ResetPasswordModule | C# Online Compiler

ResetPasswordModule by Anonymous

using System;
using System.ComponentModel.DataAnnotations;

namespace PCTELWebApp
{
	//Use model to send Email to reset password API
	public class ResetPasswordDto
	{
		[Required]
		[EmailAddress]
		public string EmailId
		{
			get;
			set;
		}
	}

	//Get password and conirm password from user
	public class UpdatePasswordDto
	{
		[Required]
		[DataType(DataType.Password)]
		[RegularExpression("^((?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[^a-zA-Z0-9])).{8,}$", ErrorMessage = "Passwords must be at least 8 characters and must contain at least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 speacial character")]
		public string Password
		{
			get;
			set;
		}

		[Required]
		[DataType(DataType.Password)]
		[Compare("Password", ErrorMessage = "Password and confirm password does not match")]
		public string ConfirmPassword
		{
			get;
			set;
		}
	}

	// common entity class or primary Id
	public class BaseEntity
	{
		[Required]
		private Guid Id
		{
			get;
			set;
		}
	}

	//Enity Class to save user details
	public class UserDetails : BaseEntity
	{
		[Required]
		public string FirstName
		{
			get;
			set;
		}

		[Required]
		public string LastName
		{
			get;
			set;
		}

		[Required]
		public string EmailId
		{
			get;
			set;
		}

		[Required]
		public Datetime DateOfBirth
		{
			get;
			set;
		}

		[Required]
		public string ContactNumber
		{
			get;
			set;
		}

		[Required]
		public DateTime CreatedOn
		{
			get;
			set;
		}
	}

	//Enity Class to save passord detils
	public class PasswordDetails : BaseEntity
	{
		public int UserId
		{
			get;
			set;
		}

		[Required]
		public string Password
		{
			get;
			set;
		}

		[Required]
		public DateTime CreatedOn
		{
			get;
			set;
		}

		public int PasswordStatusId
		{
			get;
			set;
		}

		public PasswordStatus PasswordStatus
		{
			get
			{
				return (PasswordStatus)PasswordStatusId;
			}

			set
			{
				this.PasswordStatusId = (int)value;
			}
		}
	}

	public enum PasswordStatus
	{
		Active = 1,
		Expired = 2
	}

	//	
	//Enity Class to save token details
	public class TokenDetails : BaseEntity
	{
		[Required]
		public string Token
		{
			get;
			set;
		}

		[Required]
		public guid UserId
		{
			get;
			set;
		}

		[Required]
		public DateTime ExpireDateTime
		{
			get;
			set;
		}

		public int TokenStatusId
		{
			get;
			set;
		}

		public TokenStatus TokenStatus
		{
			get
			{
				return (TokenStatus)TokenStatusId;
			}

			set
			{
				this.TokenStatusId = (int)value;
			}
		}
	}

	public enum TokenStatus
	{
		Active = 1,
		Expired = 2
	}

	public class TokenStructure
	{
		public Guid ID
		{
			get;
			set;
		}

		public Guid UserId
		{
			get;
			set;
		}

		public DateTime CreatedOn
		{
			get;
			set;
		}
	}
}

Model

​x
 
using System;
using System.ComponentModel.DataAnnotations;
​
namespace PCTELWebApp
{
    //Use model to send Email to reset password API
    public class ResetPasswordDto
    {
        [Required]
        [EmailAddress]
        public string EmailId
        {
            get;
            set;
        }
    }
​
    //Get password and conirm password from user
    public class UpdatePasswordDto
    {
        [Required]
        [DataType(DataType.Password)]
        [RegularExpression("^((?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[^a-zA-Z0-9])).{8,}$", ErrorMessage = "Passwords must be at least 8 characters and must contain at least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 speacial character")]
        public string Password
        {
            get;
            set;
        }
​
        [Required]
        [DataType(DataType.Password)]
        [Compare("Password", ErrorMessage = "Password and confirm password does not match")]
        public string ConfirmPassword
        {
            get;
            set;
        }
    }
​
    // common entity class or primary Id
    public class BaseEntity
    {
        [Required]
        private Guid Id
        {
            get;
            set;
        }
    }
​
    //Enity Class to save user details
    public class UserDetails : BaseEntity
    {
        [Required]
        public string FirstName
        {
            get;
            set;
        }
​
        [Required]
        public string LastName
        {
            get;
            set;
        }
​
        [Required]
        public string EmailId
        {
            get;
            set;
        }
​
        [Required]
        public Datetime DateOfBirth
        {
            get;
            set;
        }
​
        [Required]
        public string ContactNumber
        {
            get;
            set;
        }
​
        [Required]
        public DateTime CreatedOn
        {
            get;
            set;
        }
    }
​
    //Enity Class to save passord detils
    public class PasswordDetails : BaseEntity
    {
        public int UserId
        {
            get;
            set;
        }
​
        [Required]
        public string Password
        {
            get;
            set;
        }
​
        [Required]
        public DateTime CreatedOn
        {
            get;
            set;
        }
​
        public int PasswordStatusId
        {
            get;
            set;
        }
​
        public PasswordStatus PasswordStatus
        {
            get
            {
                return (PasswordStatus)PasswordStatusId;
            }
​
            set
            {
                this.PasswordStatusId = (int)value;
            }
        }
    }
​
    public enum PasswordStatus
    {
        Active = 1,
        Expired = 2
    }
​
    //  
    //Enity Class to save token details
    public class TokenDetails : BaseEntity
    {
        [Required]
        public string Token
        {
            get;
            set;
        }
​
        [Required]
        public guid UserId
        {
            get;
            set;
        }
​
        [Required]
        public DateTime ExpireDateTime
        {
            get;
            set;
        }
​
        public int TokenStatusId
        {
            get;
            set;
        }
​
        public TokenStatus TokenStatus
        {
            get
            {
                return (TokenStatus)TokenStatusId;
            }
​
            set
            {
                this.TokenStatusId = (int)value;
            }
        }
    }
​
    public enum TokenStatus
    {
        Active = 1,
        Expired = 2
    }
​
    public class TokenStructure
    {
        public Guid ID
        {
            get;
            set;
        }
​
        public Guid UserId
        {
            get;
            set;
        }
​
        public DateTime CreatedOn
        {
            get;
            set;
        }
    }
}

