Added Forgot Password Feature

UnivateProperties_API/Controllers/Users/RegisterController.cs

@@ -100,6 +100,22 @@ namespace UnivateProperties_API.Controllers.Users
             }
         }
 
+        //Writes to DB
+        [AllowAnonymous]
+        [HttpPost("forgotPassword/{mail}")]
+        public IActionResult ForgotPassword(string mail)
+        {
+            try
+            {
+                _Repo.ForgotPasswordMailCheck(mail);
+                return Ok();
+            }
+            catch(Exception ex)
+            {
+                return new BadRequestResult();
+            }
+        }
+
         //Writes to DB
         [AllowAnonymous]
         [HttpPost("registeragency")]
@@ -120,5 +136,42 @@ namespace UnivateProperties_API.Controllers.Users
                 return BadRequest(new { message = ex.Message });
             }
         }
+
+        public class FPTOKEN
+        {
+            public string token { get; set; }
+        }
+
+        [AllowAnonymous]
+        [HttpPost("fptoken")]
+        public IActionResult GetIndiv([FromBody] FPTOKEN fpToken)
+        {
+            try
+            {
+                var indiv = _Repo.GetIndividualByFPToken(fpToken.token);
+                return new OkObjectResult(indiv);
+            }
+            catch (Exception ex)
+            {
+                return new NoContentResult();
+            }
+        }
+
+        [AllowAnonymous]
+        [HttpPut("passwordUpdate")]
+        public IActionResult UpdateUserPassword([FromBody]UserDto userParam)
+        {
+            if (userParam != null)
+            {
+                _Repo.UpdatePassword(userParam);
+                return Ok();
+            }
+            else
+            {
+                return new NoContentResult();
+            }
+            
+            
+        }
     }
 }

UnivateProperties_API/Helpers/ClsCrypto.cs

@@ -0,0 +1,61 @@
+using System;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace UnivateProperties_API.Helpers
+{
+    public class ClsCrypto
+    {
+        private RijndaelManaged myRijndael = new RijndaelManaged();
+        private int iterations;
+        private byte[] salt;
+
+        public ClsCrypto(string strPassword)
+        {
+            myRijndael.BlockSize = 128;
+            myRijndael.KeySize = 128;
+            myRijndael.IV = HexStringToByteArray("e84ad660c4721ae0e84ad660c4721ae0");
+
+            myRijndael.Padding = PaddingMode.PKCS7;
+            myRijndael.Mode = CipherMode.CBC;
+            iterations = 1000;
+            salt = Encoding.UTF8.GetBytes("insight123resultxyz");
+            myRijndael.Key = GenerateKey(strPassword);
+        }
+
+        public string Encrypt(string strPlainText)
+        {
+            byte[] strText = new System.Text.UTF8Encoding().GetBytes(strPlainText);
+            ICryptoTransform transform = myRijndael.CreateEncryptor();
+            byte[] cipherText = transform.TransformFinalBlock(strText, 0, strText.Length);
+
+            return Convert.ToBase64String(cipherText);
+        }
+
+        public string Decrypt(string encryptedText)
+        {
+            byte[] encryptedBytes = Convert.FromBase64String(encryptedText);
+            var decryptor = myRijndael.CreateDecryptor(myRijndael.Key, myRijndael.IV);
+            byte[] originalBytes = decryptor.TransformFinalBlock(encryptedBytes, 0, encryptedBytes.Length);
+
+            return Encoding.UTF8.GetString(originalBytes);
+        }
+
+        public static byte[] HexStringToByteArray(string strHex)
+        {
+            dynamic r = new byte[strHex.Length / 2];
+            for (int i = 0; i <= strHex.Length - 1; i += 2)
+            {
+                r[i / 2] = Convert.ToByte(Convert.ToInt32(strHex.Substring(i, 2), 16));
+            }
+            return r;
+        }
+
+        private byte[] GenerateKey(string strPassword)
+        {
+            Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(System.Text.Encoding.UTF8.GetBytes(strPassword), salt, iterations);
+
+            return rfc2898.GetBytes(128 / 8);
+        }
+    }
+}

