public void Update(User user) { context.Entry(user).State = EntityState.Modified; }
public void Register(string username, string password, string email) { /* registration means: 1) check for existing username/emails in repository 2) create entry in repository in disabled state 3) send message to new user's email with registration code */ // 1) check for existing user var existingUsers = from x in _userRepository.All where x.ID == username || x.Email == email select x; if (existingUsers.Count() > 0) { throw new ValidationException("Username and/or Email already registered"); } // 2) create new user var pwd = Hash(password); User user = new User() { ID = username, PasswordHash = pwd.HashedPassword, PasswordSalt = pwd.Salt, Password = pwd.Password, Email = email, CreateDate = DateTime.Now, CanLogin = true, FailedPasswordCount = 0, LastFailedLogin = null, IsRoleRegisteredUser = true }; if (user.ID == "admin") user.IsRoleAdmin = true; // persist it all _userRepository.Insert(user); _userRepository.Save(); }
public void Insert(User user) { context.Users.Add(user); }
bool Authenticate(User user, string password) { if (user == null) return false; // user flagged as not allowed in if (user.CanLogin == false) return false; // user surpassed the failed number of guesses // and their lockout period hasn't expired if (user.FailedPasswordCount >= MaxFailedPasswordAttempts) { DateTime lastFailedLogin = user.LastFailedLogin.Value; if (!(user.LastFailedLogin.Value.AddMinutes(FailedPasswordLockoutPeriod) < DateTime.UtcNow)) { return false; } } // does password line up with data from DB var correctPassword = IsPasswordCorrect(password, user.PasswordSalt, user.PasswordHash); if (correctPassword) { // reset their failed password count if (user.FailedPasswordCount > 0) { user.FailedPasswordCount = 0; } user.LastSuccessfulLogin = DateTime.UtcNow; } else { // bump the fail count user.FailedPasswordCount++; user.LastFailedLogin = DateTime.UtcNow; } _userRepository.Save(); return correctPassword; }