From d991c0abad6d223768bf8ba57faff9fdf9d8f0c2 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Thu, 19 Nov 2020 16:11:56 +0000 Subject: [PATCH] --- server/AyaNova/Controllers/AuthController.cs | 9 ++++++++- server/AyaNova/biz/UserBiz.cs | 5 +++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs index 1e532d3d..93cc38d2 100644 --- a/server/AyaNova/Controllers/AuthController.cs +++ b/server/AyaNova/Controllers/AuthController.cs @@ -368,6 +368,13 @@ namespace AyaNova.Api.Controllers return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED)); } + if (string.IsNullOrWhiteSpace(user.PasswordResetCode) || user.PasswordResetCodeExpire == null) + { + //Make a fail wait + await Task.Delay(nFailDelay); + return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED)); + } + //vet the expiry var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero); if (user.PasswordResetCodeExpire < utcNow.DateTime) @@ -384,7 +391,7 @@ namespace AyaNova.Api.Controllers /// /// Generate time limited password reset code for User - /// and email to them + /// and email link to them so they can set their password /// /// /// User id diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs index 263b479c..37fc5468 100644 --- a/server/AyaNova/biz/UserBiz.cs +++ b/server/AyaNova/biz/UserBiz.cs @@ -301,6 +301,11 @@ namespace AyaNova.Biz { User dbObject = await ct.User.FirstOrDefaultAsync(z => z.Id == userId); dbObject.Password = Hasher.hash(dbObject.Salt, newPassword); + + //remove reseet code and date so it can't be used again + dbObject.PasswordResetCode=null; + dbObject.DlKeyExpire=null; + await ct.SaveChangesAsync(); //Log modification and save context