View

​

using System;
using System.Web.Mvc;
using System.Collections.Generic;


namespace PCTELWebApp
{

#region Services
public partial interface IRepository<T> where T : BaseEntity
    {
       

        /// <summary>
        /// Insert entity
        /// </summary>
        /// <param name="entity">Entity</param>
        void Insert(T entity);

       

        /// <summary>
        /// Update entity
        /// </summary>
        /// <param name="entity">Entity</param>
        void Update(T entity);

       

        /// <summary>
        /// Delete entity
        /// </summary>
        /// <param name="entity">Entity</param>
        void Delete(T entity);

       
        /// <summary>
        /// Gets a table
        /// </summary>
        IQueryable<T> Table { get; }

       
    }
	
 public class EfRepository<T> : IRepository<T> where T : BaseEntity
    {
        protected readonly dbContext _dbContext;
        private DbSet<T> _entities;



        public EfRepository(dbContext context)
        {
            this._dbContext = context;
        }

  
        public virtual IQueryable<T> Table
        {
            get
            {
                return Entities;
            }
        }
        public virtual void Insert(T entity)
        {
            try
            {
                if (entity == null)
                    throw new ArgumentNullException(nameof(entity));

                Entities.Add(entity);

                _dbContext.SaveChanges();
                _dbContext.Entry<T>(entity).Reload();
            }
            catch (Exception dbEx)
            {
                //ensure that the detailed error text is saved in the Log

                throw new Exception(dbEx.ToString());
            }
        }

      
        public virtual void Update(T entity)
        {
            try
            {
                if (entity == null)
                    throw new ArgumentNullException(nameof(entity));

                _dbContext.Entry(entity).State = EntityState.Modified;
                _dbContext.SaveChanges();
                _dbContext.Entry<T>(entity).Reload();
            }
            catch (Exception dbEx)
            {
                //ensure that the detailed error text is saved in the Log
                throw new Exception(dbEx.ToString());
            }
        }


        /// <summary>
        /// Delete entity
        /// </summary>
        /// <param name="entity">Entity</param>
        public virtual void Delete(T entity)
        {
            try
            {
                if (entity == null)
                    throw new ArgumentNullException(nameof(entity));

                Entities.Remove(entity);

                _dbContext.SaveChanges();
                _dbContext.Entry<T>(entity).Reload();
            }
            catch (Exception dbEx)
            {
                //ensure that the detailed error text is saved in the Log
                throw new Exception(dbEx.ToString());
            }
        }      

    }

public interface IResetPasswordService
    {
	//Generate token using userId
		string GenerateToken(int userId);
	//validate token and get userID from token
		TokenStructure ValidateToken(string token);
	//Get USer details using user email address
		UserDetails GetUserDetailsByEmailId(string emailId);
	//Get user details using user Id
		UserDetails GetUserDetailsById(guid Id);
	//Send reset Password Token to inputted email address
	bool SendResetTokenEmail(string emailTo,string url,string userName);
	//Get token details using user Id
	TokenDetails GetTokenDetailsByUserId(guid userId);	
	
	//Insert Token Details
	void SaveToken(TokenDetails tokenDetails);
	//Update Token Details
	void UpdateToken(TokenDetails tokenDetails);
	
	//Insert password Details
	void SavePassword(PasswordDetails passwordDetails);
	//Update password Details
	void UpdatePassword(PasswordDetails passwordDetails);
	
	//Get password details using user Id
	IList<PasswordDetails> GetPasswordDetailsByUserId(guid userId);	
	
	//Hash password
	string HashedPassword(string password);	
	
	}


public class ResetPasswordService :IResetPasswordService
{
	#region Feild
	
	private readonly IRpository<UserDetails> _userRepository;
	private readonly IRpository<PasswordDetails> _passwordRepository;
	private readonly IRpository<TokenDetails> _tokenRepository;
	
	#endregion
	#region CTOR
	public ResetPasswordService(IRpository<UserDetails> userRepository,
	IRpository<PasswordDetails> passwordRepository,
	IRpository<TokenDetails> tokenRepository){
	_userRepository = userRepository;
	_passwordRepository = passwordRepository;
	_tokenRepository = userRepository;
	
