);
user.LastLoginDate = DateTime.UtcNow;
AuthToken token = null;
if (isValid)
{
DateTime expiresOn = DateTime.UtcNow + Settings.Default.SessionExpiryInterval;
token = new AuthToken(username, GetCallerIPAddress(), expiresOn, user.IsAdmin,
Common.Helpers.RandomHelper.RandomLong());
user.LoginAttempts = 0;
context.SaveChanges();
}
else
{
user.LoginAttempts++;
context.SaveChanges();
if (user.LoginAttempts < Settings.Default.MaxLoginAttempts)
{
throw new AuthenticationException("Invalid login.");
}
else
{
throw new AuthenticationException(string.Format("Your account has been locked for {0} minutes due to too many incorrect login attempts.",
Settings.Default.AccountLockDuration.Minutes));
}
}
return(token);
}
public static void ChangePassword(string username, string newPassword)
{
DbContext context = DataController.CreateDbContext();
User user = context.Users.FirstOrDefault(u => u.ID == username);
if (user == null)
{
throw new AuthenticationException("User does not exist!");
}
ChangePassword(context, user, newPassword);
}
private static bool EmailAddressExists(string emailAddress, string username = null)
{
DbContext context = DataController.CreateDbContext();
if (username == null)
{
return(context.Users.Any(u => u.EmailAddress == emailAddress));
}
else
{
return(context.Users.Any(u => u.ID != username && u.EmailAddress == emailAddress));
}
}
public static void ChangePassword(string username, string oldPassword, string newPassword)
{
DbContext context = DataController.CreateDbContext();
User user = context.Users.FirstOrDefault(u => u.ID == username);
if (user == null)
{
throw new AuthenticationException("User does not exist!");
}
byte[] passwordHash = user.PasswordHash;
byte[] computedHash = SaltAndHashPassword(oldPassword, user.PasswordSalt);
if (!Enumerable.SequenceEqual(computedHash, passwordHash))
{
throw new AuthenticationException("Old password is incorrect.");
}
ChangePassword(context, user, newPassword);
}
public static void DeleteUser(string username, AuthToken token)
{
if (!token.IsAdmin)
{
throw new AuthenticationException("Admin must perform this action");
}
DbContext context = DataController.CreateDbContext();
User user = context.Users.FirstOrDefault(u => u.ID == username);
if (user == null)
{
throw new AuthenticationException("User does not exist!");
}
if (user.IsAdmin)
{
throw new AuthenticationException("Cannot delete the admin user!");
}
context.Users.Remove(user);
context.SaveChanges();
}
private static bool UserExists(string username)
{
DbContext context = DataController.CreateDbContext();
return(context.Users.Any(u => u.ID == username));
}
