From c4f9d66ef56d27694627d3d4a0405711c27f9965 Mon Sep 17 00:00:00 2001
From: Filip Kuksov <vectorfield4@gmail.com>
Date: Thu, 18 Feb 2021 21:10:21 +0200
Subject: [PATCH 01/70] 3.46.0

---
 Directory.Build.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 23d2d2064f2..8e7bd58336f 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -9,7 +9,7 @@
     </PropertyGroup>
 
     <PropertyGroup>
-        <VersionPrefix>3.45.0</VersionPrefix>
+        <VersionPrefix>3.46.0</VersionPrefix>
         <VersionSuffix></VersionSuffix>
         <VersionSuffix Condition=" '$(VersionSuffix)' != '' AND '$(BuildNumber)' != '' ">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
         <NoWarn>$(NoWarn);S3875</NoWarn>

From 8a134c61988e2d0fff898aac2a81cc3a2afb8e53 Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Wed, 24 Feb 2021 09:47:19 +0200
Subject: [PATCH 02/70] VP-7047: Add colSpan support to va-metaform; (#2163)

* VP-7047: Add colSpan support to va-metaform
* VP-7047: Add disabled and custom placeholder support to va-generic-value-input
* VP-7047: Enable va-metaform styling

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../directives/genericValueInput.tpl.html     |  50 +++++----
 .../wwwroot/js/common/directives/metaform.js  | 105 +++++++++---------
 .../js/common/directives/metaform.tpl.html    |  11 +-
 3 files changed, 91 insertions(+), 75 deletions(-)

diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/genericValueInput.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/genericValueInput.tpl.html
index 82ef26e84c3..4eb31c87faa 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/genericValueInput.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/genericValueInput.tpl.html
@@ -2,16 +2,18 @@
     <div class="form-input">
         <input ng-required="currentEntity.isRequired"
                ng-readonly="currentEntity.isReadOnly"
+               ng-disabled="currentEntity.disabled"
                ng-model="context.currentPropValues[0].value"
-               placeholder="{{ 'platform.genericValueInput.placeholders.short-text' | translate}}">
+               placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.short-text' | translate}}">
     </div>
 </script>
 <script type="text/ng-template" id="dEmail.html">
     <div class="form-input">
         <input ng-required="currentEntity.isRequired"
                ng-readonly="currentEntity.isReadOnly"
+               ng-disabled="currentEntity.disabled"
                ng-model="context.currentPropValues[0].value"
-               placeholder="{{ 'platform.genericValueInput.placeholders.email' | translate}}"
+               placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.email' | translate}}"
                type="email" />
     </div>
 </script>
@@ -19,30 +21,34 @@
     <div class="form-input">
         <input ng-required="currentEntity.isRequired"
                ng-readonly="currentEntity.isReadOnly"
+               ng-disabled="currentEntity.disabled"
                ng-model="context.currentPropValues[0].value"
-               type="password" placeholder="{{ 'platform.genericValueInput.placeholders.secure-string' | translate}}">
+               type="password" placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.secure-string' | translate}}">
     </div>
 </script>
 <script type="text/ng-template" id="dUrl.html">
     <div class="form-input">
         <input ng-required="currentEntity.isRequired"
                ng-readonly="currentEntity.isReadOnly"
+               ng-disabled="currentEntity.disabled"
                ng-model="context.currentPropValues[0].value"
-               type="url" placeholder="{{ 'platform.genericValueInput.placeholders.url' | translate}}">
+               type="url" placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.url' | translate}}">
     </div>
 </script>
 <script type="text/ng-template" id="dLongText.html">
     <div class="form-input">
         <textarea ng-required="currentEntity.isRequired"
                   ng-readonly="currentEntity.isReadOnly"
+                  ng-disabled="currentEntity.disabled"
                   ng-model="context.currentPropValues[0].value"
-                  placeholder="{{ 'platform.genericValueInput.placeholders.long-text' | translate}}"></textarea>
+                  placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.long-text' | translate}}"></textarea>
     </div>
 </script>
 <script type="text/ng-template" id="dCode.html">
     <div class="form-input">
         <ui-codemirror ng-required="currentEntity.isRequired"
                        ng-readonly="currentEntity.isReadOnly"
+                       ng-disabled="currentEntity.disabled"
                        ng-model="context.currentPropValues[0].value"
                        ui-codemirror-opts="editorOptions"></ui-codemirror>
     </div>
@@ -52,8 +58,9 @@
         <input smart-float num-type="integer"
                ng-required="currentEntity.isRequired"
                ng-readonly="currentEntity.isReadOnly"
+               ng-disabled="currentEntity.disabled"
                ng-model="context.currentPropValues[0].value"
-               placeholder="{{ 'platform.genericValueInput.placeholders.integer' | translate}}" />
+               placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.integer' | translate}}" />
     </div>
 </script>
 <script type="text/ng-template" id="dPositiveInteger.html">
@@ -61,8 +68,9 @@
         <input smart-float num-type="positiveInteger"
                ng-required="currentEntity.isRequired"
                ng-readonly="currentEntity.isReadOnly"
+               ng-disabled="currentEntity.disabled"
                ng-model="context.currentPropValues[0].value"
-               placeholder="{{ 'platform.genericValueInput.placeholders.integer' | translate}}" />
+               placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.integer' | translate}}" />
     </div>
 </script>
 <script type="text/ng-template" id="dDecimal.html">
@@ -70,8 +78,9 @@
         <input smart-float num-type="float"
                ng-required="currentEntity.isRequired"
                ng-readonly="currentEntity.isReadOnly"
+               ng-disabled="currentEntity.disabled"
                ng-model="context.currentPropValues[0].value"
-               placeholder="{{ 'platform.genericValueInput.placeholders.number' | translate}}" />
+               placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.number' | translate}}" />
     </div>
 </script>
 <script type="text/ng-template" id="dDateTime.html">
@@ -80,7 +89,7 @@
                datepicker-popup
                ng-disabled="currentEntity.isReadOnly"
                is-open="datepickers.DateTime"
-               placeholder="{{ 'platform.genericValueInput.placeholders.date-time' | translate}}">
+               placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.date-time' | translate}}">
         <button ng-click="open($event, 'DateTime')" type="button" class="btn" ng-disabled="currentEntity.isReadOnly">
             <i class="btn-ico fa fa-calendar"></i>
         </button>
@@ -97,7 +106,7 @@
                 min-length="1"
                 min-tags="{{currentEntity.isRequired ? 1 : undefined}}"
                 display-property="value"
-                placeholder="{{ 'platform.genericValueInput.placeholders.short-text-multivalue' | translate}}">
+                placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.short-text-multivalue' | translate}}">
     </tags-input>
 </script>
 <script type="text/ng-template" id="dInteger-multivalue.html">
@@ -106,7 +115,7 @@
                 tags-number num-type="integer"
                 min-length="1"
                 display-property="value"
-                placeholder="{{ 'platform.genericValueInput.placeholders.integer-multivalue' | translate}}">
+                placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.integer-multivalue' | translate}}">
     </tags-input>
 </script>
 <script type="text/ng-template" id="dDecimal-multivalue.html">
@@ -115,13 +124,13 @@
                 tags-number num-type="float"
                 min-length="1"
                 display-property="value"
-                placeholder="{{ 'platform.genericValueInput.placeholders.number-multivalue' | translate}}">
+                placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.number-multivalue' | translate}}">
     </tags-input>
 </script>
 <script type="text/ng-template" id="dShortText-dictionary.html">
     <div class="form-input">
         <ui-select ng-model="context.currentPropValues[0]">
-            <ui-select-match placeholder="{{ 'platform.genericValueInput.placeholders.short-text-dictionary' | translate}}">{{$select.selected.name}}</ui-select-match>
+            <ui-select-match placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.short-text-dictionary' | translate}}">{{$select.selected.name}}</ui-select-match>
             <ui-select-choices repeat="propValue in context.allDictionaryValues | filter: {name: $select.search} | orderBy: 'value'">
                 <span ng-bind-html="propValue.name | highlight: $select.search"></span>
             </ui-select-choices>
@@ -132,7 +141,7 @@
 <script type="text/ng-template" id="dShortText-dictionary-multivalue.html">
     <div class="form-input">
         <ui-select multiple ng-model="context.currentPropValues">
-            <ui-select-match placeholder="{{ 'platform.genericValueInput.placeholders.short-text-dictionary-multivalue' | translate}}">{{$item.name}}</ui-select-match>
+            <ui-select-match placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.short-text-dictionary-multivalue' | translate}}">{{$item.name}}</ui-select-match>
             <ui-select-choices repeat="propValue in context.allDictionaryValues | filter: {name: $select.search} | orderBy: 'value'">
                 <span ng-bind-html="propValue.name | highlight: $select.search"></span>
             </ui-select-choices>
@@ -144,8 +153,9 @@
         <label class="lang-code">{{propValue.locale}}</label>
         <input ng-required="currentEntity.isRequired"
                ng-readonly="currentEntity.isReadOnly"
+               ng-disabled="currentEntity.disabled"
                ng-model="propValue.value"
-               placeholder="{{ 'platform.genericValueInput.placeholders.short-text-multilang' | translate}}">
+               placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.short-text-multilang' | translate}}">
     </div>
 </script>
 <script type="text/ng-template" id="dLongText-multilang.html">
@@ -153,8 +163,9 @@
         <label>{{propValue.locale}}</label>
         <textarea ng-required="currentEntity.isRequired"
                   ng-readonly="currentEntity.isReadOnly"
+                  ng-disabled="currentEntity.disabled"
                   ng-model="propValue.value"
-                  placeholder="{{ 'platform.genericValueInput.placeholders.long-text-multilang' | translate}}" />
+                  placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.long-text-multilang' | translate}}" />
     </div>
 </script>
 <script type="text/ng-template" id="dCode-multilang.html">
@@ -162,6 +173,7 @@
         <label>{{propValue.locale}}</label>
         <ui-codemirror ng-required="currentEntity.isRequired"
                        ng-readonly="currentEntity.isReadOnly"
+                       ng-disabled="currentEntity.disabled"
                        ng-model="propValue.value"
                        ui-codemirror-opts="editorOptions"></ui-codemirror>
     </div>
@@ -174,14 +186,14 @@
                     min-tags="{{currentEntity.isRequired ? 1 : undefined}}"
                     min-length="1"
                     display-property="value"
-                    placeholder="{{ 'platform.genericValueInput.placeholders.short-text-multivalue-multilang' | translate}}">
+                    placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.short-text-multivalue-multilang' | translate}}">
         </tags-input>
     </div>
 </script>
 <script type="text/ng-template" id="dShortText-dictionary-multilang.html">
     <div class="form-input">
         <ui-select ng-model="context.currentPropValues[0]">
-            <ui-select-match placeholder="{{ 'platform.genericValueInput.placeholders.short-text-dictionary-multilang' | translate}}">{{$select.selected.name}}</ui-select-match>
+            <ui-select-match placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.short-text-dictionary-multilang' | translate}}">{{$select.selected.name}}</ui-select-match>
             <ui-select-choices repeat="propValue in context.allDictionaryValues | filter: {name: $select.search}">
                 <span ng-bind-html="propValue.name | highlight: $select.search"></span>
             </ui-select-choices>
@@ -194,7 +206,7 @@
 <script type="text/ng-template" id="dShortText-dictionary-multivalue-multilang.html">
     <div class="form-input">
         <ui-select multiple ng-model="context.currentPropValues">
-            <ui-select-match placeholder="{{ 'platform.genericValueInput.placeholders.short-text-dictionary-multivalue-multilang' | translate}}">{{$item.name}}</ui-select-match>
+            <ui-select-match placeholder="{{currentEntity.placeholder || 'platform.genericValueInput.placeholders.short-text-dictionary-multivalue-multilang' | translate}}">{{$item.name}}</ui-select-match>
             <ui-select-choices repeat="propValue in context.allDictionaryValues | filter: {name: $select.search}">
                 <span ng-bind-html="propValue.name | highlight: $select.search"></span>
             </ui-select-choices>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/metaform.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/metaform.js
index ca70d70c413..38a06e8d51f 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/metaform.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/metaform.js
@@ -1,57 +1,62 @@
-angular.module('platformWebApp')
-.factory('platformWebApp.metaFormsService', [function () {
-    var registeredMetaFields = { };
+angular.module('platformWebApp')
+    .factory('platformWebApp.metaFormsService', [function () {
+        var registeredMetaFields = {};
 
-    return {
-        registerMetaFields: function (metaFormName, metaFields) {
-            if (!registeredMetaFields[metaFormName]) {
-                registeredMetaFields[metaFormName] = [];
+        return {
+            registerMetaFields: function (metaFormName, metaFields) {
+                if (!registeredMetaFields[metaFormName]) {
+                    registeredMetaFields[metaFormName] = [];
+                }
+                Array.prototype.push.apply(registeredMetaFields[metaFormName], metaFields);
+                registeredMetaFields[metaFormName] = _.sortBy(registeredMetaFields[metaFormName], 'priority');
+            },
+            getMetaFields: function (metaFormName) {
+                return registeredMetaFields[metaFormName];
             }
-            Array.prototype.push.apply(registeredMetaFields[metaFormName], metaFields);
-            registeredMetaFields[metaFormName] = _.sortBy(registeredMetaFields[metaFormName], 'priority');
-        },
-        getMetaFields: function(metaFormName) {
-            return registeredMetaFields[metaFormName];
-        }
-    };
-}])
-.directive('vaMetaform', [function () {
-    return {
-        restrict: 'E',
-        replace: true,
-        scope: {
-            blade: '=',
-            registeredInputs: '=',
-            columnCount: '@?'
-        },
-        templateUrl: '$(Platform)/Scripts/common/directives/metaform.tpl.html',
-        link: function (scope) {
-            var columnCount = scope.columnCount ? parseInt(scope.columnCount, 10) : 1;
+        };
+    }])
+    .directive('vaMetaform', [function () {
+        return {
+            restrict: 'E',
+            replace: true,
+            scope: {
+                blade: '=',
+                registeredInputs: '=',
+                columnCount: '@?'
+            },
+            templateUrl: '$(Platform)/Scripts/common/directives/metaform.tpl.html',
+            link: function (scope) {
+                var columnCount = scope.columnCount ? parseInt(scope.columnCount, 10) : 1;
 
-            var filteredInputs = _.filter(scope.registeredInputs, function (x) { return !x.isVisibleFn || x.isVisibleFn(scope.blade); });
+                var filteredInputs = _.filter(scope.registeredInputs, function (x) { return !x.isVisibleFn || x.isVisibleFn(scope.blade); });
 
-            var resultingGroups = [];
-            var isGroupStart = true, currentGroup;
-            _.each(filteredInputs, function (x) {
-                x = angular.copy(x);
-                x.ngBindingModel = x.name;
+                var resultingRows = [];
+                var currentRow;
+                var columnCountInRow = columnCount;
+                _.each(filteredInputs, function (x) {
+                    x = angular.copy(x);
+                    x.ngBindingModel = x.name;
+                    x.colSpan = x.colSpan || (x.spanAllColumns ? columnCount : 1);
+                    columnCountInRow += x.colSpan;
+                    let isNewRow = columnCountInRow > columnCount;
 
-                if (isGroupStart || (x.templateUrl && x.spanAllColumns)) {
-                    currentGroup = [x];
-                    resultingGroups.push(currentGroup);
-                } else {
-                    currentGroup.push(x);
-                }
-                isGroupStart = (x.templateUrl && x.spanAllColumns) || currentGroup.length == columnCount;
-            });
+                    if (isNewRow) {
+                        currentRow = [x];
+                        resultingRows.push(currentRow);
+                        columnCountInRow = x.colSpan;
+                    } else {
+                        currentRow.push(x);
+                    }
+                });
 
-            // generate empty columns
-            _.each(resultingGroups, function (gr) {
-                while (columnCount > gr.length) {
-                    gr.push({ templateUrl: 'emptyColumn.html' });
-                }
-            });
-            scope.bladeInputGroups = resultingGroups;
+                // generate empty columns
+                _.each(resultingRows, function (row) {
+                    var colSpans = _.reduce(row, function (memo, item) { return memo + item.colSpan; }, 0);
+                    for (var i = colSpans; i < columnCount; i++) {
+                        row.push({ templateUrl: 'emptyColumn.html' });
+                    }
+                });
+                scope.bladeInputGroups = resultingRows;
+            }
         }
-    }
-}]);
\ No newline at end of file
+    }]);
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/metaform.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/metaform.tpl.html
index 99e4a8e846c..56a8352eff2 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/metaform.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/metaform.tpl.html
@@ -1,18 +1,17 @@
-<div>
-    <div ng-repeat="group in bladeInputGroups" ng-class="{'columns clearfix': $last && group.length > 1}">
-        <div ng-repeat-start="data in group" ng-if="!data.templateUrl || !data.spanAllColumns" ng-class="{'column': !$first || !$last}" ng-init="data.blade=blade">
+<div>
+    <div ng-repeat="group in bladeInputGroups" class="columns clearfix">
+        <div ng-repeat-start="data in group" ng-if="!data.templateUrl || !data.spanAllColumns" ng-class="[data.cssClass, {'column': !$first || !$last}]" ng-init="data.blade=blade">
             <div class="form-group">
                 <label class="form-label" ng-if="data.title">{{ data.title | translate }}</label>
-                <!--get-dictionary-values="data.getDictionaryValues"-->
                 <va-generic-value-input ng-model="data" ng-if="!data.templateUrl"></va-generic-value-input>
                 <ng-include src='data.templateUrl' ng-if="data.templateUrl"></ng-include>
             </div>
         </div>
 
-        <ng-include src='data.templateUrl' ng-repeat-end ng-if="data.templateUrl && data.spanAllColumns"></ng-include>
+        <ng-include src='data.templateUrl' ng-repeat-end ng-if="data.templateUrl && data.spanAllColumns" ng-class="[data.cssClass, {'column': !$first || !$last}]"></ng-include>
     </div>
 
     <script type="text/ng-template" id="emptyColumn.html">
         <div style="height:60px">&nbsp;</div>
     </script>
-</div>
\ No newline at end of file
+</div>

From b1bfa8204c1c0762b6f189e57591ec32595e1b3b Mon Sep 17 00:00:00 2001
From: Filip Kuksov <vectorfield4@gmail.com>
Date: Wed, 24 Feb 2021 14:15:33 +0200
Subject: [PATCH 03/70] 3.47.0

---
 Directory.Build.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 8e7bd58336f..479eb92952c 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -9,7 +9,7 @@
     </PropertyGroup>
 
     <PropertyGroup>
-        <VersionPrefix>3.46.0</VersionPrefix>
+        <VersionPrefix>3.47.0</VersionPrefix>
         <VersionSuffix></VersionSuffix>
         <VersionSuffix Condition=" '$(VersionSuffix)' != '' AND '$(BuildNumber)' != '' ">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
         <NoWarn>$(NoWarn);S3875</NoWarn>

From 6db0c5775e5c668d3be9bd20ec6337e3374e9a73 Mon Sep 17 00:00:00 2001
From: alexandr andreev <aad@virtoway.com>
Date: Wed, 24 Feb 2021 16:16:54 +0300
Subject: [PATCH 04/70] Fix wrong enabling SAVE button (#2165)

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../js/app/dynamicProperties/blades/propertyValue-list.js      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/dynamicProperties/blades/propertyValue-list.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/dynamicProperties/blades/propertyValue-list.js
index da45eef7731..a95cf051c65 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/dynamicProperties/blades/propertyValue-list.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/dynamicProperties/blades/propertyValue-list.js
@@ -13,9 +13,10 @@ angular.module('platformWebApp')
         dynamicPropertiesApi.search({objectType: blade.currentEntity.objectType, take: blade.dynamicPropertyCount},
             function (response) {
                 var rawProperties = response.results;
+                var dynamicProperties = angular.copy(blade.currentEntity.dynamicProperties);
                 _.each(response.results, function(prop) {
                     prop.values = [];
-                    var filteredProperty = _.find(blade.currentEntity.dynamicProperties, function (o) { return o.name === prop.name; });
+                    var filteredProperty = _.find(dynamicProperties, function (o) { return o.name === prop.name; });
                     if (filteredProperty) {
                         prop.values = filteredProperty.values;
                     }

From 089cae9ec190567e91b31df4adcd59267a65f012 Mon Sep 17 00:00:00 2001
From: alexandr andreev <aad@virtoway.com>
Date: Thu, 25 Feb 2021 16:26:23 +0300
Subject: [PATCH 05/70] VP-6884: Verified status for an email address on the
 account blade (#2166)

* Add permission for Verify Email switcher
* Add Emeil verifivation event
* Add switcher to ui and apply permission
---
 .../PlatformConstants.cs                      |  5 +++-
 .../Events/UserVerificationEmailEvent.cs      | 14 ++++++++++
 .../Controllers/Api/SecurityController.cs     | 24 ++++++++++++++++
 .../en.VirtoCommerce.Platform.json            |  5 +++-
 .../css/themes/main/sass/modules/_forms.sass  |  7 +++++
 .../js/app/security/blades/account-detail.js  | 11 ++++++++
 .../security/blades/account-detail.tpl.html   | 28 +++++++++++++++----
 .../js/app/security/resources/accounts.js     |  3 +-
 8 files changed, 88 insertions(+), 9 deletions(-)
 create mode 100644 src/VirtoCommerce.Platform.Core/Security/Events/UserVerificationEmailEvent.cs

diff --git a/src/VirtoCommerce.Platform.Core/PlatformConstants.cs b/src/VirtoCommerce.Platform.Core/PlatformConstants.cs
index 84a1103dd65..86f560ef3c7 100644
--- a/src/VirtoCommerce.Platform.Core/PlatformConstants.cs
+++ b/src/VirtoCommerce.Platform.Core/PlatformConstants.cs
@@ -56,6 +56,7 @@ public static class Permissions
                                     SecurityAccess = "platform:security:access",
                                     SecurityUpdate = "platform:security:update",
                                     SecurityDelete = "platform:security:delete",
+                                    SecurityVerifyEmail = "platform:security:verifyEmail",
                                     SecurityLoginOnBehalf = "platform:security:loginOnBehalf";
 
                 public const string BackgroundJobsManage = "background_jobs:manage";
@@ -66,7 +67,9 @@ public static class Permissions
 
                 public static string[] AllPermissions { get; } = new[] { ResetCache, AssetAccess, AssetDelete, AssetUpdate, AssetCreate, AssetRead, ModuleQuery, ModuleAccess, ModuleManage,
                                               SettingQuery, SettingAccess, SettingUpdate, DynamicPropertiesQuery, DynamicPropertiesCreate, DynamicPropertiesAccess, DynamicPropertiesUpdate, DynamicPropertiesDelete,
-                                              SecurityQuery, SecurityCreate, SecurityAccess,  SecurityUpdate,  SecurityDelete, BackgroundJobsManage, PlatformExportImportAccess, PlatformImport, PlatformExport, SecurityLoginOnBehalf};
+                                              SecurityQuery, SecurityCreate, SecurityAccess,  SecurityUpdate,  SecurityDelete, BackgroundJobsManage, PlatformExportImportAccess, PlatformImport, PlatformExport, SecurityLoginOnBehalf ,
+                                              SecurityVerifyEmail
+                };
             }
 
             public static class Changes
diff --git a/src/VirtoCommerce.Platform.Core/Security/Events/UserVerificationEmailEvent.cs b/src/VirtoCommerce.Platform.Core/Security/Events/UserVerificationEmailEvent.cs
new file mode 100644
index 00000000000..4467d5ad409
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Core/Security/Events/UserVerificationEmailEvent.cs
@@ -0,0 +1,14 @@
+using VirtoCommerce.Platform.Core.Events;
+
+namespace VirtoCommerce.Platform.Core.Security.Events
+{
+    public class UserVerificationEmailEvent : DomainEvent
+    {
+        public ApplicationUser ApplicationUser { get; set; }
+
+        public UserVerificationEmailEvent(ApplicationUser applicationUser)
+        {
+            ApplicationUser = applicationUser;
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index 12276fdad0e..6dea457e115 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -662,6 +662,30 @@ public async Task<ActionResult<UserApiKey[]>> DeleteUserApiKeys([FromQuery] stri
             return Ok();
         }
 