	}
	#endregion
	 #region Utilities

        private byte[] EncryptTextToMemory(string data, byte[] key, byte[] iv)
        {
            using (var ms = new MemoryStream())
            {
                using (var cs = new CryptoStream(ms, new TripleDESCryptoServiceProvider().CreateEncryptor(key, iv), CryptoStreamMode.Write))
                {
                    var toEncrypt = Encoding.Unicode.GetBytes(data);
                    cs.Write(toEncrypt, 0, toEncrypt.Length);
                    cs.FlushFinalBlock();
                }

                return ms.ToArray();
            }
        }

        private string DecryptTextFromMemory(byte[] data, byte[] key, byte[] iv)
        {
            using (var ms = new MemoryStream(data))
            {
                using (var cs = new CryptoStream(ms, new TripleDESCryptoServiceProvider().CreateDecryptor(key, iv), CryptoStreamMode.Read))
                {
                    using (var sr = new StreamReader(cs, Encoding.Unicode))
                    {
                        return sr.ReadToEnd();
                    }
                }
            }
        }

        #endregion
        /// <summary>
        /// Encrypt text
        /// </summary>
        /// <param name="plainText">Text to encrypt</param>        
        /// <returns>Encrypted text</returns>
        public string EncryptText(string plainText) {
            if (string.IsNullOrEmpty(plainText))
                return plainText;
            
              string encryptionPrivateKey = "273ece6f97dd844d";

            using (var provider = new TripleDESCryptoServiceProvider())
            {
                provider.Key = Encoding.ASCII.GetBytes(encryptionPrivateKey.Substring(0, 16));
                provider.IV = Encoding.ASCII.GetBytes(encryptionPrivateKey.Substring(8, 8));

                var encryptedBinary = EncryptTextToMemory(plainText, provider.Key, provider.IV);
                return Convert.ToBase64String(encryptedBinary);
            }
        }
        /// <summary>
        /// Decrypt text
        /// </summary>
        /// <param name="cipherText">Text to decrypt</param>
        
        /// <returns>Decrypted text</returns>
        public virtual string DecryptText(string cipherText)
        {
            if (string.IsNullOrEmpty(cipherText))
                return cipherText;

           
           string   encryptionPrivateKey = "273ece6f97dd844d";

            using (var provider = new TripleDESCryptoServiceProvider())
            {
                provider.Key = Encoding.ASCII.GetBytes(encryptionPrivateKey.Substring(0, 16));
                provider.IV = Encoding.ASCII.GetBytes(encryptionPrivateKey.Substring(8, 8));

                var buffer = Convert.FromBase64String(cipherText);
                return DecryptTextFromMemory(buffer, provider.Key, provider.IV);
            }
        }
	//Generate Token
	public string GenerateToken(Guid userId,Guid tokenGuid)
	{
		var guid = tokenGuid;
		var tokenStruct = new TokenStructure {
		ID = guid,
		CreatedOn = DateTime.UtcNow,
		UserId = userId
		};
		var json = JsonConvert.SerializeObject(tokenStruct);		
	    var encyptedToken = EncryptText(json);
		return encyptedToken;
	} 
	//Validate token
   public TokenStructure ValidateToken(string token)
	{ 
	
	    var decrypted = DecryptText(token);		
		TokenStructure deserializedToken = (TokenStructure)JsonConvert.DeserializeObject(decrypted, typeof(TokenStructure));
		var tokenDetails = GetTokenDetailsByUserId(deserializedToken.UserId);
		if (tokenDetails != null)
		{
		 if(String.Equals(tokenDetails.Token, deserializedToken.ID))
		 { return deserializedToken;
		 }
		 else
		 {
		 return null;}
		 
		}
		else
		{
		return null;
		}
	}
	//Get user details using email address
	 public UserDetails GetUserDetailsByEmailId(string emailId)
	{
			var query = from q in _userRepository.Table
						where q.EmailId == emailId
						select q;

			return query.FirstOrDefault();
	}
	//Get user details using user id
	 public UserDetails GetUserDetailsByUserId(guid userId)
	{
			var query = from q in _userRepository.Table
						where q.Id == userId
						select q;

			return query.FirstOrDefault();
	}
	//Get token details using user id
	 public TokenDetails GetTokenDetailsByUserId(guid userId)
	{
			var query = from q in _tokenRepository.Table
						where q.Id == userId
						select q;

			return query.FirstOrDefault();
	}
	//Send reset Password Token to the inputted email address
	public bool SendResetTokenEmail(string emailTo,string url,string userName)
	{
		try{
			 var mimeMessage = new MimeMessage();
			 mimeMessage.From.Add(new MailboxAdress("Reset Password | PCTel","admin@pctel.com"));
			 mimeMessage.To.Add(new MailboxAdress(userName,emailTo));
			 mimeMessage.Subject = "Reset Password Link";
			 BodyBuilder bodyBuilder = new BodyBuilder();

			bodyBuilder.HtmlBody = "<h1>Reset Passwor link </h1>" +
								"<p>This link will be valiadte only for 1 day.Please reset  your password by <a href='"+ url+"'>Clicking here</a></p>";
			 mimeMessage.Body = bodyBuilder.ToMessageBody();
			 using (var client = new SmtpClient
			 return true;

