admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-11-19 16:11:56 +00:00
parent fbc84c76ae
commit d991c0abad
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/AyaNova/Controllers/AuthController.cs
View File

@@ -368,6 +368,13 @@ namespace AyaNova.Api.Controllers
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED)); return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
} }
if (string.IsNullOrWhiteSpace(user.PasswordResetCode) || user.PasswordResetCodeExpire == null)
{
//Make a fail wait
await Task.Delay(nFailDelay);
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
}
//vet the expiry //vet the expiry
var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero); var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero);
if (user.PasswordResetCodeExpire < utcNow.DateTime) if (user.PasswordResetCodeExpire < utcNow.DateTime)
@@ -384,7 +391,7 @@ namespace AyaNova.Api.Controllers
/// <summary> /// <summary>
/// Generate time limited password reset code for User /// Generate time limited password reset code for User
/// and email to them /// and email link to them so they can set their password
/// ///
/// </summary> /// </summary>
/// <param name="id">User id</param> /// <param name="id">User id</param>

5
server/AyaNova/biz/UserBiz.cs
View File

@@ -301,6 +301,11 @@ namespace AyaNova.Biz
{ {
User dbObject = await ct.User.FirstOrDefaultAsync(z => z.Id == userId); User dbObject = await ct.User.FirstOrDefaultAsync(z => z.Id == userId);
dbObject.Password = Hasher.hash(dbObject.Salt, newPassword); dbObject.Password = Hasher.hash(dbObject.Salt, newPassword);
//remove reseet code and date so it can't be used again
dbObject.PasswordResetCode=null;
dbObject.DlKeyExpire=null;
await ct.SaveChangesAsync(); await ct.SaveChangesAsync();
//Log modification and save context //Log modification and save context