+        /// <summary>
+        /// Verify user email
+        /// </summary>
+        /// <param name="userId"></param>
+        [HttpPost]
+        [Route("users/{userId}/sendVerificationEmail")]
+        [Authorize(PlatformConstants.Security.Permissions.SecurityVerifyEmail)]
+        public async Task<ActionResult> SendVerificationEmail([FromRoute] string userId)
+        {
+            var user = await _userManager.FindByIdAsync(userId);
+            if (user == null)
+            {
+                return BadRequest(IdentityResult.Failed(new IdentityError { Description = "User not found" }).ToSecurityResult());
+            }
+            if (!IsUserEditable(user.UserName))
+            {
+                return BadRequest(IdentityResult.Failed(new IdentityError { Description = "It is forbidden to edit this user." }).ToSecurityResult());
+            }
+
+            await _eventPublisher.Publish(new UserVerificationEmailEvent(user));
+
+            return Ok();
+        }
+
         //TODO: Remove later
 
         #region Obsolete methods
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
index a00a557ec07..ae272159047 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
@@ -364,7 +364,10 @@
                     "account-state": "Account state",
                     "account-email": "Email",
                     "locked-state": "Locked state",
-                    "status": "Status"
+                    "status": "Status",
+                    "verified": "Verified",
+                    "resend-link": "Resend link",
+                    "link-sent": "The link was sent"
                 },
                 "placeholders": {
                     "account-type": "Select ...",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_forms.sass b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_forms.sass
index 5c7107c4efc..dbca163bcab 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_forms.sass
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_forms.sass
@@ -81,6 +81,13 @@ fieldset + fieldset
   .__link
     float: right
     margin: 4px 0 0
+.form-group .form-line
+    display: flex
+    align-items: center
+.form-group .form-line .form-line-item-250
+    display: inline-block
+    width: 250px
+    padding-right: 20px
 .form-input input,
 .form-input textarea,
 .form-input select
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js
index d35a56e732e..2985e2a3b3b 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js
@@ -4,6 +4,7 @@ angular.module('platformWebApp').controller('platformWebApp.accountDetailControl
         blade.updatePermission = 'platform:security:update';
         blade.accountTypes = [];
         blade.statuses = [];
+        blade.isLinkSent = false;
 
         blade.refresh = function (parentRefresh) {
             var entity = parentRefresh ? blade.currentEntity : blade.data;
@@ -44,6 +45,16 @@ angular.module('platformWebApp').controller('platformWebApp.accountDetailControl
             return !angular.equals(blade.currentEntity, blade.origEntity) && blade.hasUpdatePermission();
         }
 
+        blade.sendLink = function () {
+            if (!blade.isLinkSent && !blade.isLoading) {
+                blade.isLoading = true;
+                accounts.verifyEmail({ userId: blade.currentEntity.id }, null , () => {
+                    blade.isLinkSent = true;
+                    blade.isLoading = false;
+                });
+            }
+        }
+
         blade.openSettingDictionaryController = function (currentEntityId) {
             var newBlade = {
                 id: currentEntityId,
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html
index 46182a15aee..fe82021ef67 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html
@@ -56,15 +56,31 @@
 </script>
 
 <script type="text/ng-template" id="accountEmail.html">
-    <div class="form-label">
-        {{ 'platform.blades.account-detail.labels.account-email' | translate }}
-    </div>
-    <div class="form-input">
-        <input type="email" ng-model="blade.currentEntity.email" placeholder="{{'platform.blades.account-detail.placeholders.email' | translate}}" />
+    <div class="form-line">
+        <div class="form-line-item-250">
+            <div class="form-label"> {{ 'platform.blades.account-detail.labels.account-email' | translate }}
+            </div>
+            <div class="form-input">
+                <input type="email" ng-model="blade.currentEntity.email" placeholder="{{'platform.blades.account-detail.placeholders.email' | translate}}"/>
+            </div>
+        </div>
+        <div class="form-label" va-permission="platform:security:verifyEmail">
+            <div class="form-label"> {{ 'platform.blades.account-detail.labels.verified' | translate }}
+            </div>
+            <div>
+                <label class="form-label __switch" >
+                    <input type="checkbox" ng-model="blade.currentEntity.emailConfirmed">
+                    <span class="switch" ng-class="{disabled: currentEntity.isReadOnly}"></span>
+                </label>
+            </div>
+            <div>
+                <a href="" ng-style="blade.isLinkSent && {'color':'green'} || {'color': ''}" ng-click="blade.sendLink()">
+                    {{blade.isLinkSent ? 'platform.blades.account-detail.labels.link-sent' : 'platform.blades.account-detail.labels.resend-link' | translate }}</a>
+            </div>
+        </div>
     </div>
 </script>
 
-
 <script type="text/ng-template" id="accountUserName.html">
     <div class="form-label">
         {{ 'platform.blades.account-detail.labels.login' | translate }}
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
index ccdc1f7a53a..251ea416f45 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
@@ -12,6 +12,7 @@ angular.module('platformWebApp').factory('platformWebApp.accounts', ['$resource'
         lock: { url: 'api/platform/security/users/:id/lock', method: 'POST' },
         getUserApiKeys: { url: 'api/platform/security/users/:id/apikeys', method: 'GET', isArray: true},
         saveUserApiKey: { url: 'api/platform/security/users/apikeys', method: 'POST' },
-        deleteUserApiKey: { url: 'api/platform/security/users/apikeys', method: 'DELETE' }
+        deleteUserApiKey: { url: 'api/platform/security/users/apikeys', method: 'DELETE' },
+        verifyEmail: { url: 'api/platform/security/users/:userId/sendVerificationEmail', method: 'POST' }
     });
 }]);

From 25334d9a23594cf85376c029aa2af38e1be3ac2e Mon Sep 17 00:00:00 2001
From: Filip Kuksov <vectorfield4@gmail.com>
Date: Thu, 25 Feb 2021 15:37:43 +0200
Subject: [PATCH 06/70] 3.48.0

---
 Directory.Build.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 479eb92952c..fd8e5d2e552 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -9,7 +9,7 @@
     </PropertyGroup>
 
     <PropertyGroup>
-        <VersionPrefix>3.47.0</VersionPrefix>
+        <VersionPrefix>3.48.0</VersionPrefix>
         <VersionSuffix></VersionSuffix>
         <VersionSuffix Condition=" '$(VersionSuffix)' != '' AND '$(BuildNumber)' != '' ">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
         <NoWarn>$(NoWarn);S3875</NoWarn>

From 247028aaf5ed263a51e9ec136682fef0eab25e3d Mon Sep 17 00:00:00 2001
From: alexandr andreev <aad@virtoway.com>
Date: Sat, 27 Feb 2021 14:20:19 +0300
Subject: [PATCH 07/70] VP-6888: Change verification status manually (#2167)

* Check additional permission for emailConfirmed field when update user
* Disable switcher if user without permission
* Set emailConfirmed to false if user email has been changed
---
 .../Controllers/Api/SecurityController.cs          | 14 ++++++++++++++
 .../js/app/security/blades/account-detail.js       |  8 ++++++--
 .../js/app/security/blades/account-detail.tpl.html |  8 ++++----
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index 6dea457e115..7d8f6a11ed1 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -21,6 +21,7 @@
 using VirtoCommerce.Platform.Core.Security.Search;
 using VirtoCommerce.Platform.Web.Model.Security;
 using SignInResult = Microsoft.AspNetCore.Identity.SignInResult;
+using PlatformPermissions = VirtoCommerce.Platform.Core.PlatformConstants.Security.Permissions;
 
 namespace VirtoCommerce.Platform.Web.Controllers.Api
 {
@@ -532,6 +533,19 @@ public async Task<ActionResult<SecurityResult>> Update([FromBody] ApplicationUse
             {
                 return Ok(IdentityResult.Failed(new IdentityError { Description = "It is forbidden to edit this user." }).ToSecurityResult());
             }
+
+            var applicationUser = await _userManager.FindByIdAsync(user.Id);
+            if (applicationUser.EmailConfirmed != user.EmailConfirmed
+                && !Request.HttpContext.User.HasGlobalPermission(PlatformPermissions.SecurityVerifyEmail))
+            {
+                return Unauthorized();
+            }
+
+            if (!applicationUser.Email.EqualsInvariant(user.Email))
+            {
+                user.EmailConfirmed = false;
+            }
+
             var result = await _userManager.UpdateAsync(user);
 
             return Ok(result.ToSecurityResult());
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js
index 2985e2a3b3b..46fa288d22e 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js
@@ -1,5 +1,5 @@
-angular.module('platformWebApp').controller('platformWebApp.accountDetailController', ['$scope', 'platformWebApp.bladeNavigationService', 'platformWebApp.metaFormsService', 'platformWebApp.accounts', 'platformWebApp.settings',
-    function ($scope, bladeNavigationService, metaFormsService, accounts, settings) {
+angular.module('platformWebApp').controller('platformWebApp.accountDetailController', ['$scope', 'platformWebApp.bladeNavigationService', 'platformWebApp.metaFormsService', 'platformWebApp.accounts', 'platformWebApp.settings', 'platformWebApp.authService',
+    function ($scope, bladeNavigationService, metaFormsService, accounts, settings, authService) {
         var blade = $scope.blade;
         blade.updatePermission = 'platform:security:update';
         blade.accountTypes = [];
@@ -84,6 +84,10 @@ angular.module('platformWebApp').controller('platformWebApp.accountDetailControl
             });
         };
 
+        blade.hasVerifyEmailPerrmission = () => {
+            return authService.checkPermission('platform:security:verifyEmail', blade.securityScopes);
+        }
+
         blade.onClose = function (closeCallback) {
             bladeNavigationService.showConfirmationIfNeeded(isDirty(), true, blade, $scope.saveChanges, closeCallback, "platform.dialogs.account-save.title", "platform.dialogs.account-save.message");
         };
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html
index fe82021ef67..d614adaa14e 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html
@@ -64,17 +64,17 @@
                 <input type="email" ng-model="blade.currentEntity.email" placeholder="{{'platform.blades.account-detail.placeholders.email' | translate}}"/>
             </div>
         </div>
-        <div class="form-label" va-permission="platform:security:verifyEmail">
+        <div class="form-label">
             <div class="form-label"> {{ 'platform.blades.account-detail.labels.verified' | translate }}
             </div>
             <div>
                 <label class="form-label __switch" >
-                    <input type="checkbox" ng-model="blade.currentEntity.emailConfirmed">
-                    <span class="switch" ng-class="{disabled: currentEntity.isReadOnly}"></span>
+                    <input type="checkbox" ng-model="blade.currentEntity.emailConfirmed" ng-disabled="!blade.hasVerifyEmailPerrmission()">
+                    <span class="switch" ng-class="{disabled: currentEntity.isReadOnly || !blade.hasVerifyEmailPerrmission() }"></span>
                 </label>
             </div>
             <div>
-                <a href="" ng-style="blade.isLinkSent && {'color':'green'} || {'color': ''}" ng-click="blade.sendLink()">
+                <a href="" ng-style="blade.isLinkSent && {'color':'green'} || {'color': ''}" ng-click="blade.sendLink()" va-permission="platform:security:verifyEmail">
                     {{blade.isLinkSent ? 'platform.blades.account-detail.labels.link-sent' : 'platform.blades.account-detail.labels.resend-link' | translate }}</a>
             </div>
         </div>

From 4377be2d15a0bd601e4b42a58261343cb14fecd0 Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Mon, 1 Mar 2021 17:50:28 +0200
Subject: [PATCH 08/70] VP-6894: Regenerate SecurityStamp on email change;
 Define ApplicationDiscriminator (#2169)

---
 .../Controllers/Api/SecurityController.cs                   | 5 +++--
 src/VirtoCommerce.Platform.Web/Startup.cs                   | 6 +++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index 7d8f6a11ed1..1ead9ca9be6 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -20,8 +20,8 @@
 using VirtoCommerce.Platform.Core.Security.Events;
 using VirtoCommerce.Platform.Core.Security.Search;
 using VirtoCommerce.Platform.Web.Model.Security;
-using SignInResult = Microsoft.AspNetCore.Identity.SignInResult;
 using PlatformPermissions = VirtoCommerce.Platform.Core.PlatformConstants.Security.Permissions;
+using SignInResult = Microsoft.AspNetCore.Identity.SignInResult;
 
 namespace VirtoCommerce.Platform.Web.Controllers.Api
 {
@@ -543,7 +543,8 @@ public async Task<ActionResult<SecurityResult>> Update([FromBody] ApplicationUse
 
             if (!applicationUser.Email.EqualsInvariant(user.Email))
             {
-                user.EmailConfirmed = false;
+                // SetEmailAsync also: sets EmailConfirmed to false and updates the SecurityStamp
+                await _userManager.SetEmailAsync(user, user.Email);
             }
 
             var result = await _userManager.UpdateAsync(user);
diff --git a/src/VirtoCommerce.Platform.Web/Startup.cs b/src/VirtoCommerce.Platform.Web/Startup.cs
index f26abd40b7c..05e217acab2 100644
--- a/src/VirtoCommerce.Platform.Web/Startup.cs
+++ b/src/VirtoCommerce.Platform.Web/Startup.cs
@@ -326,6 +326,10 @@ public void ConfigureServices(IServiceCollection services)
                 });
 
             services.Configure<IdentityOptions>(Configuration.GetSection("IdentityOptions"));
+            services.AddDataProtection(options =>
+            {
+                options.ApplicationDiscriminator = "VirtoCommerceGroup";
+            });
 
             //always  return 401 instead of 302 for unauthorized  requests
             services.ConfigureApplicationCookie(options =>
@@ -500,7 +504,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             app.UsePruneExpiredTokensJob();
 
             app.UseModules();
-            
+
             app.UseEndpoints(endpoints =>
             {
                 endpoints.MapControllerRoute(name: "default", pattern: "{controller=Home}/{action=Index}/{id?}");

From aa58d899d1fba170e79c8189453924a5e9bad769 Mon Sep 17 00:00:00 2001
From: alexandr andreev <aad@virtoway.com>
Date: Mon, 1 Mar 2021 20:55:23 +0300
Subject: [PATCH 09/70] VP-6888: add localization for permission (#2172)

* Add localization for platform permission

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../wwwroot/Localizations/en.VirtoCommerce.Platform.json         | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
index ae272159047..ee860ec848a 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
@@ -858,6 +858,7 @@
         "platform:security:access": "Allows to see Security in the main menu",
         "platform:security:update": "Allows to change an users and roles",
         "platform:security:delete": "Allows to delete an users and roles",
+        "platform:security:verifyEmail": "Allows to change verified state and send verification email",
         "background_jobs:manage": "Allows to access to  the Hangfire console",
         "platform:exportImport:access": "Allows to see Export/Import in the main menu",
         "platform:import": "Allows to import platform and modules data",

From 495bc7b08d210c6afb945b5d31ce99ad13da6814 Mon Sep 17 00:00:00 2001
From: Andrei Kolchanov <akak1977@users.noreply.github.com>
Date: Tue, 2 Mar 2021 12:10:37 +0500
Subject: [PATCH 10/70] VP-7049: Preserve username for hangfire context (#2171)

* VP-7049: Preserve username for hangfire context
* VP-7049: Add unit tests

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../Security/IUserNameResolver.cs             |  2 +
 .../HangfireUserContextMiddleware.cs          |  7 ++-
 .../HttpContextUserResolver.cs                | 10 ++++-
 .../Security/UserNameResolverTests.cs         | 43 +++++++++++++++++++
 4 files changed, 56 insertions(+), 6 deletions(-)
 create mode 100644 tests/VirtoCommerce.Platform.Tests/Security/UserNameResolverTests.cs

diff --git a/src/VirtoCommerce.Platform.Core/Security/IUserNameResolver.cs b/src/VirtoCommerce.Platform.Core/Security/IUserNameResolver.cs
index ec2b6a1b489..5bca1e3e7c8 100644
--- a/src/VirtoCommerce.Platform.Core/Security/IUserNameResolver.cs
+++ b/src/VirtoCommerce.Platform.Core/Security/IUserNameResolver.cs
@@ -3,5 +3,7 @@ namespace VirtoCommerce.Platform.Core.Security
     public interface IUserNameResolver
     {
         string GetCurrentUserName();
+
+        void SetCurrentUserName(string userName);
     }
 }
diff --git a/src/VirtoCommerce.Platform.Hangfire/Middleware/HangfireUserContextMiddleware.cs b/src/VirtoCommerce.Platform.Hangfire/Middleware/HangfireUserContextMiddleware.cs
index b830aaea186..f8878adc267 100644
--- a/src/VirtoCommerce.Platform.Hangfire/Middleware/HangfireUserContextMiddleware.cs
+++ b/src/VirtoCommerce.Platform.Hangfire/Middleware/HangfireUserContextMiddleware.cs
@@ -1,4 +1,3 @@
-using System.Threading;
 using Hangfire.Client;
 using Hangfire.Server;
 using VirtoCommerce.Platform.Core.Security;
@@ -7,8 +6,8 @@
 namespace VirtoCommerce.Platform.Hangfire.Middleware
 {
     /// <summary>
-    /// This class allow to process all hangifre jobs to add user name from identity and save it to
-    /// the Thread after job is perfoming to achieve getting access to user name in background tasks
+    /// This class allow to process all HangFire jobs to add user name from identity and save it to
+    /// the Thread after job is performing to achieve getting access to user name in background tasks
     /// </summary>
     public class HangfireUserContextMiddleware : IClientFilter, IServerFilter
     {
@@ -44,7 +43,7 @@ public void OnPerforming(PerformingContext filterContext)
         {
             var userName = filterContext.GetJobParameter<string>(USER_NAME);
 
-            Thread.SetData(Thread.GetNamedDataSlot(USER_NAME), userName);
+            _userNameResolver.SetCurrentUserName(userName);
         }
 
         public void OnPerformed(PerformedContext filterContext)
diff --git a/src/VirtoCommerce.Platform.Security/HttpContextUserResolver.cs b/src/VirtoCommerce.Platform.Security/HttpContextUserResolver.cs
index 8242c7ecf40..10076d0fc43 100644
--- a/src/VirtoCommerce.Platform.Security/HttpContextUserResolver.cs
+++ b/src/VirtoCommerce.Platform.Security/HttpContextUserResolver.cs
@@ -1,6 +1,5 @@
 using System.Threading;
 using Microsoft.AspNetCore.Http;
-using VirtoCommerce.Platform.Core.Common;
 using VirtoCommerce.Platform.Core.Security;
 using static VirtoCommerce.Platform.Data.Constants.DefaultEntityNames;
 
@@ -8,6 +7,8 @@ namespace VirtoCommerce.Platform.Security
 {
     public class HttpContextUserResolver : IUserNameResolver
     {
+        private static readonly AsyncLocal<string> _currentUserName = new AsyncLocal<string>();
+
         private readonly IHttpContextAccessor _httpContextAccessor;
 
         public HttpContextUserResolver(IHttpContextAccessor httpContextAccessor)
@@ -17,7 +18,7 @@ public HttpContextUserResolver(IHttpContextAccessor httpContextAccessor)
 
         public string GetCurrentUserName()
         {
-            var result = Thread.GetData(Thread.GetNamedDataSlot(ThreadSlotNames.USER_NAME)) as string ?? UNKNOWN_USERNAME;
+            var result = _currentUserName.Value ?? UNKNOWN_USERNAME;
 
             var context = _httpContextAccessor.HttpContext;
             if (context != null && context.Request != null && context.User != null)
@@ -34,5 +35,10 @@ public string GetCurrentUserName()
             }
             return result;
         }
+
+        public void SetCurrentUserName(string userName)
+        {
+            _currentUserName.Value = userName;
+        }
     }
 }
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/UserNameResolverTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/UserNameResolverTests.cs
new file mode 100644
index 00000000000..8698c5d0224
--- /dev/null
+++ b/tests/VirtoCommerce.Platform.Tests/Security/UserNameResolverTests.cs
@@ -0,0 +1,43 @@
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Moq;
+using VirtoCommerce.Platform.Security;
+using Xunit;
+
+namespace VirtoCommerce.Platform.Tests.Security
+{
+    /// <summary>
+    /// This tests user name preserved storage in HttpContextUserResolver
+    /// </summary>
+    public class UserNameResolverTests
+    {
+
+        private HttpContextUserResolver _resolver = new HttpContextUserResolver(Mock.Of<IHttpContextAccessor>());
+        private ThreadLocal<string> _threadLocalString = new ThreadLocal<string>();
+
+        [Fact]
+        public async Task TestUserPreserveForAsyncCalls()
+        {
+            const string user = "User1";
+
+            var async1 = EmulateAsync(user);
+            var (userFromResolver, userFromThreadLocal) = await async1;
+
+            // Ensure user preserved in resolver
+            Assert.Equal(user, userFromResolver);
+
+            // We are sure user was lost in ThreadLocal (in comparison to AsyncLocal inside of HttpContextUserResolver)
+            Assert.Null(userFromThreadLocal);
+        }
+
+        private async Task<(string userFromResolver, string userFromThreadLocal)> EmulateAsync(string user)
+        {
+            _resolver.SetCurrentUserName(user);
+            _threadLocalString.Value = user;
+            await Task.Delay(5); // Emulate async call context switching (the call switched to some another thread)
+            return (_resolver.GetCurrentUserName(), _threadLocalString.Value);
+        }
+
+    }
+}