		 }
		 catch(Exception e)
		 {
			 return false;
		 }
	 }
	 
	 //Insert Token Details
	public void SaveToken(TokenDetails tokenDetails)
	{
		if (tokenDetails == null)
                throw new ArgumentNullException(nameof(tokenDetails));
            _tokenRepository.Insert(tokenDetails);
    }
    //Update AddressBook Data
     public void UpdateToken(TokenDetails tokenDetails)
     {
            if (tokenDetails == null)
                throw new ArgumentNullException(nameof(tokenDetails));
            _tokenRepository.Update(tokenDetails);
     }
	 //Insert password Details
	void SavePassword(PasswordDetails passwordDetails)
	{
		if (passwordDetails == null)
                throw new ArgumentNullException(nameof(passwordDetails));
            _passwordRepository.Insert(passwordDetails);
    }
	//Update password Details
	void UpdatePassword(PasswordDetails passwordDetails)
	 {
            if (passwordDetails == null)
                throw new ArgumentNullException(nameof(passwordDetails));
            _passwordRepository.Update(passwordDetails);
     }
	 
	 //Get password details using user Id
	IList<PasswordDetails> GetPasswordDetailsByUserId(guid userId)
	{
	var query = from q in _passwordRepository.Table
						where q.Id == userId
						select q;

			return query.ToList();
	}
	
	//Hash password
	string HashedPassword(string password)
	{
	// generate a 128-bit salt using a secure PRNG
        byte[] salt = new byte[128 / 8];
        using (var rng = RandomNumberGenerator.Create())
        {
            rng.GetBytes(salt);
        }
       
        // derive a 256-bit subkey (use HMACSHA1 with 10,000 iterations)
        string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
            password: password,
            salt: salt,
            prf: KeyDerivationPrf.HMACSHA1,
            iterationCount: 10000,
            numBytesRequested: 256 / 8));
	return hashed;
	}
}

#endregion

//////////////////////////////////////////////////////////////////////
	[ApiController]
    [Route("[controller]")]
	public class ForgotPasswordController : ControllerBase
	{
	#region Feild
	 private readonly IResetPasswordService _resetPasswordService;
	
	 #endregion
	 #region Ctor
	 public ForgotPasswordController(IResetPasswordService resetPasswordService)
	 {
		 _resetPasswordService = resetPasswordService;
	 }
	 #endregion
		
    
#region Methods
		[HttpPost]
		[Route("/api/reset-password")]
        [ValidateModelState]
        [SwaggerOperation("ResetPassword")]
        [SwaggerResponse(statusCode: 400, type: typeof(ErrorResponseModel), description: "Input is invalid. Entered email address is invalid")]
		[SwaggerResponse(statusCode: 404, type: typeof(ErrorResponseModel), description: "Input is valid but user not found.")]
		public ActionResult ResetPassword(ResetPasswordDto resetPasswordDto)
		{	
		try
		{
		       if (ModelState.IsValid)
				{ 	
					var userDetails = new UserDetails();
					//Get user details by usin email address
					userDetails = _resetPasswordService.GetUserDetailsByEmailId(resetPasswordDto.EmailId);
					if(userDetails != null)
					{
					var tokenGuid = Guid.NewGuid();
						//token will valid only or 1 day and it will be used only once.
						  string token = _resetPasswordService.GeneratToken(userDetails.UserId,tokenGuid);
						//save token details
						 var tokenDetails = new TokenDetails();
						 tokenDetails.Token = tokenGuid;
						 tokenDetails.UserId = userDetails.Id;
						 tokenDetails.ExpireDateTime =DateTime.UtcNow.AddHours(24);
						 tokenDetails.TokenStatusId = (int) TokenStatus.Active;
						 _resetPasswordService.SaveToken(tokenDetails);
						 
						 var userName = userDetails.FirstName + " " + userDetails.LastName;
						 //generate a link 
						 var url = "http://localhost:53058/ForgotPassword/api/reset-password/validate-token?token="+ token;
						 //send url mail to inputted email address
			 var isEmailSend = _resetPasswordService.SendResetTokenEmail(emailTo : resetPasswordDto.Email,url : url, userName : userName);
						if(isEmailSend)
						{
						return OK("Email sent sucessful!");
						}
						else
						{
						return StatusCode(500,"Internal server error");
						}
					}
					else
					{
						 return NotFound("User not found!");
					}
				}
				else
				{
				 	return BadRequest("Invalid email input");
				}
		
			
			}
			catch(Exception ex)
			{
			  return StatusCode(500,"Internal server error");
			}
		}
		
		[HttpGet]
        [Route("/api/reset-password/validate-token/{token}")]
        [ValidateModelState]
        [SwaggerOperation("ValidateUser")]
        [SwaggerResponse(statusCode: 400, type: typeof(ErrorResponseModel), description: "Received token is invalid.")]
        [SwaggerResponse(statusCode: 401, type: typeof(ErrorResponseModel), description: "Unauthorized.")]
        [SwaggerResponse(statusCode: 404, type: typeof(ErrorResponseModel), description: "Input is valid but user not found.")]
        public  ActionResult ValidateUser(string token)
        { 
			
		try
		{
           var tokenStructure = _resetPasswordService.ValidateToken(token);
		   if(tokenStructure != null)
		   {
		      var tokenDetails = _resetPasswordService.GetTokenDetailsByUserId(tokenStructure.UserId);
			  if(tokenDetails != null)
			  {
			  int TimeCompare = DateTime.Compare(tokenDetails.ExpireDateTime, DateTime.UtcNow);
			  	if((TimeCompare == -1 || TimeCompare == 0) && TimeCompare.TokenStatusId == (int)TokenStatus.Active)
				{
				  return OK(token);
				}
				else
				{
				 return Unauthorized();
				  