UnivateProperties_API/Migrations/20201022063435_UserFPToken.cs

@@ -0,0 +1,22 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace UnivateProperties_API.Migrations
+{
+    public partial class UserFPToken : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<string>(
+                name: "FPToken",
+                table: "Users",
+                nullable: true);
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "FPToken",
+                table: "Users");
+        }
+    }
+}

UnivateProperties_API/Migrations/DataContextModelSnapshot.cs

@@ -1332,6 +1332,8 @@ namespace UnivateProperties_API.Migrations
 
                     b.Property<DateTime>("Created");
 
+                    b.Property<string>("FPToken");
+
                     b.Property<bool>("IsDeleted");
 
                     b.Property<bool>("LoginPasswordChange");

UnivateProperties_API/Model/Users/User.cs

@@ -33,6 +33,7 @@ namespace UnivateProperties_API.Model.Users
         public string Token { get; set; }
         public bool AcceptedTerms { get; set; }
         public bool LoginPasswordChange { get; set; }
+        public string FPToken { get; set; }
         #endregion Properties
 
         #region Methods

UnivateProperties_API/Repository/Communication/MailRepository.cs

@@ -23,6 +23,10 @@ namespace UnivateProperties_API.Repository.Communication
             _dbContext = db;
         }
 
+        public MailRepository()
+        {
+        }
+
         MimeMessage messageObj = new MimeMessage();
         MailboxAddress from;
         MailboxAddress to;
@@ -109,5 +113,39 @@ namespace UnivateProperties_API.Repository.Communication
             client.Disconnect(true);
             client.Dispose();
         }
+
+        public void ForgotPassword(MailModel mm, string link)
+        {
+            string name = mm.Name;
+            string email = mm.Email;
+
+            from = new MailboxAddress("Admin", mm.FromAddress);
+
+            to = new MailboxAddress("User", mm.ToAddress);
+
+            messageObj.From.Add(from);
+            messageObj.To.Add(to);
+
+            messageObj.Subject = "Uni-Vate - Password Reset Request";
+
+            bodyBuilder.HtmlBody = "<div style=\"margin: 5px\">" +
+                "<h4>Request to reset password</h4>" +
+                "<h4>Dear " + name + " there has been a request  to reset your password. If this is incorrect please send an email to info@univateproperties.co.za</h4>" +
+                "<div>" +
+                "<h3>"+ link + "</h3>" +
+
+                "</div>" +
+                "</div>" +
+                "</div>";
+
+            messageObj.Body = bodyBuilder.ToMessageBody();
+
+            client.Connect("smtp.gmail.com", 465, true);
+            client.Authenticate("jlouw365@gmail.com", "setskohatxpsceqo");
+
+            client.Send(messageObj);
+            client.Disconnect(true);
+            client.Dispose();
+        }
     }
 }

UnivateProperties_API/Repository/Users/IRegisterRepository.cs

@@ -12,6 +12,7 @@ namespace UnivateProperties_API.Repository.Users
         Agency CreateAgency(AgencyDto agency);
         void CreatePerson(UserDto individual, PersonType personType, bool save, Agency agency);
         void Update(User userParam, string password = null);
+        Individual GetIndividualByFPToken(string fpToken);
         IEnumerable<User> GetAllUsers();
         IEnumerable<Agency> GetAllAgencies();
         IEnumerable<Individual> GetAllIndividuals();
@@ -22,5 +23,7 @@ namespace UnivateProperties_API.Repository.Users
         void DeleteAgency(int id);
         void DeleteIndividual(int id);
         SimplePersonDto UserDetails(int userId);
+        void ForgotPasswordMailCheck(string mail);
+        void UpdatePassword(UserDto user);
     }
 }