From ed2ee7f963a3886499c9cd53ecbc5de5a1ae1ee4 Mon Sep 17 00:00:00 2001
From: alexandr andreev <aad@virtoway.com>
Date: Tue, 2 Mar 2021 11:25:27 +0300
Subject: [PATCH 11/70] VP-7223: Disable resend link when email changed and not
 saved (#2170)

* VP-7223: Hide link if the email was changed but not saved
* VP-7223: Add disabled style for the tag "a"

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../wwwroot/css/themes/main/sass/includes/_reset.sass       | 3 +++
 .../wwwroot/js/app/security/blades/account-detail.js        | 4 ++--
 .../wwwroot/js/app/security/blades/account-detail.tpl.html  | 6 +++---
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/includes/_reset.sass b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/includes/_reset.sass
index 8a3b8f45956..68d4cb3349e 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/includes/_reset.sass
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/includes/_reset.sass
@@ -48,6 +48,9 @@ ol
 a
   &:hover
     text-decoration: none
+a .disabled
+    pointer-events: none
+    cursor: default
 
 p
   margin: 0
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js
index 46fa288d22e..968de078ea8 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.js
@@ -46,7 +46,7 @@ angular.module('platformWebApp').controller('platformWebApp.accountDetailControl
         }
 
         blade.sendLink = function () {
-            if (!blade.isLinkSent && !blade.isLoading) {
+            if (!blade.isLinkSent && !blade.isLoading && blade.currentEntity.email === blade.origEntity.email) {
                 blade.isLoading = true;
                 accounts.verifyEmail({ userId: blade.currentEntity.id }, null , () => {
                     blade.isLinkSent = true;
@@ -84,7 +84,7 @@ angular.module('platformWebApp').controller('platformWebApp.accountDetailControl
             });
         };
 
-        blade.hasVerifyEmailPerrmission = () => {
+        blade.hasVerifyEmailPermission = () => {
             return authService.checkPermission('platform:security:verifyEmail', blade.securityScopes);
         }
 
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html
index d614adaa14e..5857d805906 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-detail.tpl.html
@@ -69,12 +69,12 @@
             </div>
             <div>
                 <label class="form-label __switch" >
-                    <input type="checkbox" ng-model="blade.currentEntity.emailConfirmed" ng-disabled="!blade.hasVerifyEmailPerrmission()">
-                    <span class="switch" ng-class="{disabled: currentEntity.isReadOnly || !blade.hasVerifyEmailPerrmission() }"></span>
+                    <input type="checkbox" ng-model="blade.currentEntity.emailConfirmed" ng-disabled="!blade.hasVerifyEmailPermission()">
+                    <span class="switch" ng-class="{disabled: currentEntity.isReadOnly || !blade.hasVerifyEmailPermission() }"></span>
                 </label>
             </div>
             <div>
-                <a href="" ng-style="blade.isLinkSent && {'color':'green'} || {'color': ''}" ng-click="blade.sendLink()" va-permission="platform:security:verifyEmail">
+                <a ng-class="blade.currentEntity.email !== blade.origEntity.email ? 'disabled': ''"  href="" ng-style="blade.isLinkSent && {'color':'green'} || {'color': ''}" ng-click="blade.sendLink()" va-permission="platform:security:verifyEmail">
                     {{blade.isLinkSent ? 'platform.blades.account-detail.labels.link-sent' : 'platform.blades.account-detail.labels.resend-link' | translate }}</a>
             </div>
         </div>

From 5e095c2b9471af2ded64f30342d4a769f2802992 Mon Sep 17 00:00:00 2001
From: Konstantin Savosteev <Konstantin.Savosteev@virtoway.com>
Date: Tue, 2 Mar 2021 14:00:15 +0200
Subject: [PATCH 12/70] VP-6905 add IHasConfiguration interface for extending
 modules with configuration (#2173)

---
 .../Modularity/IHasConfiguration.cs                  |  9 +++++++++
 .../ModuleInitializer.cs                             | 12 +++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 src/VirtoCommerce.Platform.Core/Modularity/IHasConfiguration.cs

diff --git a/src/VirtoCommerce.Platform.Core/Modularity/IHasConfiguration.cs b/src/VirtoCommerce.Platform.Core/Modularity/IHasConfiguration.cs
new file mode 100644
index 00000000000..67d4dd4b639
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Core/Modularity/IHasConfiguration.cs
@@ -0,0 +1,9 @@
+using Microsoft.Extensions.Configuration;
+
+namespace VirtoCommerce.Platform.Core.Modularity
+{
+    public interface IHasConfiguration
+    {
+        IConfiguration Configuration { get; set; }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Modules/ModuleInitializer.cs b/src/VirtoCommerce.Platform.Modules/ModuleInitializer.cs
index 56f84b1abd2..88373bc61be 100644
--- a/src/VirtoCommerce.Platform.Modules/ModuleInitializer.cs
+++ b/src/VirtoCommerce.Platform.Modules/ModuleInitializer.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Linq;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using VirtoCommerce.Platform.Core.Common;
@@ -16,14 +17,17 @@ public class ModuleInitializer : IModuleInitializer
     {
         private readonly ILogger<ModuleInitializer> _loggerFacade;
         private readonly IServiceCollection _serviceCollection;
+        private readonly IConfiguration _configuration;
+
         /// <summary>
         /// Initializes a new instance of <see cref="ModuleInitializer"/>.
         /// </summary>
         /// <param name="loggerFacade">The logger to use.</param>
-        public ModuleInitializer(ILogger<ModuleInitializer> loggerFacade, IServiceCollection serviceCollection)
+        public ModuleInitializer(ILogger<ModuleInitializer> loggerFacade, IServiceCollection serviceCollection, IConfiguration configuration)
         {
             _loggerFacade = loggerFacade ?? throw new ArgumentNullException("loggerFacade");
             _serviceCollection = serviceCollection;
+            _configuration = configuration;
         }
 
         /// <summary>
@@ -43,6 +47,12 @@ public void Initialize(ModuleInfo moduleInfo)
                 {
                     var moduleInstance = CreateModule(moduleInfo);
                     moduleInfo.ModuleInstance = moduleInstance;
+
+                    if (moduleInstance is IHasConfiguration configurableModule)
+                    {
+                        configurableModule.Configuration = _configuration;
+                    }
+
                     moduleInstance.Initialize(_serviceCollection);
                     moduleInfo.State = ModuleState.Initialized;
                 }

From 02c5552a1162b5583ee40fd80489efebd3650297 Mon Sep 17 00:00:00 2001
From: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
Date: Wed, 3 Mar 2021 15:52:41 +0200
Subject: [PATCH 13/70] Fix test for CI

Comment out code for developers.
---
 .../Security/UserNameResolverTests.cs                         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/VirtoCommerce.Platform.Tests/Security/UserNameResolverTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/UserNameResolverTests.cs
index 8698c5d0224..fff3f5d349e 100644
--- a/tests/VirtoCommerce.Platform.Tests/Security/UserNameResolverTests.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Security/UserNameResolverTests.cs
@@ -27,8 +27,8 @@ public async Task TestUserPreserveForAsyncCalls()
             // Ensure user preserved in resolver
             Assert.Equal(user, userFromResolver);
 
-            // We are sure user was lost in ThreadLocal (in comparison to AsyncLocal inside of HttpContextUserResolver)
-            Assert.Null(userFromThreadLocal);
+            // We can lost user in ThreadLocal (in comparison to AsyncLocal inside of HttpContextUserResolver)
+            // You can check this assert localy (sometimes you can lost data if context going to switch) Assert.Null(userFromThreadLocal);
         }
 
         private async Task<(string userFromResolver, string userFromThreadLocal)> EmulateAsync(string user)

From a8ab453c080992d625fa005210a8f988eea267be Mon Sep 17 00:00:00 2001
From: Filip Kuksov <vectorfield4@gmail.com>
Date: Wed, 3 Mar 2021 16:12:42 +0200
Subject: [PATCH 14/70] 3.49.0

---
 Directory.Build.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index fd8e5d2e552..def6bfa8aef 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -9,7 +9,7 @@
     </PropertyGroup>
 
     <PropertyGroup>
-        <VersionPrefix>3.48.0</VersionPrefix>
+        <VersionPrefix>3.49.0</VersionPrefix>
         <VersionSuffix></VersionSuffix>
         <VersionSuffix Condition=" '$(VersionSuffix)' != '' AND '$(BuildNumber)' != '' ">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
         <NoWarn>$(NoWarn);S3875</NoWarn>

From fa411d9ee0343073e6d012b65ac96f2a5b8993c5 Mon Sep 17 00:00:00 2001
From: Tatarincev Eugeney <et@virtoway.com>
Date: Wed, 3 Mar 2021 16:38:41 +0200
Subject: [PATCH 15/70] =?UTF-8?q?VP-7217:=20Rework=20caching=20logic=20in?=
 =?UTF-8?q?=20order=20to=20avoid=20memory=20leaks=20for=20CancellationT?=
 =?UTF-8?q?=E2=80=A6=20(#2168)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Rework caching logic in order to avoid memory leaks for CancellationTokens registrations

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
Co-authored-by: Andrei Kolchanov <akak1977@gmail.com>
Co-authored-by: Andrei Kolchanov <akak1977@users.noreply.github.com>
---
 .../PlatformMemoryCache.cs                    |   4 +-
 .../Redis/RedisPlatformMemoryCache.cs         |   4 +-
 .../Caching/CancellableCacheRegion.cs         | 189 +++++++++++++---
 .../Caching/LazyCancellationChangeToken.cs    |  56 +++++
 .../Caching/TokenCancelledEventArgs.cs        |   7 +
 .../Caching/CancellableCacheRegionTests.cs    | 207 ++++++++++++++++++
 .../Caching/GlobalCacheRegionTests.cs         |  38 ----
 .../Caching/MemoryCacheExtensionTests.cs      |   2 +-
 .../Caching/MemoryCacheTestsBase.cs           |   2 +
 .../Caching/PlatformMemoryCacheTests.cs       |   3 +-
 .../Caching/RedisPlatformMemoryCacheTests.cs  |   3 +-
 11 files changed, 437 insertions(+), 78 deletions(-)
 create mode 100644 src/VirtoCommerce.Platform.Core/Caching/LazyCancellationChangeToken.cs
 create mode 100644 tests/VirtoCommerce.Platform.Tests/Caching/CancellableCacheRegionTests.cs
 delete mode 100644 tests/VirtoCommerce.Platform.Tests/Caching/GlobalCacheRegionTests.cs

diff --git a/src/VirtoCommerce.Platform.Caching/PlatformMemoryCache.cs b/src/VirtoCommerce.Platform.Caching/PlatformMemoryCache.cs
index 2e5346ad3db..2ef2bb3d5f4 100644
--- a/src/VirtoCommerce.Platform.Caching/PlatformMemoryCache.cs
+++ b/src/VirtoCommerce.Platform.Caching/PlatformMemoryCache.cs
@@ -29,6 +29,8 @@ public virtual ICacheEntry CreateEntry(object key)
             {
                 result.RegisterPostEvictionCallback(callback: EvictionCallback);
                 var options = GetDefaultCacheEntryOptions();
+                //Add GlobalCache token for each entry
+                options.AddExpirationToken(GlobalCacheRegion.CreateChangeToken());
                 result.SetOptions(options);
             }
             return result;
@@ -70,8 +72,6 @@ public virtual MemoryCacheEntryOptions GetDefaultCacheEntryOptions()
                 {
                     result.SlidingExpiration = SlidingExpiration;
                 }
-
-                result.AddExpirationToken(GlobalCacheRegion.CreateChangeToken());
             }
 
             return result;
diff --git a/src/VirtoCommerce.Platform.Caching/Redis/RedisPlatformMemoryCache.cs b/src/VirtoCommerce.Platform.Caching/Redis/RedisPlatformMemoryCache.cs
index 5066434fc2b..8aecc155ee1 100644
--- a/src/VirtoCommerce.Platform.Caching/Redis/RedisPlatformMemoryCache.cs
+++ b/src/VirtoCommerce.Platform.Caching/Redis/RedisPlatformMemoryCache.cs
@@ -38,7 +38,7 @@ public RedisPlatformMemoryCache(IMemoryCache memoryCache
             _cachingOptions = cachingOptions.Value;
             _redisCachingOptions = redisCachingOptions.Value;
 
-            CacheCancellableTokensRegistry.OnTokenCancelled = CacheCancellableTokensRegistry_OnTokenCancelled;
+            CancellableCacheRegion.OnTokenCancelled = CacheCancellableTokensRegistry_OnTokenCancelled;
         }
        
         private void CacheCancellableTokensRegistry_OnTokenCancelled(TokenCancelledEventArgs e)
@@ -86,7 +86,7 @@ protected virtual void OnMessage(RedisChannel channel, RedisValue redisValue)
                     if (message.IsToken)
                     {
                         _log.LogTrace($"Trying to cancel token with key: {key}");
-                        CacheCancellableTokensRegistry.TryCancelToken(key, raiseEvent: false);
+                        CancellableCacheRegion.CancelForKey(key, propagate: false);
                     }
                     else
                     {
diff --git a/src/VirtoCommerce.Platform.Core/Caching/CancellableCacheRegion.cs b/src/VirtoCommerce.Platform.Core/Caching/CancellableCacheRegion.cs
index 5c7134ee63f..54801ff910e 100644
--- a/src/VirtoCommerce.Platform.Core/Caching/CancellableCacheRegion.cs
+++ b/src/VirtoCommerce.Platform.Core/Caching/CancellableCacheRegion.cs
@@ -1,43 +1,50 @@
 using System;
 using System.Collections.Concurrent;
+using System.Linq;
 using System.Threading;
 using Microsoft.Extensions.Primitives;
 
 namespace VirtoCommerce.Platform.Core.Caching
 {
-    //Store all cancellation tokens  that are associated for cached entries
-    public static class CacheCancellableTokensRegistry
+    public class CancellableCacheRegion
     {
-        private static ConcurrentDictionary<string, CancellationTokenSource> _tokensDict = new ConcurrentDictionary<string, CancellationTokenSource>();
-        //events are intentionally not used to restrict usage by multiple subscribers
-        public static Action<TokenCancelledEventArgs> OnTokenCancelled { get; set; }
-
-        public static IChangeToken CreateChangeToken(string tokenKey)
+        protected CancellableCacheRegion()
         {
-            var tokenSource = _tokensDict.GetOrAdd(tokenKey, _ => new CancellationTokenSource());
-            return new CancellationChangeToken(tokenSource.Token);
         }
-
-        public static bool TryCancelToken(string tokenKey, bool raiseEvent = true)
+        //need to preserve the name for backward compatibility
+        protected static readonly string _globalRegionName = "GlobalCacheRegion";
+        private static CancellationTokenSource _globalTokenSource = new CancellationTokenSource();
+        protected static CancellationTokenSource GlobalTokenSource
         {
-            var result = _tokensDict.TryRemove(tokenKey, out var token);
-            if (result)
+            get
             {
-                token.Cancel();
-                token.Dispose();
+                return _globalTokenSource;
             }
-            if (raiseEvent)
+        }
+
+        //events are intentionally not used to restrict usage by multiple subscribers
+        public static Action<TokenCancelledEventArgs> OnTokenCancelled { get; set; }
+
+        protected static event EventHandler<TokenCancelledEventArgs> TokenCancelled;
+
+        protected static void CancelAll()
+        {
+            var oldTokenSource = Interlocked.Exchange(ref _globalTokenSource, new CancellationTokenSource());
+
+            if (oldTokenSource != null && !oldTokenSource.IsCancellationRequested && oldTokenSource.Token.CanBeCanceled)
             {
-                //Notify even if no token found for the key.
-                //It is important for cached data consistency when scale-out configuration is used, because the other instances may contain cached entries with token has this key
-                TriggerOnCancel(tokenKey);
+                oldTokenSource.Cancel();
+                oldTokenSource.Dispose();
             }
-            return result;
         }
 
-        private static void TriggerOnCancel(string tokenKey)
+        public static void CancelForKey(string tokenKey, bool propagate = false)
         {
-            OnTokenCancelled?.Invoke(new TokenCancelledEventArgs(tokenKey));
+            var tokenCancelled = TokenCancelled;
+            if (tokenCancelled != null)
+            {
+                tokenCancelled(null, new TokenCancelledEventArgs(tokenKey, propagate));
+            }
         }
     }
 
@@ -45,10 +52,36 @@ private static void TriggerOnCancel(string tokenKey)
     /// Represents strongly typed cache region contains cancellation token for a concrete cache region type
     /// </summary>
     /// <typeparam name="T"></typeparam>
-    public class CancellableCacheRegion<T>
+    public class CancellableCacheRegion<T> : CancellableCacheRegion
     {
         private static readonly string _regionName = typeof(T).Name;
-
+        private static readonly string _regionNamePrefix = $"{typeof(T).Name}:";
+#pragma warning disable S2743 // Static fields should not be used in generic types
+        // False-positive SLint warning disabled.
+        // These fields really need for every class applied
+        private static CancellationTokenSource _regionTokenSource = new CancellationTokenSource();
+        private static readonly ConcurrentDictionary<string, CancellationTokenSource> _keyTokensDict = new ConcurrentDictionary<string, CancellationTokenSource>();
+        private static IDisposable _globalTokenDisposable;
+        private static readonly object _lock = new object();
+#pragma warning restore S2743 // Static fields should not be used in generic types
+        static CancellableCacheRegion()
+        {
+            TokenCancelled += (e, args) =>
+            {
+                if (string.IsNullOrEmpty(args.TokenKey))
+                {
+                    return;
+                }
+                if(args.TokenKey == _regionName)
+                {
+                    ExpireRegion(args.Propagate);
+                }
+                else if(args.TokenKey.StartsWith(_regionNamePrefix))
+                {
+                    InnerExpireTokenForKey(args.TokenKey, args.Propagate);
+                }
+            };
+        }
         protected CancellableCacheRegion()
         {
         }
@@ -59,35 +92,129 @@ public static IChangeToken CreateChangeTokenForKey(string key)
             {
                 throw new ArgumentNullException(nameof(key));
             }
-            return new CompositeChangeToken(new[] { CreateChangeToken(), CacheCancellableTokensRegistry.CreateChangeToken(GenerateRegionTokenKey(key)) });
+            var tokenKey = GenerateRegionTokenKey(key);
+            var tokenSource = _keyTokensDict.GetOrAdd(tokenKey, _ => new CancellationTokenSource());
+
+            EnsureGlobalTokenCallbackReistered();
+
+            var changeToken = new LazyCancellationChangeToken(tokenSource.Token);
+            var regionChangeToken = new LazyCancellationChangeToken(_regionTokenSource.Token);
+            var globalChangeToken = new LazyCancellationChangeToken(GlobalTokenSource.Token);
+
+            var compositionToken = new CompositeChangeToken(new[] { changeToken, regionChangeToken, globalChangeToken });
+            return compositionToken;
         }
 
         public static IChangeToken CreateChangeToken()
         {
-            return CacheCancellableTokensRegistry.CreateChangeToken(GenerateRegionTokenKey());
+            EnsureGlobalTokenCallbackReistered();
+            //workaround for backward compatibility
+            if (_regionName == _globalRegionName)
+            {
+                return new LazyCancellationChangeToken(GlobalTokenSource.Token);
+            }
+            else
+            {
+                var regionChangeToken = new LazyCancellationChangeToken(_regionTokenSource.Token);
+                var globalChangeToken = new LazyCancellationChangeToken(GlobalTokenSource.Token);
+
+                var compositionToken = new CompositeChangeToken(new[] { regionChangeToken, globalChangeToken });
+                return compositionToken;
+            }           
         }
 
+        //This method left for backward compatibility
         public static void ExpireTokenForKey(string key)
+        {
+            ExpireTokenForKey(key, propagate: true);
+        }
+
+        public static void ExpireTokenForKey(string key, bool propagate)
         {
             if (!(key is null))
             {
-                CacheCancellableTokensRegistry.TryCancelToken(GenerateRegionTokenKey(key));
+                var tokenKey = GenerateRegionTokenKey(key);
+
+                InnerExpireTokenForKey(tokenKey, propagate);               
             }
         }
 
+        //This method left for backward compatibility
         public static void ExpireRegion()
         {
-            CacheCancellableTokensRegistry.TryCancelToken(GenerateRegionTokenKey());
+            ExpireRegion(propagate: true);
+        }
+
+        public static void ExpireRegion(bool propagate)
+        {
+            var oldTokenSource = Interlocked.Exchange(ref _regionTokenSource, new CancellationTokenSource());
+            if (oldTokenSource != null && !oldTokenSource.IsCancellationRequested && oldTokenSource.Token.CanBeCanceled)
+            {
+                oldTokenSource.Cancel();
+                oldTokenSource.Dispose();
+            }
+
+            if (propagate)
+            {
+                OnTokenCancelled?.Invoke(new TokenCancelledEventArgs(_regionName));
+            }
+
+            foreach (var keyTokenSourceKey in _keyTokensDict.Keys.ToArray())
+            {
+                InnerExpireTokenForKey(keyTokenSourceKey, propagate: false);
+            }
+            //Backward compatibility with exists GlobalCacheRegion
+            if (_regionName == _globalRegionName)
+            {
+                CancelAll();
+            }
+        }
+
+        private static void EnsureGlobalTokenCallbackReistered()
+        {
+            if (_globalTokenDisposable == null)
+            {
+                lock (_lock)
+                {
+                    if (_globalTokenDisposable == null)
+                    {
+                        _globalTokenDisposable = GlobalTokenSource.Token.UnsafeRegister(state =>
+                        {
+                            ExpireRegion(propagate: false);
+                            if (_globalTokenDisposable != null)
+                            {
+                                _globalTokenDisposable.Dispose();
+                                _globalTokenDisposable = null;
+                            }
+                        }, null);
+                    }
+                }
+            }
         }
 