				}
			   
			    
			  }
			  else
			  {
			  return NotFound();
			  	 
			  }
		     
		   
		   }
		   else
		   {
		    return Unauthorized();
		   }
		   }
		   catch(Exception ex)
		   {
		     return StatusCode(500,"Internal server error");
		   }
		 }
		  
        }
		
		[HttpPut]
        [Route("/api/reset-password/update-password")]
        [ValidateModelState]
        [SwaggerOperation("UpdatePassword")]
        [SwaggerResponse(statusCode: 400, type: typeof(ErrorResponseModel), description: "Password should contain special character.")]
        [SwaggerResponse(statusCode: 404, type: typeof(ErrorResponseModel), description: "Input is valid but user not found.")]
        public ActionResult UpdatePassword(UpdatePasswordDto updatePasswordDto)
        { 
		 if (ModelState.IsValid)
			{ 	
			  try
				{
				   var userId = _resetPasswordService.ValidateToken(token);
				   if(userId != null)
				   {
						var userDetails = _resetPasswordService.GetUserDetailsByUserId(userId);
						if(userDetails != null)
						{
						  var passwords = _resetPasswordService.GetPasswordDetailsByUserId(userId);
						  if(passwords.Count() != 0)
						  {
							  foreach(var password in passwords)
							  {
							  password.PasswordStatusId = (int)PasswordStatus.Expired;
							  _resetPasswordService.UpdatePassword(password);
							  }
						  }
						  
						  var newPassword = new PasswordDetails();
						  var hashedPassword = _resetPasswordService.HashedPassword(updatePasswordDto.Password);
						  newPassword.Password = hashedPassword;
							newPassword.UserId = userDetails.Id;			  
							newPassword.PasswordStatusId = (int) PasswordStatus.Active;
						  _resetPasswordService.SavePassword(newPassword);
					     var tokenDetails = _resetPasswordService.GetTokenDetailsByUserId(userId);
								  if(tokenDetails != null)
								  {
								  tokenDetails.TokenStatusId = (int) TokenStatus.Expired;
								  _resetPasswordService.UpdateToken(tokenDetails);
								  }
								  else{return NotFound("User not found!");}
						      return OK();

					  }
					else{return NotFound("User not found!");}
					   
		   
		        }
		        catch(Exception ex)
		           {
		            return StatusCode(500,"Internal server error");
		        }
				
				
				}
		   else
		   {
		    return BadRequest("Invalid input");
		    }
		   
        }

		
		
#endregion
		
	}
}
}

Controller

 
using System;
using System.Web.Mvc;
using System.Collections.Generic;
​
​
namespace PCTELWebApp
{
​
#region Services
public partial interface IRepository<T> where T : BaseEntity
    {
       
​
        /// <summary>
        /// Insert entity
        /// </summary>
        /// <param name="entity">Entity</param>
        void Insert(T entity);
​
       
​
        /// <summary>
        /// Update entity
        /// </summary>
        /// <param name="entity">Entity</param>
        void Update(T entity);
​
       
​
        /// <summary>
        /// Delete entity
        /// </summary>
        /// <param name="entity">Entity</param>
        void Delete(T entity);
​
       
        /// <summary>
        /// Gets a table
        /// </summary>
        IQueryable<T> Table { get; }
​
       
    }
    
 public class EfRepository<T> : IRepository<T> where T : BaseEntity
    {
        protected readonly dbContext _dbContext;
        private DbSet<T> _entities;
​
​
​
        public EfRepository(dbContext context)
        {
            this._dbContext = context;
        }
​
  
        public virtual IQueryable<T> Table
        {
            get
            {
                return Entities;
            }
        }
        public virtual void Insert(T entity)
        {
            try
            {
                if (entity == null)
                    throw new ArgumentNullException(nameof(entity));
​
                Entities.Add(entity);
​
                _dbContext.SaveChanges();
                _dbContext.Entry<T>(entity).Reload();
            }
            catch (Exception dbEx)
            {
                //ensure that the detailed error text is saved in the Log
​
                throw new Exception(dbEx.ToString());
            }
        }
​
      