UnivateProperties_API/Repository/Users/RegisterRepository.cs

@@ -1,6 +1,10 @@
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using System;
 using System.Collections.Generic;
+using System.Drawing.Text;
 using System.Linq;
+using System.Text;
 using UnivateProperties_API.Containers.Users;
 using UnivateProperties_API.Containers.Users.Simple;
 using UnivateProperties_API.Context;
@@ -258,6 +262,21 @@ namespace UnivateProperties_API.Repository.Users
             }
         }
 
+        public void UpdatePassword(UserDto userParam)
+        {
+            var indiv = _dbContext.Individuals.Where(x => x.Email == userParam.Email).FirstOrDefault();
+            var user = _dbContext.Users.Where(x => x.Id == indiv.UserId).FirstOrDefault();
+
+            MyCommon.CreatePasswordHash(userParam.Password, out byte[] passwordHash, out byte[] passwordSalt);
+
+            user.PasswordHash = passwordHash;
+            user.PasswordSalt = passwordSalt;
+            user.FPToken = "";
+
+            _dbContext.Users.Update(user);
+            Save();
+        }
+
         private void Save()
         {
             _dbContext.SaveChanges();
@@ -338,5 +357,75 @@ namespace UnivateProperties_API.Repository.Users
                 };
             }
         }
+
+        public Individual GetIndividualByFPToken(string fpToken)
+        {
+            string linkStr = fpToken.Replace('!', '/');
+            var user = _dbContext.Users.Where(usr => usr.FPToken == linkStr).FirstOrDefault();
+
+            if (user != null)
+            {
+                var indiv = _dbContext.Individuals.Where(x => x.UserId == user.Id).FirstOrDefault();
+                return indiv;
+            }
+            else
+            {
+                throw new Exception();
+            }            
+        }
+
+        public void ForgotPasswordMailCheck(string mail)
+        {
+            var indiv = _dbContext.Individuals.Where(x => x.Email.ToUpper() == mail.ToUpper()).FirstOrDefault();
+            var mailer = new MailRepository();
+            if (indiv != null)
+            {
+                byte[] time = BitConverter.GetBytes(GetTime());
+                byte[] mailByte = Encoding.ASCII.GetBytes(mail);
+                var timeStr = GetTime().ToString();
+                byte[] timeArr = Encoding.ASCII.GetBytes(timeStr);
+                byte[] key = Guid.NewGuid().ToByteArray();
+
+                string token = Convert.ToBase64String((timeArr.Concat(key).ToArray()).Concat(mailByte).ToArray());
+
+                string secureKey = "EGV~A8pn;:9&zC]6";
+
+                //encrypt token
+
+                ClsCrypto lockey = new ClsCrypto(secureKey);
+
+                var encryptedToken = lockey.Encrypt(token);
+                var individual = _dbContext.Individuals.Where(e => e.Email == mail).FirstOrDefault();
+                var user = _dbContext.Users.Where(x => x.Id == individual.UserId).FirstOrDefault();
+
+                //send ecrypted token to db
+                user.FPToken = encryptedToken;
+
+                _dbContext.Users.Update(user);
+                _dbContext.SaveChanges();
+
+                string linkStr = encryptedToken.Replace('/', '!');
+
+                //change below to test locally or QA
+                //string url = "http://localhost:8080/#/forgotPasswordReset/" + linkStr;
+                string url = "http://training.provision-sa.com:122/#/forgotPasswordReset/" + linkStr;
+
+                mailer.ForgotPassword(new MailModel
+                {
+                    ToAddress = mail,
+                    FromAddress = "jlouw365@gmail.com",
+                    Name = indiv.Name
+                }, url);
+            }
+            else
+            {
+                throw new Exception();
+            }
+        }
+
+        private double GetTime()
+        {
+            return DateTime.Now.Subtract(new DateTime(1970, 1, 1)).TotalMilliseconds;
+        }
     }
 }