-        private static string GenerateRegionTokenKey(string key = null)
+        private static void InnerExpireTokenForKey(string tokenKey, bool propagate)
+        {
+            var result = _keyTokensDict.TryRemove(tokenKey, out var tokenSource);
+            if (result && !tokenSource.IsCancellationRequested && tokenSource.Token.CanBeCanceled)
+            {
+                tokenSource.Cancel();
+                tokenSource.Dispose();
+            }
+            if (propagate)
+            {
+                //Notify even if no token found for the key.
+                //It is important for cached data consistency when scale-out configuration is used, because the other instances may contain cached entries with token has this key
+                OnTokenCancelled?.Invoke(new TokenCancelledEventArgs(tokenKey));
+            }
+        }
+
+        public static string GenerateRegionTokenKey(string key = null)
         {
             if (!(key is null))
             {
-                return $"{_regionName}:{key}";
+                return $"{_regionNamePrefix}{key}";
             }
             return $"{_regionName}";
         }
-
     }
 }
diff --git a/src/VirtoCommerce.Platform.Core/Caching/LazyCancellationChangeToken.cs b/src/VirtoCommerce.Platform.Core/Caching/LazyCancellationChangeToken.cs
new file mode 100644
index 00000000000..1461fafdb13
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Core/Caching/LazyCancellationChangeToken.cs
@@ -0,0 +1,56 @@
+using System;
+using System.Threading;
+using Microsoft.Extensions.Primitives;
+
+namespace VirtoCommerce.Platform.Core.Caching
+{
+    /// <summary>
+    /// A <see cref="IChangeToken"/> implementation using <see cref="CancellationChangeToken"/>.
+    /// This class represents the copy of code <see cref="CancellationChangeToken"/> with only one intentionally overridden
+    ///  ActiveChangeCallbacks = false.  This will forbid of automatically calling RegisterChangeCallback in the places such as <see cref="CompositeChangeToken"/>
+    ///  and prevent of possible memory leaks when using shared CancellationToken  see: https://gist.github.com/tatarincev/4c942a7603a061d41deb393e0aa66545 
+    /// </summary>
+    public class LazyCancellationChangeToken : IChangeToken
+    {
+        /// <summary>
+        /// Initializes a new instance of <see cref="CancellationChangeToken"/>.
+        /// </summary>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/>.</param>
+        public LazyCancellationChangeToken(CancellationToken cancellationToken)
+        {
+            Token = cancellationToken;
+        }
+
+        /// False default value  will disable of calling RegisterChangeCallback in the other places such as <see cref="CompositeChangeToken"/>
+        public bool ActiveChangeCallbacks { get; private set; } = false;
+
+        /// <inheritdoc />
+        public bool HasChanged => Token.IsCancellationRequested;
+
+        private CancellationToken Token { get; }
+
+        /// <inheritdoc />
+        public IDisposable RegisterChangeCallback(Action<object> callback, object state)
+        {
+
+            try
+            {
+                return Token.UnsafeRegister(callback, state);
+            }
+            catch (ObjectDisposedException)
+            {
+                return NullDisposable.Instance;
+            }
+        }
+
+        private sealed class NullDisposable : IDisposable
+        {
+            public static readonly NullDisposable Instance = new NullDisposable();
+
+            public void Dispose()
+            {
+                // Method intentionally left empty.
+            }
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Core/Caching/TokenCancelledEventArgs.cs b/src/VirtoCommerce.Platform.Core/Caching/TokenCancelledEventArgs.cs
index e2186d610e8..1ca0a6cb621 100644
--- a/src/VirtoCommerce.Platform.Core/Caching/TokenCancelledEventArgs.cs
+++ b/src/VirtoCommerce.Platform.Core/Caching/TokenCancelledEventArgs.cs
@@ -5,11 +5,18 @@ namespace VirtoCommerce.Platform.Core.Caching
     public sealed class TokenCancelledEventArgs : EventArgs
     {
         public TokenCancelledEventArgs(string tokenKey)
+            : this(tokenKey, true)
+        {
+        }
+        public TokenCancelledEventArgs(string tokenKey, bool propagate)
         {
             TokenKey = tokenKey;
+            Propagate = propagate;
         }
 
         public string TokenKey { get; }
+        public bool Propagate { get;  }
+
         public override string ToString()
         {
             return $"{TokenKey}";
diff --git a/tests/VirtoCommerce.Platform.Tests/Caching/CancellableCacheRegionTests.cs b/tests/VirtoCommerce.Platform.Tests/Caching/CancellableCacheRegionTests.cs
new file mode 100644
index 00000000000..5b4204ef446
--- /dev/null
+++ b/tests/VirtoCommerce.Platform.Tests/Caching/CancellableCacheRegionTests.cs
@@ -0,0 +1,207 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Caching.Memory;
+using Microsoft.Extensions.Primitives;
+using VirtoCommerce.Platform.Caching;
+using VirtoCommerce.Platform.Core.Caching;
+using Xunit;
+
+namespace VirtoCommerce.Platform.Tests.Caching
+{
+    [Trait("Category", "Unit"), CollectionDefinition("CacheTests", DisableParallelization = true)]
+    public class CancellableCacheRegionTests : MemoryCacheTestsBase
+    {
+        [Fact]
+        public void CreateChangeTokenReturnsCompositeToken()
+        {
+            //Act
+            var token = CacheRegion.CreateChangeTokenForKey("key");
+            //Assertion
+            Assert.IsType<CompositeChangeToken>(token);
+            //Tokens for item, region and global
+            Assert.Equal(3, ((CompositeChangeToken)token).ChangeTokens.Count);
+            Assert.All(((CompositeChangeToken)token).ChangeTokens, x => Assert.IsType<LazyCancellationChangeToken>(x));
+
+            //Act
+            token = CacheRegion.CreateChangeToken();
+            //Assertion
+            Assert.IsType<CompositeChangeToken>(token);
+            //Tokens for item, region and global
+            Assert.Equal(2, ((CompositeChangeToken)token).ChangeTokens.Count);
+            Assert.All(((CompositeChangeToken)token).ChangeTokens, x => Assert.IsType<LazyCancellationChangeToken>(x));
+
+            //Act
+            token = GlobalCacheRegion.CreateChangeToken();
+            //Assertion
+            Assert.IsType<LazyCancellationChangeToken>(token);
+           
+        }
+
+        [Fact]
+        public void ExpiredItemTokenRemovesItem()
+        {
+            //Arrange
+            var cache = GetPlatformMemoryCache();
+            var key = "myKey";
+            var value = new object();
+
+            //Act
+            var expirationToken = CacheRegion.CreateChangeTokenForKey(key);
+
+            //Arrange
+            var result = cache.Set(key, value, expirationToken);
+
+            //Act
+            Assert.Same(value, result);
+            CacheRegion.ExpireTokenForKey(key);
+
+            //Assertion
+            result = cache.Get(key);
+            Assert.Null(result);
+        }
+
+        [Fact]
+        public void ExpiredRegionTokenRemovesAllRegionItems()
+        {
+            //Arrange
+            var cache = GetPlatformMemoryCache();
+            var key1 = "myKey1";
+            var key2 = "myKey2";
+            var value1 = new object();
+            var value2 = new object();
+
+            var token1 = CacheRegion.CreateChangeTokenForKey(key1);
+            var token2 = CacheRegion.CreateChangeTokenForKey(key2);
+
+            cache.Set(key1, value1, token1);
+            cache.Set(key2, value2, token2);
+
+            //Act
+            CacheRegion.ExpireRegion();
+
+            //Assertion
+            var result = cache.Get(key1);
+            Assert.Null(result);
+            result = cache.Get(key2);
+            Assert.Null(result);
+        }
+
+        [Fact]
+        public void ExpiredGlobalRegionTokenRemovesAll()
+        {
+            //Arrange
+            var cache = GetPlatformMemoryCache();
+            var key1 = "myKey1";
+            var key2 = "myKey2";
+            var value1 = new object();
+            var value2 = new object();
+
+            var token1 = CacheRegion.CreateChangeTokenForKey(key1);
+            var token2 = CacheRegion2.CreateChangeTokenForKey(key2);
+
+            cache.Set(key1, value1, token1);
+            cache.Set(key2, value2, token2);
+
+            //Act
+            GlobalCacheRegion.ExpireRegion();
+
+            //Assertion
+            var result = cache.Get(key1);
+            Assert.Null(result);
+            result = cache.Get(key2);
+            Assert.Null(result);
+        }
+
+        [Theory]
+        [InlineData(false, 0)]
+        [InlineData(true, 4)]
+        public void CancelTokenForKeyOnTokenCancelledCallCounts(bool propagate, int callbackCount)
+        {
+            //Arrange
+            var registeryCallbackInvokedCount = 0;
+            CancellableCacheRegion.OnTokenCancelled = args =>
+            {
+                Interlocked.Increment(ref registeryCallbackInvokedCount);
+            };
+
+            var cache = GetPlatformMemoryCache();
+            var key = "myKey";
+            var value1 = new object();
+            var value2 = new object();
+
+            var key1 = CacheRegion.GenerateRegionTokenKey(key);
+            var token1 = CacheRegion.CreateChangeTokenForKey(key);
+            var key2 = CacheRegion2.GenerateRegionTokenKey(key);
+            var token2 = CacheRegion2.CreateChangeTokenForKey(key);
+
+            //Act
+            cache.Set(key1, value1, token1);
+            cache.Set(key2, value2, token2);
+
+            //Assertion
+            var result = cache.Get(key1);
+            Assert.Same(value1, result);
+            result = cache.Get(key2);
+            Assert.Same(value2, result);
+
+            //Act
+            CancellableCacheRegion.CancelForKey(key1, propagate);
+
+            //Assertion
+            result = cache.Get(key1);
+            Assert.Null(result);
+            result = cache.Get(key2);
+            Assert.Same(value2, result);
+
+          
+            //Act
+            CancellableCacheRegion.CancelForKey(key2, propagate);
+
+            //Assertion
+            result = cache.Get(key2);
+            Assert.Null(result);
+
+            //Arrange
+            token1 = CacheRegion.CreateChangeTokenForKey(key);
+            token2 = CacheRegion2.CreateChangeTokenForKey(key);
+            cache.Set(key1, value1, token1);
+            cache.Set(key2, value2, token2);
+
+            //Act
+            //cancel region
+            CancellableCacheRegion.CancelForKey(CacheRegion.GenerateRegionTokenKey(), propagate);
+            //Assertion
+            result = cache.Get(key1);
+            Assert.Null(result);
+            result = cache.Get(key2);
+            Assert.Same(value2, result);
+
+            //Arrange
+            token1 = CacheRegion.CreateChangeTokenForKey(key);
+            token2 = CacheRegion2.CreateChangeTokenForKey(key);
+            cache.Set(key1, value1, token1);
+            cache.Set(key2, value2, token2);
+
+            //Act
+            //cancel global region
+            CancellableCacheRegion.CancelForKey(GlobalCacheRegion.GenerateRegionTokenKey(), propagate);
+            result = cache.Get(key1);
+            Assert.Null(result);
+            result = cache.Get(key2);
+            Assert.Null(result);
+
+            //Callback mustn't call
+            Assert.Equal(callbackCount, registeryCallbackInvokedCount);
+        }
+
+        public class CacheRegion : CancellableCacheRegion<CacheRegion>
+        {          
+        }
+        public class CacheRegion2 : CancellableCacheRegion<CacheRegion2>
+        {
+        }
+    }
+}
diff --git a/tests/VirtoCommerce.Platform.Tests/Caching/GlobalCacheRegionTests.cs b/tests/VirtoCommerce.Platform.Tests/Caching/GlobalCacheRegionTests.cs
deleted file mode 100644
index 07ce3f2e7c2..00000000000
--- a/tests/VirtoCommerce.Platform.Tests/Caching/GlobalCacheRegionTests.cs
+++ /dev/null
@@ -1,38 +0,0 @@
-using System;
-using VirtoCommerce.Platform.Caching;
-using VirtoCommerce.Platform.Core.Caching;
-using Xunit;
-
-namespace VirtoCommerce.Platform.Tests.Caching
-{
-    [Trait("Category", "Unit")]
-    public class GlobalCacheRegionTests: MemoryCacheTestsBase
-    {
-        private const string CacheKey = "test";
-
-        [Fact]
-        public void CacheEntry_Has_Global_Expiration_Token()
-        {
-            var platformMemoryCache = GetPlatformMemoryCache();
-            var entry = platformMemoryCache.CreateEntry("test");
-            Assert.Single(entry.ExpirationTokens);
-        }
-
-        [Fact]
-        public void Global_Cache_Region_Expired_Successfully()
-        {
-            var platformMemoryCache = GetPlatformMemoryCache();
-            var firstValue = GetSampleValueWithCache(platformMemoryCache);
-            var secondValue = GetSampleValueWithCache(platformMemoryCache);
-            GlobalCacheRegion.ExpireRegion();
-            var thirdValue = GetSampleValueWithCache(platformMemoryCache);
-            Assert.Equal(firstValue, secondValue);
-            Assert.NotEqual(firstValue, thirdValue);
-        }
-
-        private DateTime GetSampleValueWithCache(IPlatformMemoryCache platformMemoryCache)
-        {
-            return platformMemoryCache.GetOrCreateExclusive(CacheKey, x => DateTime.Now);
-        }
-    }
-}
diff --git a/tests/VirtoCommerce.Platform.Tests/Caching/MemoryCacheExtensionTests.cs b/tests/VirtoCommerce.Platform.Tests/Caching/MemoryCacheExtensionTests.cs
index 5bc3f917624..c50d2bda809 100644
--- a/tests/VirtoCommerce.Platform.Tests/Caching/MemoryCacheExtensionTests.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Caching/MemoryCacheExtensionTests.cs
@@ -12,7 +12,7 @@
 
 namespace VirtoCommerce.Platform.Tests.Caching
 {
-    [Trait("Category", "Unit")]
+    [Trait("Category", "Unit"), CollectionDefinition("CacheTests", DisableParallelization = true)]
     public class MemoryCacheExtensionTests : MemoryCacheTestsBase
     {
 
diff --git a/tests/VirtoCommerce.Platform.Tests/Caching/MemoryCacheTestsBase.cs b/tests/VirtoCommerce.Platform.Tests/Caching/MemoryCacheTestsBase.cs
index 647aa3ca1bd..f89cd33e897 100644
--- a/tests/VirtoCommerce.Platform.Tests/Caching/MemoryCacheTestsBase.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Caching/MemoryCacheTestsBase.cs
@@ -1,3 +1,4 @@
+using System;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Internal;
 using Microsoft.Extensions.Logging;
@@ -28,6 +29,7 @@ public static IMemoryCache CreateCache(ISystemClock clock)
             return new MemoryCache(new MemoryCacheOptions()
             {
                 Clock = clock,
+                ExpirationScanFrequency = TimeSpan.FromSeconds(1)
             });
         }
 
diff --git a/tests/VirtoCommerce.Platform.Tests/Caching/PlatformMemoryCacheTests.cs b/tests/VirtoCommerce.Platform.Tests/Caching/PlatformMemoryCacheTests.cs
index 2b51d20c1e8..3090f9333b5 100644
--- a/tests/VirtoCommerce.Platform.Tests/Caching/PlatformMemoryCacheTests.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Caching/PlatformMemoryCacheTests.cs
@@ -2,12 +2,11 @@
 using System.Threading;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Primitives;
-using VirtoCommerce.Platform.Caching;
-using VirtoCommerce.Platform.Core.Caching;
 using Xunit;
 
 namespace VirtoCommerce.Platform.Tests.Caching
 {
+    [Trait("Category", "Unit"), CollectionDefinition("CacheTests", DisableParallelization = true)]
     public class PlatformMemoryCacheTests: MemoryCacheTestsBase
     {
         [Fact]
diff --git a/tests/VirtoCommerce.Platform.Tests/Caching/RedisPlatformMemoryCacheTests.cs b/tests/VirtoCommerce.Platform.Tests/Caching/RedisPlatformMemoryCacheTests.cs
index f52873a7c79..4d4a0425c6a 100644
--- a/tests/VirtoCommerce.Platform.Tests/Caching/RedisPlatformMemoryCacheTests.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Caching/RedisPlatformMemoryCacheTests.cs
@@ -14,14 +14,13 @@
 
 namespace VirtoCommerce.Platform.Tests.Caching
 {
-    [Trait("Category", "Unit")]
+    [Trait("Category", "Unit"), CollectionDefinition("CacheTests", DisableParallelization = true)]
     public class RedisPlatformMemoryCacheTests: MemoryCacheTestsBase
     {
         private readonly Mock<IOptions<RedisCachingOptions>> _redisCachingOptionsMock = new Mock<IOptions<RedisCachingOptions>>();
         private readonly Mock<IConnectionMultiplexer> _connectionMock = new Mock<IConnectionMultiplexer>();
         private readonly Mock<ISubscriber> _subscriberMock = new Mock<ISubscriber>();
         private readonly Mock<ILogger<RedisPlatformMemoryCache>> _logMock = new Mock<ILogger<RedisPlatformMemoryCache>>();
-        private readonly TelemetryClient _telemetryClient = new TelemetryClient(TelemetryConfiguration.CreateDefault());
 
         private const string CacheKey = "test";
         private readonly ConnectionFailedEventArgs _getConnectionFailedEvenArgs = new ConnectionFailedEventArgs(null,

From 567795cf16bffe973b522cc8222a13dec316fd0f Mon Sep 17 00:00:00 2001
From: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
Date: Wed, 3 Mar 2021 17:15:46 +0200
Subject: [PATCH 16/70] Revert ApplicationDiscriminator (#2176)

---
 src/VirtoCommerce.Platform.Web/Startup.cs | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/VirtoCommerce.Platform.Web/Startup.cs b/src/VirtoCommerce.Platform.Web/Startup.cs
index 05e217acab2..8ee8abf1c10 100644
--- a/src/VirtoCommerce.Platform.Web/Startup.cs
+++ b/src/VirtoCommerce.Platform.Web/Startup.cs
@@ -326,10 +326,6 @@ public void ConfigureServices(IServiceCollection services)
                 });
 
             services.Configure<IdentityOptions>(Configuration.GetSection("IdentityOptions"));
-            services.AddDataProtection(options =>
-            {
-                options.ApplicationDiscriminator = "VirtoCommerceGroup";
-            });
 
             //always  return 401 instead of 302 for unauthorized  requests
             services.ConfigureApplicationCookie(options =>

From 182936cafbec64492df227cf136968583bce2e1b Mon Sep 17 00:00:00 2001
From: Tatarincev Eugeney <et@virtoway.com>
Date: Thu, 4 Mar 2021 16:34:57 +0200
Subject: [PATCH 17/70] Add new article (#2174)

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 docs/fundamentals/extensibility-basics.md     |  1 +
 .../extending-authorization-policies.md       | 61 +++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 docs/fundamentals/extensibility/extending-authorization-policies.md

diff --git a/docs/fundamentals/extensibility-basics.md b/docs/fundamentals/extensibility-basics.md
index 95411ba7ede..de6492b647d 100644
--- a/docs/fundamentals/extensibility-basics.md
+++ b/docs/fundamentals/extensibility-basics.md
@@ -27,6 +27,7 @@ What benefits you will get if you will follow our **Extension concept** and use
 * Domain and business logic extension
     * [extending domain types](./extensibility/extending-domain-models.md)
     * [extending using domain events](./extensibility/extending-using-events.md)
+    * [extending authorization policies](./extensibility/extending-authorization-policies.md)
     * [dynamic properties](./extensibility/using-dynamic-properties.md)
 * Platform manager UI extension
     * [extending main menu](./extensibility/extending-main-menu.md)
diff --git a/docs/fundamentals/extensibility/extending-authorization-policies.md b/docs/fundamentals/extensibility/extending-authorization-policies.md
new file mode 100644
index 00000000000..d0831328815
--- /dev/null
+++ b/docs/fundamentals/extensibility/extending-authorization-policies.md
@@ -0,0 +1,61 @@
+
+VirtoCommerce supports extension of existing authorization policies that are defined and checked in the Api controllers and other places. This article shows how to use the various techniques to extend exist authorization policies type without direct code modification.
+
+
+[View or download sample code](https://github.com/VirtoCommerce/vc-module-order/tree/dev/samples/VirtoCommerce.OrdersModule2.Web/Authorization)
+
+## Extending existing authorization policies
+
+Let's say we have this authorization checks in the OrderModule. And we want to extend the default `OrderAuthorizationHandler` is associated with this requirement `OrderAuthorizationRequirement` that is called during this authorization check with a new policy  that will limit the resulting orders by their statuses. To be able create a role that allows for concrete users see orders only with specific state(s).
+
+
+You can read more about how the authorization policies work by this link [Policy-based authorization in ASP.NET Core](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-5.0)
+
+
+*`OrderModuleController.cs`*
+```C#
+[HttpPost]
+[Route("api/order/customerOrders/search")]
+ public async Task<ActionResult<CustomerOrderSearchResult>> SearchCustomerOrder([FromBody] CustomerOrderSearchCriteria criteria)
+        {
+            var authorizationResult = await _authorizationService.AuthorizeAsync(User, criteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read));
+            if (!authorizationResult.Succeeded)
+            {
+                return Unauthorized();
+            }
+        }
+
+```
+In order to make this extension we need to define a new `CustomOrderAuthorizationHandler` class and use the same requirement `OrderAuthorizationRequirement` as it used in the original controller method for authorization check.
+
+
+*`CustomOrderAuthorizationHandler.cs`*
+```C#
+ public sealed class CustomOrderAuthorizationHandler : PermissionAuthorizationHandlerBase<OrderAuthorizationRequirement>
+    {
+        //Code skipped for better clarity
+    }
+```
+The next step you need to register your handler in the DI to tell for ASP.NET Authorization to call your handler along with another that are associated with `OrderAuthorizationRequirement` requirement.
+
+*`Module.cs`*
+```C#
+ public class Module : IModule
+    {
+        public void Initialize(IServiceCollection serviceCollection)
+        {
+            //Rest of code skipped for better clarity 
+            serviceCollection.AddTransient<IAuthorizationHandler, CustomOrderAuthorizationHandler>();
+        
+        }
+    }
+```
+After this point the custom `CustomOrderAuthorizationHandler`  along with another registered handlers will be executed each time when  `OrderAuthorizationRequirement`  being checked by this call  
+
+```C#
+IAuthorizationService.AuthorizeAsync(User, data, new OrderAuthorizationRequirement());
+```
+
+## Additional resources
+
+* [Make secure Web API](https://github.com/VirtoCommerce/vc-platform/blob/master/docs/fundamentals/make-secure-webapi.md)
\ No newline at end of file

From d9c743f937b60bae8e295621999e59c53e4ccac2 Mon Sep 17 00:00:00 2001
From: Filip Kuksov <vectorfield4@gmail.com>
Date: Tue, 9 Mar 2021 11:31:53 +0200
Subject: [PATCH 18/70] 3.50.0

---
 Directory.Build.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index def6bfa8aef..ea15feca316 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -9,7 +9,7 @@
     </PropertyGroup>
 
     <PropertyGroup>
-        <VersionPrefix>3.49.0</VersionPrefix>
+        <VersionPrefix>3.50.0</VersionPrefix>
         <VersionSuffix></VersionSuffix>
         <VersionSuffix Condition=" '$(VersionSuffix)' != '' AND '$(BuildNumber)' != '' ">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
         <NoWarn>$(NoWarn);S3875</NoWarn>

From d1a40dc7bbd1721d3561c492f6ed02b04df51160 Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Wed, 10 Mar 2021 09:43:54 +0200
Subject: [PATCH 19/70] PT-201: Add override for FromChangedEntry to accept
 operationType (#2177)