        public virtual void Update(T entity)
        {
            try
            {
                if (entity == null)
                    throw new ArgumentNullException(nameof(entity));
​
                _dbContext.Entry(entity).State = EntityState.Modified;
                _dbContext.SaveChanges();
                _dbContext.Entry<T>(entity).Reload();
            }
            catch (Exception dbEx)
            {
                //ensure that the detailed error text is saved in the Log
                throw new Exception(dbEx.ToString());
            }
        }
​
​
        /// <summary>
        /// Delete entity
        /// </summary>
        /// <param name="entity">Entity</param>
        public virtual void Delete(T entity)
        {
            try
            {
                if (entity == null)
                    throw new ArgumentNullException(nameof(entity));
​
                Entities.Remove(entity);
​
                _dbContext.SaveChanges();
                _dbContext.Entry<T>(entity).Reload();
            }
            catch (Exception dbEx)
            {
                //ensure that the detailed error text is saved in the Log
                throw new Exception(dbEx.ToString());
            }
        }      
​
    }
​
public interface IResetPasswordService
    {
    //Generate token using userId
        string GenerateToken(int userId);
    //validate token and get userID from token
        TokenStructure ValidateToken(string token);
    //Get USer details using user email address
        UserDetails GetUserDetailsByEmailId(string emailId);
    //Get user details using user Id
        UserDetails GetUserDetailsById(guid Id);
    //Send reset Password Token to inputted email address
    bool SendResetTokenEmail(string emailTo,string url,string userName);
    //Get token details using user Id
    TokenDetails GetTokenDetailsByUserId(guid userId);  
    
    //Insert Token Details
    void SaveToken(TokenDetails tokenDetails);
    //Update Token Details
    void UpdateToken(TokenDetails tokenDetails);
    
    //Insert password Details
    void SavePassword(PasswordDetails passwordDetails);
    //Update password Details
    void UpdatePassword(PasswordDetails passwordDetails);
    
    //Get password details using user Id
    IList<PasswordDetails> GetPasswordDetailsByUserId(guid userId); 
    
    //Hash password
    string HashedPassword(string password); 
    
    }
​
​
public class ResetPasswordService :IResetPasswordService
{
    #region Feild
    
    private readonly IRpository<UserDetails> _userRepository;
    private readonly IRpository<PasswordDetails> _passwordRepository;
    private readonly IRpository<TokenDetails> _tokenRepository;
    
    #endregion
    #region CTOR
    public ResetPasswordService(IRpository<UserDetails> userRepository,
    IRpository<PasswordDetails> passwordRepository,
    IRpository<TokenDetails> tokenRepository){
    _userRepository = userRepository;
    _passwordRepository = passwordRepository;
    _tokenRepository = userRepository;
    
    }
    #endregion
     #region Utilities
​
        private byte[] EncryptTextToMemory(string data, byte[] key, byte[] iv)
        {
            using (var ms = new MemoryStream())
            {
                using (var cs = new CryptoStream(ms, new TripleDESCryptoServiceProvider().CreateEncryptor(key, iv), CryptoStreamMode.Write))
                {
                    var toEncrypt = Encoding.Unicode.GetBytes(data);
                    cs.Write(toEncrypt, 0, toEncrypt.Length);
                    cs.FlushFinalBlock();
                }
​
                return ms.ToArray();
            }
        }
​
        private string DecryptTextFromMemory(byte[] data, byte[] key, byte[] iv)
        {
            using (var ms = new MemoryStream(data))
            {
                using (var cs = new CryptoStream(ms, new TripleDESCryptoServiceProvider().CreateDecryptor(key, iv), CryptoStreamMode.Read))
                {
                    using (var sr = new StreamReader(cs, Encoding.Unicode))
                    {
                        return sr.ReadToEnd();
                    }
                }
            }
        }
​
        #endregion
        /// <summary>
        /// Encrypt text
        /// </summary>
        /// <param name="plainText">Text to encrypt</param>        
        /// <returns>Encrypted text</returns>
        public string EncryptText(string plainText) {
            if (string.IsNullOrEmpty(plainText))
                return plainText;
            
              string encryptionPrivateKey = "273ece6f97dd844d";
​
            using (var provider = new TripleDESCryptoServiceProvider())
            {
                provider.Key = Encoding.ASCII.GetBytes(encryptionPrivateKey.Substring(0, 16));
                provider.IV = Encoding.ASCII.GetBytes(encryptionPrivateKey.Substring(8, 8));
​
                var encryptedBinary = EncryptTextToMemory(plainText, provider.Key, provider.IV);
                return Convert.ToBase64String(encryptedBinary);
            }
        }
        /// <summary>
        /// Decrypt text
        /// </summary>
        /// <param name="cipherText">Text to decrypt</param>
        
        /// <returns>Decrypted text</returns>
        public virtual string DecryptText(string cipherText)
        {
            if (string.IsNullOrEmpty(cipherText))
                return cipherText;
​
           
           string   encryptionPrivateKey = "273ece6f97dd844d";
​
            using (var provider = new TripleDESCryptoServiceProvider())
            {
                provider.Key = Encoding.ASCII.GetBytes(encryptionPrivateKey.Substring(0, 16));
                provider.IV = Encoding.ASCII.GetBytes(encryptionPrivateKey.Substring(8, 8));
​
                var buffer = Convert.FromBase64String(cipherText);
                return DecryptTextFromMemory(buffer, provider.Key, provider.IV);
            }
        }
    //Generate Token
    public string GenerateToken(Guid userId,Guid tokenGuid)
    {
        var guid = tokenGuid;
        var tokenStruct = new TokenStructure {
        ID = guid,
        CreatedOn = DateTime.UtcNow,
        UserId = userId
        };
        var json = JsonConvert.SerializeObject(tokenStruct);        
        var encyptedToken = EncryptText(json);
        return encyptedToken;
    } 
    //Validate token
   public TokenStructure ValidateToken(string token)
    { 
    
        var decrypted = DecryptText(token);     
        TokenStructure deserializedToken = (TokenStructure)JsonConvert.DeserializeObject(decrypted, typeof(TokenStructure));
        var tokenDetails = GetTokenDetailsByUserId(deserializedToken.UserId);
        if (tokenDetails != null)
        {
         if(String.Equals(tokenDetails.Token, deserializedToken.ID))
         { return deserializedToken;
         }
         else
         {
         return null;}
         