* PT-201: Write stable OperationLog.ObjectType value even for inherited types

* Update src/VirtoCommerce.Platform.Core/ChangeLog/OperationLog.cs

Co-authored-by: Andrey A. Vasenev <avas.the.wise@gmail.com>

* PT-201: Add override for FromChangedEntry() to accept objectType

Co-authored-by: Andrey A. Vasenev <avas.the.wise@gmail.com>
Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../ChangeLog/OperationLog.cs                        | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/VirtoCommerce.Platform.Core/ChangeLog/OperationLog.cs b/src/VirtoCommerce.Platform.Core/ChangeLog/OperationLog.cs
index ec3ef9668ab..395c0f1298f 100644
--- a/src/VirtoCommerce.Platform.Core/ChangeLog/OperationLog.cs
+++ b/src/VirtoCommerce.Platform.Core/ChangeLog/OperationLog.cs
@@ -21,8 +21,18 @@ public virtual OperationLog FromChangedEntry<T>(GenericChangedEntry<T> changedEn
                 throw new ArgumentNullException(nameof(changedEntry));
             }
 
+            return FromChangedEntry(changedEntry, changedEntry.OldEntry.GetType().Name);
+        }
+
+        public virtual OperationLog FromChangedEntry<T>(GenericChangedEntry<T> changedEntry, string objectType) where T : IEntity
+        {
+            if (changedEntry == null)
+            {
+                throw new ArgumentNullException(nameof(changedEntry));
+            }
+
             ObjectId = changedEntry.OldEntry.Id;
-            ObjectType = changedEntry.OldEntry.GetType().Name;
+            ObjectType = objectType;
             OperationType = changedEntry.EntryState;
 
             return this;

From 3168f12030f4df3e84e3708ff4faa10398f872a4 Mon Sep 17 00:00:00 2001
From: Konstantin Savosteev <Konstantin.Savosteev@virtoway.com>
Date: Mon, 15 Mar 2021 10:04:30 +0200
Subject: [PATCH 20/70] PT-332 modify DetectUserChanges method (#2180)

---
 .../Security/ApplicationUserExtensions.cs           | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/VirtoCommerce.Platform.Core/Security/ApplicationUserExtensions.cs b/src/VirtoCommerce.Platform.Core/Security/ApplicationUserExtensions.cs
index 7f0ca066451..621f75fde7b 100644
--- a/src/VirtoCommerce.Platform.Core/Security/ApplicationUserExtensions.cs
+++ b/src/VirtoCommerce.Platform.Core/Security/ApplicationUserExtensions.cs
@@ -7,19 +7,32 @@ public static class ApplicationUserExtensions
         public static ListDictionary<string, string> DetectUserChanges(this ApplicationUser newUser, ApplicationUser oldUser)
         {
             var result = new ListDictionary<string, string>();
+
             if (newUser.UserName != oldUser.UserName)
             {
                 result.Add(PlatformConstants.Security.Changes.UserUpdated, $"Changes: user name: {oldUser.UserName} -> {newUser.UserName}");
             }
+
+            if (newUser.Email != oldUser.Email)
+            {
+                result.Add(PlatformConstants.Security.Changes.UserUpdated, $"Changes: email: {oldUser.Email} -> {newUser.Email}");
+            }
+
             if (newUser.UserType != oldUser.UserType)
             {
                 result.Add(PlatformConstants.Security.Changes.UserUpdated, $"Changes: user type: {oldUser.UserType} -> {newUser.UserType}");
             }
+
             if (newUser.IsAdministrator != oldUser.IsAdministrator)
             {
                 result.Add(PlatformConstants.Security.Changes.UserUpdated, $"Changes: root: {oldUser.IsAdministrator} -> {newUser.IsAdministrator}");
             }
 
+            if (newUser.MemberId != oldUser.MemberId)
+            {
+                result.Add(PlatformConstants.Security.Changes.UserUpdated, $"Changes: member ID: {oldUser.MemberId} -> {newUser.MemberId}");
+            }
+
             if (newUser.PasswordHash != oldUser.PasswordHash)
             {
                 result.Add(PlatformConstants.Security.Changes.UserPasswordChanged, $"Password changed");

From 185e4192c0e5b57ad85b40cfdfa020afbfaf66fd Mon Sep 17 00:00:00 2001
From: Maksim Kopnov <mko@virtoway.com>
Date: Tue, 16 Mar 2021 17:59:11 +0700
Subject: [PATCH 21/70] VP-7298: Remove outdated workflows

---
 .github/workflows/delivery.yml      | 136 ----------------------------
 .github/workflows/release-alpha.yml |  85 -----------------
 2 files changed, 221 deletions(-)
 delete mode 100644 .github/workflows/delivery.yml
 delete mode 100644 .github/workflows/release-alpha.yml

diff --git a/.github/workflows/delivery.yml b/.github/workflows/delivery.yml
deleted file mode 100644
index 7cab74c55dc..00000000000
--- a/.github/workflows/delivery.yml
+++ /dev/null
@@ -1,136 +0,0 @@
-name: Deploy
-
-# Controls when the action will run. Triggers the workflow on push or pull request
-# events but only for the master branch
-on:
-   workflow_dispatch:
-    inputs:
-      versionTag:
-        description: 'Image version tag'
-        required: true
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
-jobs:
-  deploy:
-    name: Deploy
-    # The type of runner that the job will run on
-    runs-on: ubuntu-latest
-    if: ${{ github.event_name != 'pull_request' || github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deployment pending') }}
-    env:
-      DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
-      DOCKER_TOKEN: ${{secrets.DOCKER_TOKEN}}
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: Setup Kustomize
-      uses: imranismail/setup-kustomize@v1
-      with:
-        kustomize-version: "3.1.0"
-
-    - name: Start deployment
-      uses: bobheadxi/deployments@master
-      id: deployment
-      with:
-        step: start
-        token: ${{ secrets.GITHUB_TOKEN }}
-        env: Development
-        no_override: false
-
-    - name: Commit environment change
-      shell: pwsh
-      run: |
-        cd ${{ github.workspace }}
-        git clone https://github.com/VirtoCommerce/vc-deploy-apps.git
-        cd vc-deploy-apps/webstore-app/overlays/dev
-
-        $REPOSITORY = "docker.pkg.github.com/$('${{ github.repository }}'.ToLower())"
-        kustomize edit set image virtocommerce/platform=$REPOSITORY/platform:${{ github.event.inputs.versionTag }}
-
-        git config user.email "github.actions@virtoway.com"
-        git config user.name "GitHub Actions"
-
-        git add .
-        git commit -m "Update the platform image version to $($version)"
-
-        $remoteRepo="https://${{ github.actor }}:${{ secrets.REPO_TOKEN }}@github.com/VirtoCommerce/vc-deploy-apps.git"
-
-        git push $remoteRepo
-
-    - name: Wait for environment is up
-      shell: pwsh
-      timeout-minutes: 5
-      run: | 
-        do {
-          Start-Sleep -s 15
-
-          $statusBage = (Invoke-WebRequest -Uri "https://cd.govirto.com/api/badge?name=webstore-dev-app").Content
-          
-          $syncedAndHealthy = $statusBage.Contains('>Healthy<') -and $statusBage.Contains('>Synced<')
-
-          if (-not $syncedAndHealthy) {
-            Write-Host "Sync pending..."
-          }
-        }
-        while (-not $syncedAndHealthy)
-
-    - name: BUILD_STATE::successful
-      if: success()
-      run: echo "::set-env name=BUILD_STATE::successful"
-
-    - name: BUILD_STATE::failed
-      if: failure()
-      run: echo "::set-env name=BUILD_STATE::failed"
-
-    - name: Update GitHub deployment status
-      uses: bobheadxi/deployments@master
-      if: always()
-      with:
-        step: finish
-        token: ${{ secrets.GITHUB_TOKEN }}
-        status: ${{ job.status }}
-        deployment_id: ${{ steps.deployment.outputs.deployment_id }}
-
-    - name: Parse Jira Keys from All Commits
-      id: jira_keys
-      if: always()
-      uses: HighwayThree/jira-extract-issue-keys@master
-      with:
-        is-pull-request: ${{ github.event_name == 'pull_request' }}
-        parse-all-commits: ${{ github.event_name == 'push' }}
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  
-    - name: Push Deployment Info to Jira
-      if: ${{ env.CLOUD_INSTANCE_BASE_URL != 0 && env.CLIENT_ID != 0 && env.CLIENT_SECRET != 0 && steps.jira_keys.outputs.jira-keys != '' && always() }}
-      id: push_deployment_info_to_jira
-      uses: HighwayThree/jira-upload-deployment-info@master
-      env:
-        CLOUD_INSTANCE_BASE_URL: ${{secrets.CLOUD_INSTANCE_BASE_URL}}
-        CLIENT_ID: ${{secrets.CLIENT_ID}}
-        CLIENT_SECRET: ${{secrets.CLIENT_SECRET}}
-      with:
-        cloud-instance-base-url: '${{ secrets.CLOUD_INSTANCE_BASE_URL }}'
-        client-id: '${{ secrets.CLIENT_ID }}'
-        client-secret: '${{ secrets.CLIENT_SECRET }}'
-        deployment-sequence-number: '${{ github.run_id }}'
-        update-sequence-number: '${{ github.run_id }}'
-        issue-keys: "${{ steps.jira_keys.outputs.jira-keys }}"
-        display-name: "http://webstore-platform.dev.govirto.com/"
-        url: "http://webstore-platform.dev.govirto.com/"
-        description: "Deployment to the Development environment"
-        last-updated: '${{github.event.head_commit.timestamp}}'
-        state: "${{ env.BUILD_STATE }}"
-        pipeline-id: '${{ github.repository }} ${{ github.workflow }}'
-        pipeline-display-name: 'Workflow: ${{ github.workflow }} (#${{ github.run_number }})'
-        pipeline-url: '${{github.event.repository.html_url}}/actions/runs/${{github.run_id}}'
-        environment-id: 'development'
-        environment-display-name: 'Dev'
-        environment-type: 'development'
-
-    - name: Remove Deployment Pending Label
-      uses: buildsville/add-remove-label@v1
-      if: ${{ always() && github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deployment pending') }}
-      with:
-        token: ${{secrets.GITHUB_TOKEN}}
-        label: 'deployment pending'
-        type: remove
diff --git a/.github/workflows/release-alpha.yml b/.github/workflows/release-alpha.yml
deleted file mode 100644
index 74deb1a8fd2..00000000000
--- a/.github/workflows/release-alpha.yml
+++ /dev/null
@@ -1,85 +0,0 @@
-# v1.1.1
-name: Platform Release alpha CI
-on:
-  workflow_dispatch:
-
-jobs:
-  ci:
-    runs-on: ubuntu-latest
-    env:
-      SONAR_TOKEN: ${{secrets.SONAR_TOKEN}}
-      GITHUB_TOKEN: ${{ secrets.REPO_TOKEN }}
-      NUGET_KEY: ${{ secrets.NUGET_KEY }}
-      BLOB_SAS: ${{ secrets.BLOB_TOKEN }}
-
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        fetch-depth: 0
-
-    - name: Set up .net Core 3.1.x for vc-build #GitHib Actions migrates to .net Core 5.x. To vc-build work properly need to manually install .net Core 3.1.x
-      uses: actions/setup-dotnet@v1
-      with:
-        dotnet-version: '3.1.x'
-
-    - name: Set up JDK 11 for dotnet-sonarscanner #Sonar stop accepting Java versions less than 11
-      uses: actions/setup-java@v1
-      with:
-        java-version: 1.11
-
-    - name: Install VirtoCommerce.GlobalTool
-      run: dotnet tool install --global VirtoCommerce.GlobalTool
-
-    - name: Install dotnet-sonarscanner
-      run: dotnet tool install --global dotnet-sonarscanner
-
-    - name: Get Image Version
-      uses: VirtoCommerce/vc-github-actions/get-image-version@master
-      id: image
-      with:
-        releaseBranch: '' #Always creates tags for alpha version regardless of the forced branch
-
-    - name: Add version suffix
-      uses: VirtoCommerce/vc-github-actions/add-version-suffix@master
-      with:
-        versionSuffix: ${{ steps.image.outputs.suffix }}
-
-    - name: SonarCloud Begin
-      uses: VirtoCommerce/vc-github-actions/sonar-scanner-begin@master
-
-    - name: Build
-      run: vc-build Compile
-
-    - name: Unit Tests
-      run: vc-build Test -skip
-
-    - name: SonarCloud End
-      uses: VirtoCommerce/vc-github-actions/sonar-scanner-end@master
-
-    - name: Packaging
-      run: vc-build Compress -skip Clean+Restore+Compile+Test
-
-    - name: Build Docker Image
-      id: dockerBuild
-      uses: VirtoCommerce/vc-github-actions/build-docker-image@master
-      with:
-        imageName: "platform"
-        tag: ${{ steps.image.outputs.taggedVersion }}
-        dockerFiles: "https://raw.githubusercontent.com/VirtoCommerce/vc-docker/master/linux/platform/Dockerfile;https://raw.githubusercontent.com/VirtoCommerce/vc-docker/master/linux/platform/wait-for-it.sh"
-          
-    - name: Docker Login
-      uses: azure/docker-login@v1
-      with:
-        login-server: docker.pkg.github.com
-        username: $GITHUB_ACTOR
-        password: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Publish Docker Image
-      uses: VirtoCommerce/vc-github-actions/publish-docker-image@master
-      with:
-          image: ${{ steps.dockerBuild.outputs.imageName }}
-          tag: ${{ steps.image.outputs.taggedVersion }}
-          docker_user: ${{ secrets.DOCKER_USERNAME }}
-          docker_token: ${{ secrets.DOCKER_TOKEN }}
-          docker_hub: 'false'
-          update_latest: 'false'
\ No newline at end of file

From b4832d5ff4131d3a32f26aca3e43f45821a588d2 Mon Sep 17 00:00:00 2001
From: Maksim Kopnov <44946644+mvktsk@users.noreply.github.com>
Date: Wed, 17 Mar 2021 18:03:09 +0700
Subject: [PATCH 22/70] VP-6522: Rename owasp workflow

---
 .github/workflows/owasp.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml
index 5f12e3d9dff..d7d09455a56 100644
--- a/.github/workflows/owasp.yml
+++ b/.github/workflows/owasp.yml
@@ -1,4 +1,4 @@
-name: Docker Environment + OWASP
+name: OWASP ZAP
 on:
   push:
     paths-ignore:

From d9961bdfbf645f05756fb4dc6233b7624b5e6e5d Mon Sep 17 00:00:00 2001
From: Maksim Kopnov <44946644+mvktsk@users.noreply.github.com>
Date: Thu, 18 Mar 2021 13:06:43 +0700
Subject: [PATCH 23/70] Change Install VirtoCommerce.GlobalTool step

Change Install VirtoCommerce.GlobalTool step to use vc-github-actions/setup-vcbuild action
---
 .github/workflows/e2e.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 53934791c21..f13b4d8d388 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -38,7 +38,7 @@ jobs:
         dotnet-version: '3.1.x'
 
     - name: Install VirtoCommerce.GlobalTool
-      run: dotnet tool install --global VirtoCommerce.GlobalTool
+      uses: VirtoCommerce/vc-github-actions/setup-vcbuild@master
 
     - name: Get Image Version
       uses: VirtoCommerce/vc-github-actions/get-image-version@master
@@ -91,4 +91,4 @@ jobs:
       if: ${{ ( success() || failure() ) && github.event_name == 'pull_request' }}
       uses: VirtoCommerce/vc-github-actions/publish-katalon-report@master
       with: 
-        testProjectPath: ${{ github.workspace }}
\ No newline at end of file
+        testProjectPath: ${{ github.workspace }}

From df3a8c0318fe71b944774eb499c5f392b49458c8 Mon Sep 17 00:00:00 2001
From: Andrei Kolchanov <akak1977@users.noreply.github.com>
Date: Thu, 18 Mar 2021 14:13:17 +0500
Subject: [PATCH 24/70] PT-495: Repair native ASP.NET password hasher pass to
 CustomUserManager (#2182)

---
 .../Security/CustomUserManager.cs                      | 10 +++++-----
 .../Security/SecurityMockHelpers.cs                    |  1 +
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
index e4716d2af13..fbd2dab5a7a 100644
--- a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
+++ b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
@@ -20,9 +20,9 @@ public class CustomUserManager : AspNetUserManager<ApplicationUser>
         private readonly IPlatformMemoryCache _memoryCache;
         private readonly RoleManager<Role> _roleManager;
         private readonly IEventPublisher _eventPublisher;
-        private readonly IUserPasswordHasher _passwordHasher;
+        private readonly IUserPasswordHasher _userPasswordHasher;
 
-        public CustomUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOptions> optionsAccessor, IUserPasswordHasher passwordHasher,
+        public CustomUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOptions> optionsAccessor, IPasswordHasher<ApplicationUser> passwordHasher, IUserPasswordHasher userPasswordHasher,
                                  IEnumerable<IUserValidator<ApplicationUser>> userValidators, IEnumerable<IPasswordValidator<ApplicationUser>> passwordValidators,
                                  ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider services,
                                  ILogger<UserManager<ApplicationUser>> logger, RoleManager<Role> roleManager, IPlatformMemoryCache memoryCache, IEventPublisher eventPublisher)
@@ -31,7 +31,7 @@ public CustomUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOpt
             _memoryCache = memoryCache;
             _roleManager = roleManager;
             _eventPublisher = eventPublisher;
-            _passwordHasher = passwordHasher;
+            _userPasswordHasher = userPasswordHasher;
         }
 
         public override async Task<ApplicationUser> FindByLoginAsync(string loginProvider, string providerKey)
@@ -109,7 +109,7 @@ public override async Task<IdentityResult> ResetPasswordAsync(ApplicationUser us
             {
                 SecurityCacheRegion.ExpireUser(user);
                 // Calculate password hash for external hash storage. This provided as workaround until password hash storage would implemented
-                var customPasswordHash = _passwordHasher.HashPassword(user, newPassword);
+                var customPasswordHash = _userPasswordHasher.HashPassword(user, newPassword);
                 await _eventPublisher.Publish(new UserResetPasswordEvent(user.Id, customPasswordHash));
             }
 
@@ -123,7 +123,7 @@ public override async Task<IdentityResult> ChangePasswordAsync(ApplicationUser u
             {
                 SecurityCacheRegion.ExpireUser(user);
                 // Calculate password hash for external hash storage. This provided as workaround until password hash storage would implemented
-                var customPasswordHash = _passwordHasher.HashPassword(user, newPassword);
+                var customPasswordHash = _userPasswordHasher.HashPassword(user, newPassword);
                 await _eventPublisher.Publish(new UserPasswordChangedEvent(user.Id, customPasswordHash));
             }
 
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs b/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
index fc24d2886ef..34a159eff3c 100644
--- a/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
@@ -47,6 +47,7 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
             var userManager = new CustomUserManager(storeMock.Object,
                 Mock.Of<IOptions<IdentityOptions>>(),
                 passwordHasher.Object,
+                passwordHasher.Object,
                 userValidators,
                 pwdValidators,
                 Mock.Of<ILookupNormalizer>(),

From 019da1c90566dfa6c9e328b03523e95730a653bd Mon Sep 17 00:00:00 2001
From: OlegoO <zhukoo@gmail.com>
Date: Fri, 19 Mar 2021 08:56:10 +0200
Subject: [PATCH 25/70] Update documentation details

---
 .../update-module-from-platform-2.0-to-version-3.md       | 2 +-
 mkdocs.yml                                                | 8 +++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/release-information/update-to-version-3/update-module-from-platform-2.0-to-version-3.md b/docs/release-information/update-to-version-3/update-module-from-platform-2.0-to-version-3.md
index 7aa6bb6d5b0..97502d9daab 100644
--- a/docs/release-information/update-to-version-3/update-module-from-platform-2.0-to-version-3.md
+++ b/docs/release-information/update-to-version-3/update-module-from-platform-2.0-to-version-3.md
@@ -192,7 +192,7 @@ This article describes how to update an existing [CustomerReviews sample](https:
         > **Note:** if there are extended entities then need to explicitly update `Discriminator` to extended type. For more details please check [extension article](../../techniques/extend-DB-model.md#L63) Discriminator column creation part.
 
 5. If separated databases are used by the solution, follow the steps in [Prepare separated databases for VC v3](prepare-separated-databases-for-v3.md).
-6. It's useful sometimes to apply migrations without starting the platform. There is an utility to extract and apply migrations (integrated to vc-build tool). Take a reference to [Grab migrator utility](../../../build/GrabMigrator/samples/readme.md).
+6. It's useful sometimes to apply migrations without starting the platform. There is an utility to extract and apply migrations (integrated to vc-build tool). Take a reference to [Grab migrator utility](https://github.com/VirtoCommerce/vc-platform/tree/master/build/GrabMigrator/samples).
 
 ## 5. Make changes in CustomerReviews&#46;Web project
 1. Execute "**Reload Project**" on CustomerReviews.**Web** project in Solution Explorer (as it was unloaded earlier).
diff --git a/mkdocs.yml b/mkdocs.yml
index e77f0c5ddc9..c9b35846734 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -32,8 +32,8 @@ plugins:
 #    - monorepo
 
 # Project information
-site_name: Virto Commerce
-site_description: Virto Commerce Documentation
+site_name: Virto Commerce Documentation
+site_description: Documentation for enterprise-level Microsoft .NET ecommerce platform Virto Commerce. 
 site_author: Virto Commerce
 site_url: https://virtocommerce.com/docs/latest
 
@@ -42,12 +42,14 @@ repo_name: VirtoCommerce/vc-platform
 repo_url: https://github.com/VirtoCommerce/vc-platform
 
 # Copyright
-copyright: Copyright &copy; 2020. All rights reserved.
+copyright: Copyright &copy; 2021. All rights reserved.
 
 extra:
     social:
       - icon: fontawesome/brands/github-alt
         link: https://github.com/VirtoCommerce
+      - icon: fontawesome/brands/youtube
+        link: https://www.youtube.com/c/Virtocommerce/videos
       - icon: fontawesome/brands/twitter
         link: https://twitter.com/virtocommerce?lang=en
       - icon: fontawesome/brands/linkedin

From ed7b357168d31b2437b169315360468b78ef5101 Mon Sep 17 00:00:00 2001
From: OlegoO <zhukoo@gmail.com>
Date: Fri, 19 Mar 2021 08:57:31 +0200
Subject: [PATCH 26/70] Fix misspelling in Project information

---
 docs/media/dynamic-property-list.png | Bin 0 -> 53444 bytes
 mkdocs.yml                           |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 docs/media/dynamic-property-list.png