        }
        else
        {
        return null;
        }
    }
    //Get user details using email address
     public UserDetails GetUserDetailsByEmailId(string emailId)
    {
            var query = from q in _userRepository.Table
                        where q.EmailId == emailId
                        select q;
​
            return query.FirstOrDefault();
    }
    //Get user details using user id
     public UserDetails GetUserDetailsByUserId(guid userId)
    {
            var query = from q in _userRepository.Table
                        where q.Id == userId
                        select q;
​
            return query.FirstOrDefault();
    }
    //Get token details using user id
     public TokenDetails GetTokenDetailsByUserId(guid userId)
    {
            var query = from q in _tokenRepository.Table
                        where q.Id == userId
                        select q;
​
            return query.FirstOrDefault();
    }
    //Send reset Password Token to the inputted email address
    public bool SendResetTokenEmail(string emailTo,string url,string userName)
    {
        try{
             var mimeMessage = new MimeMessage();
             mimeMessage.From.Add(new MailboxAdress("Reset Password | PCTel","admin@pctel.com"));
             mimeMessage.To.Add(new MailboxAdress(userName,emailTo));
             mimeMessage.Subject = "Reset Password Link";
             BodyBuilder bodyBuilder = new BodyBuilder();
​
            bodyBuilder.HtmlBody = "<h1>Reset Passwor link </h1>" +
                                "<p>This link will be valiadte only for 1 day.Please reset  your password by <a href='"+ url+"'>Clicking here</a></p>";
             mimeMessage.Body = bodyBuilder.ToMessageBody();
             using (var client = new SmtpClient
             return true;
​
         }
         catch(Exception e)
         {
             return false;
         }
     }
     
     //Insert Token Details
    public void SaveToken(TokenDetails tokenDetails)
    {
        if (tokenDetails == null)
                throw new ArgumentNullException(nameof(tokenDetails));
            _tokenRepository.Insert(tokenDetails);
    }
    //Update AddressBook Data
     public void UpdateToken(TokenDetails tokenDetails)
     {
            if (tokenDetails == null)
                throw new ArgumentNullException(nameof(tokenDetails));
            _tokenRepository.Update(tokenDetails);
     }
     //Insert password Details
    void SavePassword(PasswordDetails passwordDetails)
    {
        if (passwordDetails == null)
                throw new ArgumentNullException(nameof(passwordDetails));
            _passwordRepository.Insert(passwordDetails);
    }
    //Update password Details
    void UpdatePassword(PasswordDetails passwordDetails)
     {
            if (passwordDetails == null)
                throw new ArgumentNullException(nameof(passwordDetails));
            _passwordRepository.Update(passwordDetails);
     }
     
     //Get password details using user Id
    IList<PasswordDetails> GetPasswordDetailsByUserId(guid userId)
    {
    var query = from q in _passwordRepository.Table
                        where q.Id == userId
                        select q;
​
            return query.ToList();
    }
    
    //Hash password
    string HashedPassword(string password)
    {
    // generate a 128-bit salt using a secure PRNG
        byte[] salt = new byte[128 / 8];
        using (var rng = RandomNumberGenerator.Create())
        {
            rng.GetBytes(salt);
        }
       
        // derive a 256-bit subkey (use HMACSHA1 with 10,000 iterations)
        string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
            password: password,
            salt: salt,
            prf: KeyDerivationPrf.HMACSHA1,
            iterationCount: 10000,
            numBytesRequested: 256 / 8));
    return hashed;
    }
}
​
#endregion
​
//////////////////////////////////////////////////////////////////////
    [ApiController]
    [Route("[controller]")]
    public class ForgotPasswordController : ControllerBase
    {
    #region Feild
     private readonly IResetPasswordService _resetPasswordService;
    
     #endregion
     #region Ctor
     public ForgotPasswordController(IResetPasswordService resetPasswordService)
     {
         _resetPasswordService = resetPasswordService;
     }
     #endregion
        
    
#region Methods
        [HttpPost]
        [Route("/api/reset-password")]
        [ValidateModelState]
        [SwaggerOperation("ResetPassword")]
        [SwaggerResponse(statusCode: 400, type: typeof(ErrorResponseModel), description: "Input is invalid. Entered email address is invalid")]
        [SwaggerResponse(statusCode: 404, type: typeof(ErrorResponseModel), description: "Input is valid but user not found.")]
        public ActionResult ResetPassword(ResetPasswordDto resetPasswordDto)
        {   
        try
        {
               if (ModelState.IsValid)
                {   
                    var userDetails = new UserDetails();
                    //Get user details by usin email address
                    userDetails = _resetPasswordService.GetUserDetailsByEmailId(resetPasswordDto.EmailId);
                    if(userDetails != null)
                    {
                    var tokenGuid = Guid.NewGuid();
                        //token will valid only or 1 day and it will be used only once.
                          string token = _resetPasswordService.GeneratToken(userDetails.UserId,tokenGuid);
                        //save token details
                         var tokenDetails = new TokenDetails();
                         tokenDetails.Token = tokenGuid;
                         tokenDetails.UserId = userDetails.Id;
                         tokenDetails.ExpireDateTime =DateTime.UtcNow.AddHours(24);
                         tokenDetails.TokenStatusId = (int) TokenStatus.Active;
                         _resetPasswordService.SaveToken(tokenDetails);
                         