diff --git a/docs/media/dynamic-property-list.png b/docs/media/dynamic-property-list.png
new file mode 100644
index 0000000000000000000000000000000000000000..bb88c02f0361663bb1d119d006dfacca028b678c
GIT binary patch
literal 53444
zcmcG$2UL^I_bwVMiUKMsRZ#c@6{Qn;Q4~}Nh=_<Z5eY5S0HFk;qM*`Lq=w#`v>?3*
zC`d^t0Wq}DLk|!j1VVCO{QSQE@7#0mS^sm-x@*B=CG%!7duGq<XFty#-rm#GW@F`L
z1%W_pcW&Rj4+8B+1HX<(4g>ELfgbq-fA+!eYu^AB;`rx)7YA*xL#~5BB@xHyR)>Js
zM_q55z(FAP=Dpv2tu8swK%j1uJ2$UC@U~do4MCi_RZopTG2aj$lN4=nie2y-FX&8X
z)scg@kFaW;GjPRm-<o``bzS2xjY{6rhi(OGya(y=ztp&Q{KS!iN3`ypK6v!tn^z%+
z0}W1`K63b_Sy~%|K5sbEUsH`Bn|hs6TH2}m>1abPTrSixM${pUjHj8LLNkKQRl%b#
z&mY<Q88nncpE!6O__-H6$5i%N`|F&tS7=LwpuXsQ{eHj#5GZA&I1Y>2iXnnP)t8tf
zi1!O#d+%a;hW?6$fROt;MSzz@Ak5L{94`n5L7=fSPr&<DE=U411*+X^RXYgf1c9C#
zKPMdg8vGRo^t!?dv~HaMJ`Ms|>;qZ__hXKNKwrgx)-g@s;~<dtp}o$J{GWE7s@XZC
zk6<cZZP*$hRtvz#zP>1?&r_L`zQ;jd&;31sy=RJ<v&#;$aS6<2o>EjY1LZCk*SXGv
zxv|Lty4k`3rQljImnTP22(}%?)d(h1aMyF#wR+@YLHg`Qw_Q7O)@z^`?PGpVRHGoY
zo@6=KmtcwK2tgg2c-|4(f%~k>34DhLyp}mq2#u^zruy4#su-uYdFa<)d&azJVt)T_
z!^xmu*FxizQK@e#lIbd5O%L9(PImdJ<(92dGdn(0Mgpk*7smCx1wGZmv%Qymt37Da
zON1JI#x(g#0BG=rb}ZJCp()k>!8|M*(No}uB3Gk?=pE{+`pP(#oPc8%bF|&{a~{jt
zE;);B%ufSj$EtM&u`p&&lIhQcl%LfbYw#Y@XOE>Z;^(Co9Xod0>dYNTmAK>l<2j7n
z9jVsOn}}nEvp(*}$X9A>vwNzcU)e*UL*u1zG5pP0Nlcq+tTQxnJW2lx5jEU9)c;JH
z!gaMY5mV>w+|qHXLK5tw9pMl4x1DU8B{C5!Cl-_`zgDtmfAmb2JF${hm5>7A9X|E0
zL;K!Dg-fHWduR<*6@79Nd-s=Su^XF*&S~1lK}efu`_89Q5lWKi=Wa3v=e>s8Wlt(~
z!q#fyxR&{69l(f<y5>QbHJPp|UWka(*JLLWOrnzOzWgU8*zt`d-E5PoE@zRI5o&pj
zGeV%~iJ{*%+NEi;c+HDln?uy@SfUk}r>^HG9}Tse9Wxi%v5&T^4qZ&uiHX3o1WWLY
zq^g^zL|8B)J&}(77yVtgtB<qNT|YilV`%ea;aW+9aGG@gqQc!6)W@2hikg{wh>|WQ
zjT9j3xHI4pD9`XPq0cIl9E2EhM%<H1!tC2~hx=VP1d_k3z407f$QH9-on%^lXO4_(
zdW;_5VXP>Zxpo|_9={!Um-sf&6Uv>8QoKe$=`FXe`q$4~_R-5uHH2QcFA(OgekcE?
zq6PS6hMFbjIXmO44KhMyfVrdo+T+1DBSrGr1$rkF;;;CqUcNq+YEiG_j1W_f0_zP>
z{bt%5?(X{#6vbTk8}ekJsGS%bmb8W3)se=2DD+W~KF0pY=3J$B0_&HBlnJ~#^9trY
zdlCmX%bQAdbMTdC$tE?t->WtWzQmEW)8c~j+$}%w@*X!Av*&+(mLR7XPVg2NCXe32
z?=bY19mU`V+4^ri<~>bDG;x0Ot2T|*KQ@-eQD9zw)ugW+Epk)HD^>k8OWVSXbS}*f
z66q!S#r~4XhgomCt)P){MB(rKFliKH1l1$KSfZ}?Xe*nC&8(dfGw&i;tlU$g-d3tm
zhS(KABfGdF2xe<Dtms_Nz-Axy3Q3TVn~X1bLu=F?EOAVSLfgLFH<?UMuiAOtm`A*U
zI>~k!Es-WNs7T(o9n-g3R$`Ih(%{yRL&=4k=MUWw-exGXCHOrT?~yOt{Gi?|_?^V3
z?yreX(w7hC3hMnlo>;?-4}~w*HKg}t%lC50A2$?Xdv!bU9qO&5_7x|7)JiO3?$hnd
zD3a_jI3%J*<IE(Z<1Uf9!_-5av<hSmzkPtZ%RthSra2cHvcBpk_oP|U#nTAKW3+9+
zgwu*eFO-tPdQjpD8Uv`UPtaYVSSo6pbfIj9vf!~~Cl$6hl-yFNetp1&KgOOWp_hHB
z=A#s%w_y}5+<~(P(=d#{mks#~LS5I?@@0uK=AS;;dkLGvqri#8XRy=LesNd0RGb&P
zXuXAjdB(oOX2uWVh|2nA93QyECB8(|YRSJ;xA0h3xz!#V5Sk~Jd{!@ddUqkTzf{1#
z+Fg1>7aKjDz5M!O@Y2TTWi1cP<t_<bnqQhYhBhJ`Izd2W{}^D|g4dZucagWk_mdDk
zM-0I8+Y58gUQP?or)(KWMK7e}@KL^bB9<47hmW6rbFM-f@`_y!&7^b?Yj`10|GVnG
zYq?i}vr^^#YR-b<PB!BsG-BuClJ6ujH(*3?%CcfNtx+{-m@n4_E`unEg#@t3+}F=V
z6Q-y#=^KyTy(`CkKteqRP?@PjY*$71X^gzK{2@IIAt&xkT`Grd{W|5AL&`KmJCIs{
z=ay<&9eDlWXgrHt&o>{si%dByp28MopLHuyb6VTq*#6z8`Y}ZF)u0ZS4ESuTa@X$8
zQMww*?eWKLzsJaxc$>a6EeulT<r%WC3V(&KL}U-X#j2-srf3It!sd*MyfFSej%O}D
z-`{ij1T<%3-K!&%kw!k@i|o5+Kfk{4Bx0yiuQt)o9<Qx>EliYbxa0g*@}*F+m9OE(
z`pvx+kkMyi?j|(L`b(R|nzEx9%vV3<qn2+E&}inH)t5SMnnhUBpVlIcH+BNa-3qN4
z*Njl>PN5b8^pPLw2EhqC+h^nt9D3UNJ04+0Fs0PbKs+MUKh4bV87_7+{Ncku##l+3
zdNE?c%Hts|_FLX-;doGW90dH_p_Bs!#q;76f@IJtH<yQJ4tF>ygFej8CPDi7GL9cj
zNAGujpxg{o!jC~65)MOJeQGJg&NKs}QM^#5#8#bkXO^^3vbb1Ep!&fIvC74bRK!JG
zuqh$8?E6zNZ8(Piu-3Gw1%?MFE4A(U=5$3pYHUs3BfLZAFox%{;I<S_WmQdYwU|D{
zZ0Ij{{FdXPo!_CCE1MO1IfG+f{A5E`YEX|6Z&Q>hv{69m;(WnJUz@K^mg*DG6ph8o
zD0?A~N<!^q1#=Dv@)#N0s(8rqYG2pte5GYjtnMu#s3E!S8D@5I?%8l>)+nZ}wUVt>
ztO>BYdb_|wUI9{@Y|0H7YlmqghFyU5JXbx1tXS^Yptg5aD~3E%@d#|54YR$<RyM5O
zm;|X~$v5-`FH}4tAIPI?DFp`rGtv3}nx)|w-N%$iEJ5|T60UY(;AL}K9HatX@x|7#
z<(zg`mI3>?AGk_jb8>)HK@USR*Vfn1K+d)*P^K2cj4J!(qnsC%8Wt^L65W)>ZHlvC
zrw4W>)Z&GDQ|BY#4XE8#pNUqMh89Wl`u1^X&Tja>$LBaS(no&7%NRqOtfLxkv<eP|
ziZnF0k=^sGiE$f_#*w+Vzrmy(wv>mJ6M8zc;$f#<x}cRyN-EZBgKD749v&zqIbih_
z(v~uGuB(GQtbzG3afgl0evX>sc3|iO6myLX+w}3hc<v0Fo9A_T%t>}8E=yW5A!t()
zO}Dt1jaZsQm5p{dMiOMPtk$*U+vOH_U;82=h`=5_8Ob7%HR2g;x0=j+5@lY708hJ?
zJj}{76RKO_o{OjOCJ75NEvwAOk+zXU9hhp3IlIBa!1V}Ilr2S|N~O=|3LiE3ry5Kn
zhF?xMU7E_Os{dgvRdBL1@&j}-5i1~67|gYpIvCht|NIENUbtYCFjcvgG+sJwy>)Jo
zZ^jc`*m}r>i||0t0`*Fbxb`s})=8CsU@ixbei4*ll`|=*9=q;SI7fbG{RDiS|F<8#
zBOs?ZDk|e4GYho?FleN0cK&1<4@ATO(*_NPm=}=E)@&;f;7RlC+gLEiKuz0_F!mwK
z`BMPAh+}kw|7eq-<HlU1jqzL#EsNhLJ=S5ZRM?>H17ZrNC&`K2b9qpSFL5%awIY)6
zED*=(l~KksRuT`fPhq!=3`Ujb1xH6y9!N=T;ZoVV21l*2W#uH*L6`@F?&AN-?IiT_
zC}DQI(5G^=GCVenF{EqN_e(*%xQM*iX;^^i*-(*k&l!}`NvH@$hvBSL-0n<Mw&x~2
z+H04Qs#(V<x$|ijhux#AYwvA(2gr|``-t19`Jitk6Br{5YmcM_Jca2r)Y?_aljB{r
zxvH(T@5&d8>}Z#>c)1w=$;@d#gMPIg!2wB$vAwu`85*hRI%Hl5rOaz;Izb}`My7TJ
zcZn#tT#Vi+IW%m>`@)9nf^*ALFpt`((~P$QrtOkuT$Ji}=oOmZU&5?6g{fpFM7R}_
z9y3#S9dBuJdzY~u^WLAKvgH=PI=`?!F}#0!p}1sSpDDt7#%(zEj?9!BK~VxvX5_~#
zagUN#vqf&HxEQAhcV=;okN)6->POa@<{@y3cUs6Ri`0dtClQ{pY(-6~W6pKO0b253
zQ{b*L_g0&rG8$j{*4K)1mZwqaMe^b)&{e*)DsW<9<)R=542)9QB(9s+%X1|o_Ry~^
zMsZW!Z_gn*F23%yTSJ|?zk^~f3z}myIhS|)Chd>GPBm|wU-L`cK6Q((m~eE8qR^bs
zsyyyZ$N{h`D<fP0`(v2;M1;-XU1fKYxr?~FjNk}MT2a~UC<-K-?IOB{>=r+9-BR34
zv1BZtwU?~P&gco$)auoY2#e18$W+^YR=!m0Pp*y7(nlsS$Sw@SBzc{LK(@Sked96G
zQ*f2GgJWV<bovRVwr~Yvoz9Amee|<<os}*=zKroK>^Mo|iN)etu^QiXx?zm?dP`UW
zr4=96=kB1CsJ_Yb1zcFRX`~vp7Aux)nDRPjqtoN$=J{O@T!L<kYPuyPJAa1p8DeSh
zob>wblDdENg)aEydj*EJHT7#mGCo3(Zs6QdpM4|A(77QXHok&>q0)S*$Vvb7UaZ%X
zL3a+=Q!C@K9nD&IF>OrYL~6&j<CF!q=qK~~@}!FTme0p{@SC8BxVy}C<}jqC=(U^e
z0h(Y%#=V)Gx1T=wW)I^~i6T*ut9<tvbQFqWSxQ~6KrQ-)ee3!T<eJa<oDW~INPtoX
zgB1IGHDlWcJ(T?VB+;He4WD-MlG-UX-=scU_Hdy6@Q5PDJ6^RSt{FJrZt*<A13Kxj
zox8zrp1;LWh3crf<&nBl(dT+|5$+^vj$?Al30i1kmB|^HBCl*pGD_z&*TY_FNRYvT
zk=1Pu;>B{JR*b&C4pvkYpLt8>mM^X+!ksykGp<v@q<!zJytGQM*$Yc~1mqWlr7@-r
zmZaD*7!lkuqALR5`b_L`VeA^0Q(h*E!p>U8*2O0IDJJ`_A7vO{IYiY9M?s_cPcd~`
zB&)7Xu1Y=Znn__1OfNCC{J4{A{mbq!b_Uh^rbKZs1@Hd8=h73KIOsyv4Tl7ZW4<lE
zA2#~y7O{&VXMQ?MAK2)lG4mwG$M|2x&OV=b84SMdo?#}M){rK6Q|0qS>|wXj{9!};
z`s5CWy2_9Br`_mV{Rl0347DeMrR6@JPV7b~pPS=kr5A_cNEg*)$$NW07b<hAVW(fP
z07$tE8$+rWS~r+Wf^$qeVq;fCMqka8q)+AeGLt&Qj8;Y0IoFxirz?&V%<MI25)H|@
z<d7tQ8kpVQJ7?VLF_+tRFD9NmygImg32Ml#4UTc&S$(kW^#TgwIz%NQz&0uqu`R}!
z*U3{CHrzZI{gyog!MFI?8WjqoAsH?6tVtwo_5KJ<_>P6Xpf#_lSUq^}d>Z4y<j#&R
z8M~W9<P$VWI=)$tRnw_-zhVUIR`QOZ&;8ANYs%=6k1pA6hL&lTyQ%0iII?Z&zG<o)
zb7O#cIk<!7uX~1(PbA*Zhfa5&JHTQ(#64;|EQ6VH^R@*Tk7|+MuGc(UUaTs#*xJ0l
zJH*r*7~QEsy7XdU;N+Za4ZNR6?iOMufHd2>)FSDdL+DKX$v2Se!!-8@_%2B+%(k+#
zJ;r$@Jik_lyPx5)+d<CRpbIG}qxKzoT!;@#pPYJ?xlr@4JEFg(Ci(5eo>ht%9x;7-
z3EGJ}$!&;Zi?f0-%UsK6rWCZv%$3)K%F&0R=@c&kUXt};)s<M;{B5_|uJ_}Ul6)hi
z*^r=`*R8BYR$BvZ&C^W;=W)<;bRhc0yO`V1NKr<aY;1?=7v#lGAp^>Xdzj0jNBp@G
z&aWGeJgZ)rFDkI|7=f)x$+M#zAiNHBf9Xz7Lp+qo#*IriR8G!n5d>!)OA<wod;z0}
zQ1o{J!}wrvaa|RrvrYVwdMR}4&d`8C$f2ZF^I9*}M5SG}+_*8i>M#s$@$t<7eo9W!
z$6knmh^oa_2}*>WcD{V^HT>vBhW^bD&=feggi4W%AyXRvR&8g5r~J#)nuT7-aTk(n
zoIFM)$^XKZ_~#}cy;~V3)D-v&LTD$mK;?qKa&m92<;|q3WpKzNOX?ccU1}AeM(%_b
zfW|HkAAf*8(XzDO(cmG4K1?L-#?M<a<hR%QEqmh>8>FM9C#=8O`d_MXtN%qlW6jM_
zhTl$%_!6zw8(#HMLM>$1n~0$V+_F4YN%~lUk}-vGt@_K6VjACSO#H$$eO=r1{lFfJ
z<sP$ICrk#+-SuNn&zBQVWXio^a-Kln8Br+dv6h)O6MCzTx$`VAuUrZ?_-I^L%*A#t
zD<bS1pQ^w5xo|YKr$VuzW_(zCx+@NhJ3wBb>)&=T5m6<Ud^_eWE{R^!l*Qz_uz<W-
z{z3eWk*a8C&cM@4QrF*vaY{@H;EuajI)e$bx8`%FT>Zzrz#m{YMs#_S(G~DYJgoGn
zM@TSR$q?<Sl)v+iYi$B_!#vTFs2xll=(rN?-H6Rh?}Sz|*G?^~7w0fT;S*2Jjl6GN
zMHQRq>1-xP)~unIlZ&JRR@#`-@Xg8%ORN0=kAf~TI>;33q51#hjW1_*y9;j#8vWuA
zK&;2oyDkG!a+h>|x1sS7^G<8$fTz=EoE;QzuhJZ)pRpeB#a1*?+BVr@2boAmB=dVM
zbSS4W5xh%gpy%hE53_y?H;of{DT;+=WJai&({^6Ps6Ex>T5i}@7*A4L-sgGDu=vHZ
z^c-L2uY^^aqQFR>RC}dTa1Y_@DuR(u6<<?S46wQ1@8ucF7-6gMR}k>Oon$F|&pzVy
zqlrWEG2xPE9Me)YhPiZ}DY$C+ib?E+foVjQJf;<vxfJBzPu-zR`-SVTFnt(vGLP3o
zh&<3prZM%~&NS-q1oOhRhKMRd-m7X|6+_v)%#Ll!!Wz>*VsXflftp*85AT4xDm~VB
z$-YeGh4#?Y^BO8oZa36yFi+yLXen<<9oJg!o2<rS-%N8}sG}DhwjJ5=i&HalX0GXX
zbuiHu4FT^|xR^z*4EY3M;RGFhVURlFpJe)=emvGLq<Wxe=RlZG#!^VNvfmluM%4tp
z=GmYCJw|@#RX!R2n)&O;ZNXJ622AyZZRKda$kv@*av<u<xNI2CTER?Rw6#^sgec1U
z+qceHfypOY-iHlab|%TowTWD`36wM;<vulALBS~vf7N=ekll8PE4P`V=KdrU+>W0!
zR6jyfKDcFbp@}~7G;#6|m0AIi%Jm5DFywITgO*t)mx=&}rx5vZ@^;ZSbD?4DyZ4}*
zMeI6|$5sYABfc#Kh=1V#fuJ%5d#s;|Jvi<W)7*xJq)rMq9=<w!qM8%@x?Mr*hI|Cw
z_*}C{C^ljKf>GAh1j1BT9tls7nU@Vms*UQm(r_0W#8dPq-0HL2-ITic!v0xbJxcbI
zNv}3pGY9nGfPK($%%@nw)RuV1^=CD|GUjHmJTc+UV4ocSNm2}O(mgcogl4S0y;xUG
zm?B@cW}ORE5;k|>R_(1?SJ<~zHTh50>HQO?w%zc-PyUR`)Up@yuZbms2W~$?Q$B<q
z!xqbG4R6iTm-pc>%)YK};cvSxpqYKyBLJaE44y>j-FO<AL(OQpadq`2T1Pt;Vt=@K
z6BeLp6LFBaWUIXiV^r(gAz8D1LNaYBMSKm>ngkz?OcRn_2q82ZdHO?V*2@^<_@`M?
zqOXJJN4gGyj{KVo1EZ2AcW!^lZ|t)Np6=I>hP9;C;eS{S4`tUYW3vXcP!UkDqJ=Hl
zF%24NKn|TBQdnAD*KLCNChu(p#3`C;(@)G$81=|&dsZqA>W78|*ut&-HR>yVtX|}>
z(5+cu@0n0%Uiij8|0g-z9Y1Wu<$;OAx((e@dv#|D?&dOKV6`>)6f7L2e|4@Oo3(4U
zYj?F_=t}3zClo8HaPzV9X^{HZzcV=qlkPcgYuYK&tU082Am<4shff-8_hEEsYV?Lb
zN**)!S3JQZT@`5e83?;d^<FzsQy;;OhL42)8MdyeZF)sE;1CV%S2I)}A{$L+^x)hb
zFpr_dWkJ2(7hMtt3nZ=D)mRAoF=Mroi~$0MwpA+ZK}g6f?9$>u6f!5;jMWn}F2-Ix
z_&om)IXUKoX<KQ?^N@+xHN}dcMZu6-yQ)z~+H7(5jZW@n)l}FOPyF|t6>#>+4Zv4a
zTm?3enAA_4s504=0QgO%#15hFrz9$?JU#)^$@9Xmxr&2KAr`kr8`2(%x(Haa;JEfI
zWm6g*I^Xz=@@*!BS?bmYiDl=L0$bDyHXrW8o-aLWLzx*aY#y&po%T*VJn$CZm*=6-
zLxl^ZkB#b*T$Ru|xJV@qQvWqUUo)lgiT#NjfUGh`>YVjsoC(6PxyHE>s`jub0Eotz
zlCn!}sK}PcFsKk9%ryKFW;_%Df#wbS|EV1F|Et#XpPj#wLmL;#9RL(7l7vNS27?Mn
zN+9_&&JpXIM**{v0l5m$n~v@2O@@E#P5burCf45uO6-YQ`hSaAhxWv*%YTbmAfQ$4
z&~Gt|YfsF|{w-#`32seJy1}6a9+bO!^53V&oF<}%6bFxi<8FOlu;19m_Ik`)aVGo6
z-32>mUKD%hG-SQkQ}XZm9Tl;tN=#RElSz2X3pxBBZwnmY>8gL5!iVFjI(7;ifBfG8
z)IwAaODFjc9RSB>qKWCWqJ}wM0giJHU<q@^i+V*r@e5o0&ZNVjn|r;1{yfe3+E12X
zCq0a5)0}hO`F=Mz9&6<I6R%G1a5?pK*)hbtiw*Q<?>j)=Xz%0CRCYvOO2_AENBSvn
z$|WSpqcNoEnj}8Z37$ROYz4f^{lk0HNlY(2_jaGFR}O(*u=&@uN9&084yGx3%$mdB
zw{K$@^!&%(EIqGyYwS$2lj!@F;!3tF9fvL4Oa*ve0AI5F&r`0{2YbqW?%$^FR46Cs
zD^R7+@9AFI4~*o|_L1l1`~F@-j~v3cv}Mq+%HQkw;(yg`K&`F1s)`49rmf0P=uf9#
z6TZ$Mjc5P$!PqeNuh>ABWp!2AJ<+!^7wCMr)>C<R4Z)mr5VFpE(&jz@KL8Rs@b7mY
z{P&yxKYP&1{yjPL^xtYE=-=i4<DN?Guu++1xhqJfOrCPThH)YDHui0IpN3^JJ)yil
zQ9q*k8z42OEC54#u0MAKqiBa?&)d16aW0jQ7;rbFCCn>~>!$6mUZ?fOEV(7;L88j`
zfkU`OPd00%D;A*VsNbGkRzcub*i==brOzEVQLkQqQ2zQX1$jgMRj$uwYPQ)V8Me%0
zb|d&)OLf(pa^CQRv1%rECTw1dmF^w?lik^}SpW-jRv_rUXh|<~b$vRpgbE4ApQ+Yj
z2`L>s%??@tASr0;(<T`0;_ua5W~P2$a|6mdqL;NYnt+&%bU}ZH4><EKR9o7ncg{?w
z^G#6;6u*~2nI=}=0U6sIb@mF%FYTb1y1lVByo$w6lDP~wYQ*dpiyH<3J=r{DQx@$j
zVL3K*C4LxJ7jd9<IVBRxVe7cdQn=#**2CmJ^7y)VonJm)E5KVTV@s$`eZigw{A2~W
zJ%!Ymvf^TknVA(@8r_sLm!f!0(haUiTAtyS^gijN;M>T0jNYx`M+_K!XFC)Jl1o&%
z>j{C99XjOl{1J!he8yh(^A#lP$2SQ&<bGYW;;%3JsAtm3xNRFzPabqcQZ>7Jhn+n8
zyhnaT6<TJclMiFdRLB)y9(az@uYV;e6*uyN5iK1>kC9#mL&iH+X=??&f_B^Cqn6vX
zD#7BmaX?0Pe=~XB#<PVH-_nU_=w3s9*er~5dd-H~k@U|_J3U=U+6OwJegR7PwTYM=
zi$2o}b3YIG!-N;U;`IxT<upU+(1PrK=i}V94>ljJNz&r##LTEYR?QfSDZbO|hQ#Bm
zuVm2FI*<4D>4I~!+gGhVsz*=XXO17|$*Lcy-+8(C*1DmIoL0X&A@&KA@v)w>C3{@s
z!!Tkr0Q|WLc4n$~B+xReBHSYL>xRS}1YcG{$Pkq1ZT*f)mr@k7H?5O&o$%g8W(OPx
zG&BD|i&JwatYRYSwGCTTZ%syr$cB(@y(B*F%&Sx}jyZ@}JtLyfS|J`+hds5BBzoPG
z#2CMXu0^7TA>86vP?3}`_l7t5Tz-4#q<?r;-L;7`_Jz#uH&iTdNl_fhujN`Mo9IiQ
z@CsX*=u#J@lE|5m(vNc|XblVkw2BP)8R>Dud+F9XEtlnn^X;3;SGZa>Mp?oJZaol4
zGIvP`>B{fj4|>Dl907w;Fy|a|w?`^2JN`Oh3hXaOHyLc!C?{_RBUIM-hJ`#j@9Mld
zzZhgKdi%Mq40S!sn<~aymXO6ZsfFHiCTYJ>Zk+YPWnq-{OzoX2xJ60RRhcitl7_WK
z0#xRez;&<g&{eg(S`R#Rc$Cunt<H(pScKWEwC%tYSx|1Ci?Pom+H5>fqWsmh;}ms9
zVDY-FZ_0*uRYeaEd5{w;-9=S<q?c^T@kUVadb6@COmRuw^J6<##M>cQ%l*xv)<Ycu
zCmZlr@S6#plnqX@iPaUS4RVBBkwgQ|Dpm*QGG6Xqwz`CLM1eGrdpk;y8wy`^1<s&q
zX-V|klOX`Gt!^Wn?~IUk4jQM0m)miAdB89EZI)SiXkM53zBAaF6~cq>%0{bYUq2q)
zp6(2a^P%TG4-jva19H<zPfoJqC-lhGg>R1FIPdmR$pxYTEpVZrdhWEPAvk7uvc1}!
zar)e#(RCliMhXZtA^Hs_;E!TEcNKL^6%F!mdjjSZP9XFJ_t0v5iR(9MHKhn$whAp7
zbZ^G));a&;Z;!0|?6aJ+2*|+Tnjt%|4|H2hoGkD43V^?hOd(6IBk_=p?duAqtmXG_
zd7krcCD$>$<Gjv<xs7muP9&bd(B}NUm$|@Cs_q^XIkK-i>IFeJ)D>!&d_JSxt>|&e
zs<gS3AHf@q9`C_gy@`9!Jhk)$JQCDn`3Qqn`?XTOk!Vl0S|@oWa~Vr2*lRDVFPr!j
z3`uU+Srbz?YShx?p}DE#txge6M*>U7lpHOf7@js{Ed*q*?<M1uz3Ox*ouxIlt|yJ;
zf_@$VX)FS3AS_sr9!Rd&G-(e0eX1Rc#eQ>*hgfXe$#i98b!SE_OEBB-)=1j`GL2dC
zS}?xMt!-hw=_AJ++{$jyk-P31=d18KN4*oi%zUu^iTjQv?T5DETKGwc=pS#Nvavkm
z+0lwUFKf4GVet6o#?aZ`KCVD=>6NC}!D4=L*WUzxZ9U5!nft&e{6wp(0B+GzY>i%^
z_+nOi$y_>!VdfgkYZNP)jx0#{^+kRArab7mGC=J=mqY{F$iCU$uP~9IB$iCqkZR)2
z7>m1tF*Xzm2wX{3=gjnGdHugIGh`JVywy$u655iE;3`eNN}SlN8V9fNzh(T2C$c&q
zF5Jn~ibvkZqP17sa>?A0V_@Q3xhqS*TyEsiW<*~5WA`6b>pfv1mc1>n@z~<AnvV{r
zqVy_PR%}pl_1zP__>&)P4b(PjUNR5aw`5HY_G+v5e(&<~ok?Z`b)Pv3a7<nW*@0*B
zFFS6fmxDkW18M01V$W0+?dl!KuJ=s6P#N$SlL;U2ug~OUxl)j-TNH=&zSmM}#`l<6
zH71Kr3^OIv@c4tiVugRZsvO`oV+WK5VeWy;YE%WUIgw1Uc&uMbotA{Scvb{Xc4*X(
zuK2YsFix?kr`)h*Cn7PCdfSEr2-6iuq|kK1SL{xgKLXU~J^=XN(ne#|CDd*c6`5UC
zL78W%u0g~lLz$SGGy<JC9W*|JkdW^@s`rkj_@w`Bbce^ioi6RfTN$OnKtMDFT*s+{
zg#VcdpKH?=C<f3#_1SYyVBzs##9k>?8OH@Ee4$<5PILT*FWu_T7T>GR(s)A{HmHAH
z9{s7CGvevX6Cm^7&<<pA9<We7;3NAvmAlq0p_oG+2W=Z_G%OR9G}X=OE;LwH(+~K=
zHxs5NsE`Xg2S86*_E6??F2JndaO8Ere23XNc3Ct`yrQ1EZ=-%gZ+n`|2xe?jZTh_D
zSeJ&)?=V*+8a@;}#*A(}0%^d$!o2>{$M429Zipuy=ce<19<GmD6D=bhjJkS~)a7{U
z)SJ$)ovR+n9bRNk8e<=$Inx#sotN)u2mATRRKu^wW19DxsmWCclvw6BJKCUf6+3-Q
zqVDeW8FDjhf43gsnk}lF(f0|POJ(M(qYr&+p0Kmc6tC*oS<{AO!JRjVZ(||hh{>#J
z*<rV3KTES)Ltt?>0=u(XIxDy*X#b?TxaV1fx@_WE*zjE!m7xvjuyzgVITJ9~lArl0
zoPSt*vNWmuP#FuCxJ6o=MArwX`z&XA&i0DbHvL-+pb3?$d+FTy1zU5g7*Tv5&Y%Cq
z$+#{{vSf_Zgq1^+yR9e<10FV*Dz}}-@y_5kfm+zCi|F#6A&SVW#f1#vPN>i;8BHyv
zfk!?t7w4d(H9T~)wYVdf(v#)IRne`v+hZ4a(NQ+XZl4a2hfl>G?OlN+fdknEX`#}|
z{F+p{kK_`;^wuGr=#Ei6VD$%s0klL_+e)IxJTF)f9fgmywoOXZU&nAU%^5Dv6|RYX
zf>*P<iuj=TCCf9T#}fb!fGx}U2#bnha5Sty(pSAhXSTo11dLG}Ydcg{YKBZw!g(=j
z1mkbxqn*+aiFH}X<+ZRfXk<@%wa?Ni-i;rI<qDeN<|{%YV&R@T9i2u)1*0Z)B_zrr
zKj(qo4$9Bo^8S#yfVlFxGH?9D$MjCS_!0-s&%Tc7JOfbQ$?t7z-W8R7RXnz}<7@eX
z&C@j{Tjw4dItx%|Zp2>*|3J$9b=yZeJlp=)qET5%(=XeF?P=NNqi*M(#l`eWpV9ub
zt5_eLU6iun?sv$^tmZ@c&B`oaB}ECtXjt)t$rrEu&dDbO(nt&Xh;IJFPu<bfZww)_
zj-^!l%J`g1uQJr4BBm&lD|yDTqji;$S@yajM4Gv?h@@$@-e%r65$p>vYi;Tee&U;r
zPlIGWC@UQf&F^cEtgbg>$x@dMO0p>ac{}@3B%2u5{VX2i%E^)TyGspgpWO#V+C5&R
zi{Gq4ZPijC0nK?VWM?EgONAh%{zii|_7tq1t{JSBS>VO5MH0{jN6qhcMo<@Hh*2fA
znFCH`Ub`ZLwVpM|h{%fFU2N3PZ>ipI`eAET735#HP&_IRoJkFI^Y4m&7HYe+7Y*&}
zYp&|qC9VY1G6eBDL9D}vM_DRZ4@F5_pm`_f1qOfK+BXXu#KYE5A%y!bvDYV<T_fQk
z-jphurNEU$LfsF~2Amf7O+0}=mL`2BRu$dY;;vFx>&q8))%V3RXBKoe;Y-u;tEs73
z1TzIyOK$AvvL;zBrQTSWnVxl!noUy8jYZp}nzUCI{Bl9d0neoC%;@4#S7V`$DYRc~
zVixJgtqvXzYfranN~l*-8j`!FdDCp%H)=fzyN_pr;wNNb_3fD%+PIgyBoQ(hbP*E@
z$5}wg4^QJi1uGOn%GNV;oBG}?Nff1Fp=R5(4e#dZfvSc<+wPnJ`!Gq~hXH2`vYlM&
zMCLo5@iN<yyu$6lMC-)Tf&_3a<7He7>lKS9i|R9BkTTEjwZ%Kc-R_VF#U>e6VA6$<
zmbbeEZk_>I_t9m4sG<|$N_$vQPdAtSs+NJ4P;#M-LM$Zp2nrrvYr%u*_iRf$DFZ~-
zRqOAH8}zuH2CHbA<HGClQ!OTots7ROgHB}=nc3Lg<Cx1G4`aK>ONY<)DmQ@|l$7jn