                         var userName = userDetails.FirstName + " " + userDetails.LastName;
                         //generate a link 
                         var url = "http://localhost:53058/ForgotPassword/api/reset-password/validate-token?token="+ token;
                         //send url mail to inputted email address
             var isEmailSend = _resetPasswordService.SendResetTokenEmail(emailTo : resetPasswordDto.Email,url : url, userName : userName);
                        if(isEmailSend)
                        {
                        return OK("Email sent sucessful!");
                        }
                        else
                        {
                        return StatusCode(500,"Internal server error");
                        }
                    }
                    else
                    {
                         return NotFound("User not found!");
                    }
                }
                else
                {
                    return BadRequest("Invalid email input");
                }
        
            
            }
            catch(Exception ex)
            {
              return StatusCode(500,"Internal server error");
            }
        }
        
        [HttpGet]
        [Route("/api/reset-password/validate-token/{token}")]
        [ValidateModelState]
        [SwaggerOperation("ValidateUser")]
        [SwaggerResponse(statusCode: 400, type: typeof(ErrorResponseModel), description: "Received token is invalid.")]
        [SwaggerResponse(statusCode: 401, type: typeof(ErrorResponseModel), description: "Unauthorized.")]
        [SwaggerResponse(statusCode: 404, type: typeof(ErrorResponseModel), description: "Input is valid but user not found.")]
        public  ActionResult ValidateUser(string token)
        { 
            
        try
        {
           var tokenStructure = _resetPasswordService.ValidateToken(token);
           if(tokenStructure != null)
           {
              var tokenDetails = _resetPasswordService.GetTokenDetailsByUserId(tokenStructure.UserId);
              if(tokenDetails != null)
              {
              int TimeCompare = DateTime.Compare(tokenDetails.ExpireDateTime, DateTime.UtcNow);
                if((TimeCompare == -1 || TimeCompare == 0) && TimeCompare.TokenStatusId == (int)TokenStatus.Active)
                {
                  return OK(token);
                }
                else
                {
                 return Unauthorized();
                  
                }
               
                
              }
              else
              {
              return NotFound();
                 
              }
             
           
           }
           else
           {
            return Unauthorized();
           }
           }
           catch(Exception ex)
           {
             return StatusCode(500,"Internal server error");
           }
         }
          
        }
        
        [HttpPut]
        [Route("/api/reset-password/update-password")]
        [ValidateModelState]
        [SwaggerOperation("UpdatePassword")]
        [SwaggerResponse(statusCode: 400, type: typeof(ErrorResponseModel), description: "Password should contain special character.")]
        [SwaggerResponse(statusCode: 404, type: typeof(ErrorResponseModel), description: "Input is valid but user not found.")]
        public ActionResult UpdatePassword(UpdatePasswordDto updatePasswordDto)
        { 
         if (ModelState.IsValid)
            {   
              try
                {
                   var userId = _resetPasswordService.ValidateToken(token);
                   if(userId != null)
                   {
                        var userDetails = _resetPasswordService.GetUserDetailsByUserId(userId);
                        if(userDetails != null)
                        {
                          var passwords = _resetPasswordService.GetPasswordDetailsByUserId(userId);
                          if(passwords.Count() != 0)
                          {
                              foreach(var password in passwords)
                              {
                              password.PasswordStatusId = (int)PasswordStatus.Expired;
                              _resetPasswordService.UpdatePassword(password);
                              }
                          }
                          
                          var newPassword = new PasswordDetails();
                          var hashedPassword = _resetPasswordService.HashedPassword(updatePasswordDto.Password);
                          newPassword.Password = hashedPassword;
                            newPassword.UserId = userDetails.Id;              
                            newPassword.PasswordStatusId = (int) PasswordStatus.Active;
                          _resetPasswordService.SavePassword(newPassword);
                         var tokenDetails = _resetPasswordService.GetTokenDetailsByUserId(userId);
                                  if(tokenDetails != null)
                                  {
                                  tokenDetails.TokenStatusId = (int) TokenStatus.Expired;
                                  _resetPasswordService.UpdateToken(tokenDetails);
                                  }
                                  else{return NotFound("User not found!");}
                              return OK();
​
                      }
                    else{return NotFound("User not found!");}
                       
           
                }
                catch(Exception ex)
                   {
                    return StatusCode(500,"Internal server error");
                }
                
                
                }
           else
           {
            return BadRequest("Invalid input");
            }
           
        }
​
        
        
#endregion
        
    }
}
}
​

View in Full Screen

Evidencia 1 ; Opcion 2

Enrique Gerardo Moran Gonzalez

Bienvenido a Pokemania

Determina el tamaño de la matríz, debe ser entre 1 y 10:

Last Run:	1:26:51 pm
Compile:	0.144s
Execute:	0.004s
Memory:	40kb
CPU:	0.016s

View IL Code