zq5fjCONx&zuqua&iexOiepI*8SW&fpCTw4p1Z&Il#D9?mD<+dueHMtBnKD}}@s-e~
zUtAJ5i|mZEG_hG~C*NQPtJzHdqQ|ktv7;+!$BtbUZYNe%L=sm$lo1L~<<L<(9Bm#`
zx~R9KLyQmf4x*28ForNCTN_{Trrf_cvL!TGs6k!!8F!RZ?)#QVs^wP2jRmBtA-Q;y
zL~&DdXxQq#djOPp#}6nDVvsMRGD5N)?5TyjWy1T^hK)2m!>}`oZ}&sKJQ(}Hl)$m2
z?IvPbub6-(e(hZ1?GR;=IB_`pRn{?1EB=^Uf!a{~dHhzbSbzqm#4QQ!!?<Q;W{c^O
ztmnX)N?;9&FMuJ-V)^z%d9TZte2Y@AzqX5gUE+D?nEWPC<poy3KdcwSdd#G;{bcYD
zyfY4cdj~k6n<W(p2`;JuFJx1%10^}DK^;ZgxY?Zr=(~n|_pvS>iNcJHG?>vaGISKp
z-@$0{3l#fIJ-jp^TUqq&Lxn+6h)4bE)0LX2<!<Q*GX_zq0q3fy%jc}TjZ_jWZ0i#@
zuA6iCtB+>IEF}l)XYB|cjn1bez}^w1ifRJ<6KU0mK~}6vkN^`ITN;0b&C3<#<IIKO
z$t}=+yEf_PJTfojJ5AuX59+Vd7)WpKgyN$X%G~=O+jlSX#)@MFsHfHt**$%63Z6>m
z3e<#xf6<g1Cfmrq)!)YtqwkOuJrxr0VC$d!gq<H9602_Xm<Ea$yDf$m6D;t>S3JtZ
zyrIM_z@^eVu2e)tb5c}Yhr}n|Hn}DDg2GiFGY<12tQVRXi!>bQCIHF)Gid#eQ4^Cx
zHDSMcfcCV&c1%R+b&uoeLrn!O_vO702d$pWf__&nTdoURpU0<?fRlycv-#K<lPlQ4
z?G}{v`YjgruF}HnmZ`Bs=B)+!`=j_EgCj2Bk;&dY3gXF%%E^k`#J_4ju-k&0mn5)R
zm%0p~qv_^`i7QZ<vg6J15UU^FFS~k;v+f9I_6`X^@poF|vE8NaEv>UQryWh0K3g8`
z0W`M9RX#O~BZwgu4>q9G*S%;)+41gNkCncGjnNm`4|<ba;p?HTQ&K8!cK30|+&)*e
zK|lI&)5t7>OXXu$K5FtV%;n)*zOXHPbjj4@r+r32AFwkAc;ei#`s~JlM6-s_<K%<P
z<Qv*f)7DikDX2w(K}wMT$KA<!jF_G$W1LGs2FqCOdWYcxHjiFwKMK~h&;Y+N=!E`|
z+}4?qOo1Y$U%mZRY7on-9T@*Z(s#yjVY*~eI?P`L8>b%^QJMXnS8G7`Rg?WavcT0|
zgZjksDDf{rVT8~}&9f5;rj;c76&cx@SHZq;8xCImB;UDA+s_vaUkkVtG|w7fvt*Sr
z*Gu{56ZI%Rc{S^-u+Z4uW{!02F4IaYk2q&-9$uQO3>r3E(aVQ#ZF5wZhMYw4VYB?X
zRU@LE!c{_XbwS&b)pt#S&gQ)Zmc7LCUxcej`kEh^x!k#$cAQyW(ueF)43XvvVo2^Y
z4`G)<ALqk~shd@VK2|BdW7t}gsLYQvE3;Y$^xq1&w+a-)$ak3?Pi?;B_il^6A^)>!
z{ZWFzur5GRG0fhxJ$-<gOBgGTw!raP%c!aNShwW4_t+_mI^B#tU*^SjO-5AvX5#s8
zoQj>}{uO1eW~ii+`+8u5pi8lb(@W$<g1Ko4Ygty#{c12RaI{w3`3EP53)5Tq#2dC5
zz@8V#3-E39wO$K-gP5MjmQ_j07Z8qDsFUHusf#_LN2;cloL7adoA^>WUp=U_2+~qB
z>&$u+988suj|_Tv#wFvk<FVNQ?fQ*fS`C`u5xw-Tmc;KFMjg4!H{c?-pym29!WkS^
z>YjZ5^s;wFsk?=;R?#slvf$?e8$xVkwdD1j1$-*ha2yJzsp>5^KHFx_)xTdU-#h};
zFGZDvf<p!J3D4l|WV^LuWi;fBsEciLLH&X5xUaD75OsaaJ7{I^MC?9IA0JWcmmz~t
zd11yxYOVx6N7s6yyYgboE1`<riN?>zUBJ#W5(1}G1)ig!U_xiEEBHBXC0rIgUo&*@
zf{jRX9Atw%%NZ!_RU+mTyj?@8yqMJw6iCs(!trAl2;fh^y9cPfZX6sOA8KA#u#{HV
z`yGm^btb>qC?b?eyzLXHvmI|=fdX8iGg#desM`<kiB@x$LC<?<6Fib4m@=pIMcyI6
zs-UGqfAg|q$^g?T3Gi;f#g0Qt-(hPLGb-N-&~1Q6#ArXRu)-|ygPw2wSNndDlHmUf
zk@+{x`rl<qU%M<zDHZ`)3P9Tf9U@tMe_spv?|%G$qUl%mpTvr=><3kgJIkvAy>`dB
z`knp>o8Qa6{@D7Tw7*&B4C#Tne{4(mYr?@4u|It8|DIm(JcRHK<^iJb=>{Ose@9ht
zl|m;QZlpHLmY?f{E^%4*F8a{cSGuh}C9OWX85G8=<5FjMBP^z{o5R?pTf0Ur)hK@e
z|DB9B`<J-~NsKvzhpfQcxREFiouZ)}X7VynaOYegPPlCxP^pLRsA#ihj#~z3!Yxg&
zvgMcp%eV4}SU(2^x9SH(Lp$R+V+^JQuz~&Bvwd?e_D!Ei8H8sRrdx;Q%&V6F<K|3C
zbLZY^TIPWD9gvj&WmiaiB<?3`8Apl7y6Pn;CDyyF6J58fC|q*{9tlH2H0ywCL*sz=
zbl#Ws`P$dss%e~m97n|p9Myw-`Yal$Pl*`0pD|9K=|q$oQx*(u%_HD}lMhtWI?WH@
z?c2~UKE1=P^#aH#w=0iIhvjPX;Zu*Ujd+nX@&#PU9?Qdr)|4<kUdtSVTz`AvSQZ*G
zVplj+d@G*Q<}}69QiwS2p)AhNZ`;+UJVoSC8-yHVKD=EAOzdX3MWuJ!26wlV0#;<!
z?2jsdb^r_WU>l&}q50Z|jc#i`zh-lsh7gM%>oWNVM59=yY@@)-PLl{7vJUE1J$=3`
zLAA?X!ff;G2Bb!teSt#C5*wIe*w(A+!)GL-hfq7M0-sc;O}6Lzcz9YO(*kHU%+vwm
zBQ4Ej?u+UXiLsh;+UnVRIphv;CnngQD!MbxASS4aPEIJ$l=&7QrlXNNt~@J>dF%qw
zR!YM<9prD}0`hT5D7SJ?3!G?7E^8Ok{W!$OD=2hwU7pxh*09xX7UvbDP64ZBO9v&$
zM{Q=e>ZevmTAHq|+2S}_TWy*-t1HchCrsC7?k+r*=Ev>iu1(i!D~SfX4L+z+#2-uh
z<Nd?37{W=dNH-ZYF|p=$1RE;eJ*(knb{A4qU5wJKxuNn28x$EPioT$CfV?xh88KxE
z&W<wbm!@Y9t0>BLwS+?^lLfcLRCk&>+=Wh~A!=S*hLckz!};x5*ETly^%eu=kSYsF
zlO$P1EcAOh#~cR}A7X(u{VRe*p--o3=Q0*t3Th?Whf9v4E5<w>Eu&n{;Owmq{3tq^
zaMI09$wv_EaUAu~-WW;=_hZ~}{2663o|k|NKwMAKnGT~gtN!4VZ&=_JjG>JBvt+(N
z!oOdMv#g(~CWLzE8T~Y?H^Z5Ynl0CcHLtIMmjCPt`R}kR>1}mJ5$t|<<9WeXbcKFT
zK>P8_k*y-GU;R0H-&XtD3lVfn3FH2R<0XxgNg50sW|9CZ*=HTuEOLiO^h<-Zemg9n
z5*~5f5P&B;zq(h!7CH|y_2tnq;>`15OFyJIXX&rWPHq$*TFs4VQO72kKG)S!Crexd
ztDuyUX_gTO$=#SV-USTp6Jcr{2nwhxpUu=9EZGg+Ru+!JcoSEp<`aBXyF0|9;d!N#
zYlUja2fV*JAjY35FaFuxiO#?tduG_C>Qg)B=Lb|QpT*?z>4G0P97&}1V^5$Eydnb9
zB%UeQC!^|qMmy{ZJO_P;ft#JfH;-(x1-ElFC;OlSYE2cWdGjsd28Ta&G-A2uX;y)S
zYx&J?3ACS*LB2>`Sq#ry0y61iFXX4#{t(vacFN^Qj(;4;qnhxHbF~vL(aSiH+)k!j
z26<cB$X02)4Y4R|hKHOP>CAP4NfPYxE`I7m=(WbK8a|5<qF!CAujZK`S6kf|3CFk3
zK_}D6L?f(7a21cHs(Ni@z~Bffn*83~j8$A`+1#_GwKCCAqUbhhs?=sH5!cXA^^qa%
zorApi!gjgYwdL^NXR)hcrwIC#&C^j6!z-d0IRX&y`4a9z*IB5Z6JGR4uG4US3t7AL
zMbAK0A22loY@9B5whQQ_7)yWbp!!M792me>pA&G_$%)0`whwr;__PMF$*e95l1ecr
zW1<+E&nIUtI9F_O*Ddye>yW~Uk$&&1<P9NN6L&Q6wlnQXt^!YucLM)e8hPMu6D}1F
z76xt;aD^Mj72ehn%uV&!Sk4+OL|<SO@`+gReH4{l{Ywyh7uMpfV7?@XgXIYrjkb`0
z&B&jnf8yzZmbyZf>od>lq`np1v-#l$=k?}B0^4ggNu48Fwa|Gcf~nW;bG_xW{)q`E
z{;aj!wV4EsZ>l(Yx(4L@gug(5M`eN!Ds}w+ZDi+aSN(g{82aEoszu(>M|rhR6-CiH
zYSH6e+dD<)0d)WfX0;l@aS(y5nQ?v6dr=h0>OPn+l(!!Gt23-U{*s^khV{e?Y=U&D
zZso0!{(IGGuW&b|(ey+=p8j5q+GqL}4B|5dG8YauFLL!Gp)W>lf<n=CvH-tr_SiB*
z>aizp(yuPmwV3;DwyhbB>ruEmdbMjmeN0mSQoxxmVfd|;B7FymtlX-U|2S}WdN*55
z*^t-SmKLNe8eGC-q$4P`Ep2!nxF`6}K$m$YlQb>jgZ;SE8|&b7@@2#A-L_2&EA7UP
zqpJn*WeEHjReHSBTu1>TH@p2`(Xh%mgiW*vlS7r&dg<5aUD>yUTsp)ty>>#0YL{na
zTd`XUsO4|=ZmI(JSb<=eWjvm077+XqvI4|rw~^L`udtVo{)D&yFDU2p<YRvi>i@Zt
z;D4<H|L?)4KltZ}96A}uMWAN^w>Rhgd!S#x!vwN5lLJ^WM>V+qVQ%Hntr7U_{(g7v
z!~^?4<}t~S4**7eg}fdTMic0|vDkP`7JIXw+`px;Kgv76J9D;%_k0N4u^*1@`OT^C
z|Cb2%)Mht?OpCYsI=s3Dpsg=|rr}2COwVr3+}GeUpXA(Q|Hl?6c9dgwOnX|^Yl`##
z)>|tTr6E^S-d$+`OrVF&pV$nDID~qq2N<|a7$2?jf9!1L?Onj!f3O$8rV-QQBfyOS
zAN>7KWydgfCYbLvp|k8aVgAQkfHH<>V*QJkmLxGI>zlm1s?O3IHI65Cn;Ym_P02n(
zEm(53zyZ*kKOpz(2rQsDsU^(2^X&Ued|;<c=enJql=b8G3i<2;<xN{ME|Zd@!PNeU
zL!fVaRW|?(Jn<B~uxWGzV{+rS&U4CY9s^Y7Dzo$gNvjvzz_`CR(KgAiM~)wKg743u
z?7C)J(X(SeE9^TtQC|*~ow1Q^*ez_78)h4gi5RyYY1#+s`C}9?za(Y(?nVSLt7NGg
z)7Ct`$_sfdoxpvcCB^BFX9J{h<^#%gsW3rW&b5?l!@UdTu|c@z#@02(;ijflECIf*
zp_P^3T^3;NbK84k-1<{5S-<y(fZ{{GQ|!+z|5-^tu)2j#a=;2W?A(V(U0LxflV{Iz
zAj7?V<vlTq(*&MA@3y4ICL5PF$ymr3VsHqyMg#2M60889Ke?6QyR**hU$)ThCpSP$
z^hKcHWM1Vvym}SI-ed5Us^O;Ldr*o*VDNo_(toC(#j3nBa)@{P+ogGC_6`h+nQNDO
zY+m{SU{3TJ=p)Q~Gm+K>gf*@Pm$cQ$<fx%vwQE)SD9X7++NMe!fPV;-_NxJtkgB40
z$DX4he(I82NZ`u*`-c9@P)bN0-`oldpe4N25iE(r$H+T~A=%YpOk?@lVS2G^39`{0
z56_xfB|i{IDXU@X9(pYX-1-@y(wmv<X~vYZJ$^&#Y2*4~>3$5A*gb|!8a>R{9s~!V
zY7fuJR*Xcg?i^2q0RVpOAJC961yrSP^E-~`=%bw?z`gs^ML<sV(<mC>V{RiG(8pQ+
z+}jF1Gwju>iu&+v+kD)s(Df2#kHfu2H%*mI7)~d6Oe@uWLW_o_$5(!XQUKUs4>11a
z7pPtO$jg3;K0nOkuqV?ob2V@-o2|xq;XauSc6(g_Id&S8u4M!Vvq!q+mVsPlUJzaZ
z*Z(JsNU_-6c~m;WA1Df%9gd{knckPj+~(Wv(2QumqnZD+prUgIKsdav#K7K1dGJdI
zlmH59mG)5<9m*?08r9W{<P49QG$!pEg94>Yz&{fBp05W;Z3ve$P+(W09AdAXxA@gL
z(rM)ZM&}uS^phPZB>n~HZn#HSC~iGwwuZt5T)&U^v~mCC51;@WB<pg2?OL<vf(mF@
z_X+sIk(VjnzgMZ9Iyc*DYCmlFb^|uLc=QHPfU8V>w)TE2FhWHfBFd4y0G0W<SA+iW
zp%GrNCiB-Q%d|D0xJ7yW0awgF)@H|It9Jzru!YxT13aEWBZ(ok61yh{ioNX?dbI(J
zM(ekaV+RKVYyE!615he`UPi!Qo<L)PIPWTlrXv87sc+|}a^{6;Yb_f{hJ9BTtBJ$W
z=V%~-{ChE5Var2zw7pg&w<pV=m%GYvc^X3vA;<R^sGkP~vk9R#bHXDq>Fr+ahFxn8
zT9Mp>UVzi<{}>^#9_<mcvn*))sqSFdKBw#0ZRdrC{6)k-N~N#dKG5}l=0p(+Cu(h{
zcuT2%SWUT>^4T>)5Z&T^JX<;*SzxLF+6#Ys|J9*({xpWh*fzFbDvg=z31%7Ef9eH9
znCjXhoq^l=YPbKr!hbzyQtqJk*{|k#kot#T2QP@K@Z-qxYtIs+@_!CS-<sG%pWcGU
z6A!#sP)A@0zEe)|N(jD0`G(*DpFuF<%4elshX69`{5$)g^Or2-5*73(N7eN`)em-F
zySDCxMaVkY9`Gk#uRsBd&|C3tF7VwsS+7NJK)-9$`WPcUk)-#9TM0GeBpC-P6O<o<
z9j-6R`a+Yqhns4X^>JXY+n({tbG*;d8P2sg+2$rMT=?u3TU=(lUb2ktMmrSIZxRKz
zqXi@@RJYv@cz)wdG3=aaR27}Y2e#TRR)$Lf#b&s1XgpTK@!aRQ)%~A;?ItQbgxNWz
z0U4nEycl{mv_vQP7?ks6iumWBf_AMtwwWc*dgYJe?E|2rYMX3w^p(ge_)ad+t!=Ab
z?{zCMrWA-nv+cvWz-&0PU=zze<;4f8#=ZFY__6W=xvZk`m)Dm7mTQS}VIulTx_Icd
z%sOKHPI-Vn%g-qTTwj~e)nI5{6&i<5y36~6AZEApF~+Vv<BW$c>=?2pCc6G<f^9n-
zZig@FX!IvV_iAU(RJmJxnvs9tHM!YryKq^aBsUl^qrJMs>tE%sSQl%pAJR#jy7j<*
zv+wY%;}x{r>(RlA$g_4dXH|o{61pen`tU`^i<9&Tl%11_QbTMNNX9)&y^tjI(=6+#
zOEo~1<B2K6TfzA=L%2tW4dvr)>vxk1zr^l*Ne2!of!%^=_H%`E#a1354U#KR3?u7W
z1j)1|6=v>Q%D<V!Vzc(gZ1$$*cHxKmVaHKv#{|zjs!Pf)?@Y}tsuK${9?O;~GvaO>
zC`XA!SaX7X)+l9ZYqD~3=IMfH^=zZzz{i&-PK;x-D|%k$7WFLa>~pddUhHkGfVD{E
zq!3`cUM$y&L$eg1h<%W_l9y^WhBQ2NeSE>temUAuXo}T8Ry}I;m;asR0bi)tbUQpb
zlJwY7Yi&9!#)kK<J~z>E09&@!lx(Ah{?6sLT-RaS-C4ojQ5G~q;r{Gxfh77jwv!y2
zGMZpF-V^(8*m5L&*|1Y9-r&nCX!vzOD{}7)dgR1rG{Aov3NQE#H7cv1hB+I4O7;F1
zu|DGKiP&SxXM1E^mZMtUo;h!oCDN72(e<{nQ0~L+`b-xhT2ry<RY|Bo!)L9o^C<Q5
zmd(Vl1w^tDejsbF%4I`gQMz-+G)k`QX$z(4tGQeSN`eh;U?eHEtthd?Ix{}BMENXR
z+K9Bl$COsU@j5QO+BMPmkOhZZM_MVToOYGYH#yk%_i;_zW`50#_-tV?fW!^{h0A$H
z4tst6M}$L3U3zXa*)^$h0vY`!0$9)h2H~jERX=bm;dccc+8Hdj>pkZ<XiC2VNi2!h
zV?}+N2@S4Gbd7j2HaJkWi~YZtd+V?$w}t<EZvzui5fKnjk?tCDK<Vy~7GVa4h9PGN
z6#<bFX$FQEYUu6(1!;y3Y3T-ODSdCy9VhnloO6EXxvuw5^>SwJT5EmQH}0W1j>;E!
zD+_|nI_Utb38w~25RgoJIqteji?<>l+1ch)Ps_fkrOM~0xV^Fbc)Ce^o_o#;v)&Qj
zo0aFK5QW<9nTi5+Yah8(Hj7d(zq{>$;$H1oKe_9?&MWbDap0e_i8}boF~6LkJ_6E@
zeZP7Zg|$Ojfn}4(XW+rTlE9L#Bk$b1H|L_2xTD^tVBZN<>i(5mVo=%f={`4)8Q!?^
znKN<;=X;-yCB;lVZqkpgk}f!C&?-06CSv^=o2%5FX3Of3?xL2FF(=8`cF4#?dc*J+
z_vcIIt6KrE)k?QwS5hJ%yHf<)ij3eHYnT3nR@?%s47w+q5x?|=Rz7ZWPDphG#YzLC
zSwo1Pr{9(rpO-j^6A*#Z4%GG>R*wfnTW`RUK?;ls*zp#9RV)<qU1CCuEuA!tEmheq
z`bl)<po0T;yBQ*I^>{iJQ#_fo>NrP_iTYBKlRjfFYM6=PGX7c@gMYr?F*kA{Xp1Ld
zh;E|7ahWpE0;D*-o5NApSwk00Y&1JRWV!f>)-&<DL{xBix88_yTlo{bCbRiw-&4TF
zHd%(oFsjc#vEO(rw4P4XGBPn_m3-C~pBOiLVWvWSi?N4lG9I60CX!xBP}B`OM%VD~
z5*l#6Trs|W&WZC_LKFn*Dl2Vy#J7N`KQ9PR@{h$IR)fz2d%>?`P%w~=D9C)-N~t4>
zbW^*lX~*LAun0xGS!k3NU-PPia|N%w$9ZdA?oI?>53KIVfz>vQ+YqCeKxSXuZ`Hb9
z_qk@5N_nQ+45OT825A536PCD8yk@bZ!$P(lDCvMpxnpQqts9CF+H9HKX$%miFi0`!
zrepG;iJmiQ=<M3&6*e<S!5aH<%C^Ss<oN-M4oP)jQt1?J5&~SNFHqJXuWRq1y-vPD
zzyvsW3%GyoL7#$zp5%yjV{^6^CAZ1NuFudo0e<{PfDNc&HO-dUU8MQC@)tMc(k+Cu
z4P$?6iv%!vep5k~QC>~p&K~LmV94M~v?9=%#9#<8#4pbPUp3I5^hO(4p+ArQxx66x
z`Aw&bmeX?u*lGUV{}KbJPrx$yC`6Cq?L~JboX1Pxexi5$c=m+HUZ3o0{zoqLFJ}OQ
z=+})-Y~?{dVA-<%i*0XULi?ZH?*C0j^|7@9j_LiCg;nB{XZ*t|^aAi_8v?}Pxf3t*
zXB5RrMU_qI&mVQNVkbTQmmlZ5`rglz0W7^{&I4EF#L5qx`+Mvce|o5aJHzcUa5_)C
z)xh63UpYCKfNNh2_$b5cC*KKRGVmRnFaNWz=;?-Xcd02igrSqGDd+L5z;d3g=OEj3
zi91ch{Y@?$Ld=NOyKOB%%2D=6iLzBW)v#=)`^FaXVM9@#dekmUN;k1~k3STC_MGI~
zfT5$nYm^7!g+CS*51)bdIu_T5GcLr6q{P{P8Jy$<3~WRmxxr+4QZhQOI%(^X7e7)b
zBvGc8a@kpZJXS^D``ow)24976-+C55Uh$SLb&qtmHy)9a+RN<|;aJdc)hbLZh#Dm%
z;<f(5$MM0;D83MF=URKdf3DQEzXCWChe+pH<<xDST<x*N-ECQ5dVWbZykP+@i)nOR
ze+;f9N=Y`!nHxyV)tpl;l+o5ByqAS*Pm^0t;o74POP4ER;B_MK=nF63a4{T=T$0>8
zV9CA4N|RxE`Q&oEdp$Jc2j)X`_@>z(UMaj0T{~Y{L0dV+i+YhI&A^VMr%eq?nI$<i
zpXlIfrHH2^UvSh_BSuzx4qyu}O&vV!#T04vuC*Q)mzWDeE}D#cxw|Q(;SDD7X()lq
zJYHfIWA7>hhfFa#u^!Aj3#iBJQSJ(d%*+|)!`F3!!&-&XT@1<i*@`Y)2|?*a#KO#M
zsL2LM+M&qH(BAK-w*_#<&$5<i@MomgpVLpW?p4dswqT<)zozntN7b#)iUE^E{yOUN
zL~<w$%#gM1LDn&HOKQ4X!3hFqgg<)o3A(F0F!px-DWzVd61Wo5b8wKDbdiTTakTH@
z5~|1`rLJo~b5^Spy^@r9c~_-HN+ShM*hJIQgIPD=DOlh)$QY5Rh$(AxUB|N}6Ke<Y
zPmLvznDamK2_sM!z2T*%ONVF9A{H<qBgouq-Y<3>xGqN$wEy9@sv*>tb-i;w;q!uj
z-&R;8jGfpZ(?wu4!T{>-s}vE)p<tZT{m3W}8M0Y;p_!U+bSp+(Ls7f^D}ODx3ZIxN
zsjU9ph6cN07Xx{Dr~gaQrG;)*Zz{4_30R)i@RVhCG~F}>Plg}fYH4<AU>bq5p`5+?
zRJ}jMcb+Y^Iuw_UnBx&us-NbeeUY`J5o@{qyeb0AHtnZYIPKS?gP<=e>xNs}_-o~D
zJB+yd_8RAP?wOMIyzqSr?oQp@YVMNGK9phXDi5N2vn*)dbx)6se~Vw(<!t}R(j<L&
zdVhCaOv~<c{XlQm<^T!s8wSNzg^c^Pn7Eej4o-%c?%#P6e(hL4j!u(^Otb8Pfn`hx
z|GH5I92k3_E6aYgDhwt`3m|y<z}k|Bsw=XEQ&Ae|m;g(6&f=7oGuhSQCd8|8y?%)C
zck&6ZJMqc(pQRFzVQ7|5OvtF)gv5ld7S}u;P7BB{OYf$M(8x8=8{oGU6-id}1R3#A
z%hk(rr1oIpFyyYY`bN8-X=gf@u9SD`)F(xsA&=R;zQCAb=XsG~O)hyVQP-I6s$1*d
zdIHn;lJ)#pli#!+LtVM>qn@&_$f03vQ^DOui?-+2dt)LIFbhQLNGD(BOtEl6Xu{K@
zxP+%MpZe7xy9XKq2y%+$hJr)v?kHhf+yq^qG9F7HXm}t@SlpAoIbtwlOU}yhL{XaD
zwrjRgm+3Ynfh#%M0&khB@V=)GdkyaBQ>vht_6@G3Zm+eTc%P%KA*S<w=4iX)PNis6
zYqrDkxKvS#sHaWQ)UdYdqnNta8Rc=qD6=?JP;G9TQ?j9^rxdAVYH*GrY<A$*+Z_SP
z6%0bYLWF)|eRudVhv@W`iCc|aK6BaxLF_0Ow(0(?q7p8S&FDV9u*>C96YVBm%hFNC
zkzr~@<`r55OJAFJc#5l?N*aL9Agt$IDS5xuN<-^pd7=3h2XyV$O<sdp@B^b|SKxwf
z{kWigRu1(-D#D4H-gef?X!qw?NjY{<_^#5SO4)egd70?kB;1Tp0+Umw^t^w+(|`aC
zQ5Jc9&;jyQCjIV!KBi2$0UPKeH&R3*Wyqqw%pp*))(QCl_WUreUH>#Km_40f3%>dG
zK_*{sdMnqbEa=P!{)7zyhzzF(#8;OP*Y<^tuRX5xwRj+2vG3khldvJDnQE;#qqU?F
z%jLyOls#H>iP_G6M@dPon4Lbs)>}@-syni7;C?qq1;6j;zVwyvpFS}MGEs0N%fU*x
z-24YI_<;kb@cVV!=vMLlW2|<9<iN&bvW-{VTE5S+v=J59gX}sTeV4CIeeYtsmNA>$
z1uNxuX)lgn@P$>2hfkAcapyQ@3KJ|R4PmSXz?ym6cDSoF{pw|#1O2y)1WNn9ZltuT
z83dRw=Eo@BclwSMq*~R@a{q|<E*8&zGIh!&L)CdxMuoa(2CfG*RRgYw*n7Cg>Nt!Q
zOT;$8p|4wqOpw@frB7F%->));gOZbA0agyltDWM<ch_FkM-26CeYR3?!XA~!cjhF`
z!|k6)6frtt(_W<!R_R@XWo|7(x%*6CDeuj}`DRS-L4sYI(aU1imO(k!>?#;cuqhOT
zAhq2u&4c&f4QZ?s30=aIw!Llwx2xzaMPzo`EZS9xAUs{URH)%Ik7D<1yi+a>PQRTS
zh4!p8GWUHP>b-+SS4NcOmPRXjOt|(;R*S~%85LWuwo4Zuk}kQQt_Ogc85Y>J%Gs`9
zIC94Hx`&!L5LK=3lcJWgeSowLyN|ybV7mblv0pc`t1`b!-!pg6*7p(o`tnf3o#A`|
z3Uveh-~ctGT7rM7MqWa|C1{r#OZ`IThS$SdwQEFGJ622kytf3#^ywJKxL^jy^MyzI
zB)`nN0q&+P12y!A_6-8RLK-7K8R(Y20BTKWaXlhx1v0RpW-iw4+f5NWou{2cIAVIR
zrl-Fs<Gn%tQXS!WhBbLbElfgSpk;g_yy*=jesKD=Dah^Pi)FEQJ8K#Dk53*O9??p`
zsVOBd4XACax<XqwR=@cO8l5b3!hzDIMmrc$tnjgp+yGrd{;(+sa}`tcDc`Oh!<U$8
zd~KwS9C`;l&`3Xi9E6TE9T9Rl%8lXtmA=^c3Z)c%=7`~=^Rx+Xj(CRX3>kU(cw-V)
z)O?R$xb0pN8hy&FKCj@FIQys$svfaHJY)j9uKZb$L{PS!E0PniC3(gt?X*M5lVa|m
zK5({a;P#mMAIPcKOp`K^>`gJP#>TjT+D(sk<aT_SFc~Qd;p$52bZvCp0fhtwi#(f2
zP2G{kj*!g#lOxmzbM&F1+`59vF?jRA;g}HfJ@&r+(|Nks54c<2ZFuW>rN1R98Vbje
zH=gr7kitl}3Os&I&u_&|5&ORXY&a@X0^CdAJz^XwQfav5yDV{ygerIAQq5VIt^3rN
zXqWq|+e49Ny7Jsy2VK)`!B^C84(D&2`Fe0JskN|z>lmZpowEs_Ul6lABPnI!%K?c?
z2+$DmV1Te@mA224(&|W&%~{(S9AuQN#lPL0Jd)r>=@o`y2OpuUw;1C|LIo6m*>l`-
z>kBz=MyWD81@vSLo}pPC$UH+dPe%Oe4LY<aOjCzZoy%Cqt}v+j8XL4%CeMQrBc`hC
zx_LEW8G*k{&g-a~Z@3|P|IU!M(z6zJxX}T_IHEyqM~78h)9@?LSVveD`71KgSyldn
zJRVFPe{F9#BR5w0V^Ndw45#VKw<RAV?7eoYJ#OYq`Ex_|3#l@uX$E_{%C`||JqJ$=
zD;Tnl$^FEaq=1`<m9hgdpu6Rwnl=U#n`Fz(oZfMwF|wR@@^}7yusDoX#N7XUp)5!H
zF@qMc<247i#G)Puz#eS&NV6Eyr8eu+H4irxWE}3B%TrhIifEbK!3<q35^XE}s60`{
zAmo)*@h}Kk57j$pF1U3=zEe5jSDoVgsTAX`4766tUUHSuFl2|IjVrr3okhoYP5x^9
zxJaii0bP|jGfBnvz04yfgFM6gA&W7B{-u|SZaq8Gj<(^2wd-7X(j6r-{4mJ3V7r@u
zDVB_d+3*S+xn}3a!X8rebZ6NZ3DP-m;NNub)z)ph#=GX~qxMRGG55-VG>{bVs;;O#
zOa{8(n8gtubF^M*-9mGmqgTK*ygpP$kfV%?ybxcVzNl@7#v2}sG^*out{Wb8ZEO*@
zg{?(JtiUBrv)N`$IdSxqn%{unxK@heD}8NMqSo{=8p3(7&m2+A#lc}RZ5H6>t@v^C
zMxE}vCrbSPierB4-2X4A^mnxO!qx^rs*9CF|7E87-+s&6sv+TvfO4q~D3_<`1}I(y
zCQXZ<KUe^BTIG-J?0>?EazMi7kvy108S!S*IgYRFkxF%?%yQ8?Y-hCE24iJMgknmH
zjZX2b{`=800!|E~5s0yO($ekgp|?6~u7|%q1w{X7JPv+P1zLKMM#Pw|M<f@orWA!D
zQZdxMNywPVEk4#CNx<5rA>PpI*KOc|RM}f=;d%PWYFHmRbk*lcx(i#1?BcQHzGFHS
zY;jw`nAX6G^Xy29%5>9QaOVW_>HYYN0xm__^moT?AD2|H8am|;T`i7FHP}~Y1P3i^
zx>SOJXE~$#sjqXjZl`q`=NM8YWbG_=;Yn5nZ-!-rTR2Nk#Oq(J*o&||t+Od_cUZhg
z;}tW|PBj{abP<z&8~B?i$V+>pXh;nw144B8!KZggO)=bFolbChM_@betagZsAwpSB
zjzYGLdAGYJ9um$csL0c`Se!z)>w2864k7-yBbz2|mXkIXaR{^Qc5J=gSpEI$X0!sT
zst%>d2ft<h?Uh3nZOfP3r=TJ8Na%zd_yF3~MoZoMt@ScfEJz}9I%Tti^M2(EWd4`(
z3QcT`^W1Kzu^|^KWHtiG3bPOCJ`AjsF?zO>4J`WHelGkzS`p}4VC__t{VtV@jijZj
z<n`$bcHK>UZl1jPYDh)On~;ewoSmdblBO4-qP2L)6<5Z1Tf4{@mR4C<5iW2~(uy0&
zx@^-7&ktsmPp1MVYY&eum2<H~DmE53ckn}OYQ_uh{SH}X%DXC>=aCtvG)z4ezSB2g
zi`{!{u}>W1*!rxKN83jr)q7CVZvQN)yBlkrmwE0c*2#Kf6JColvWCq?^!vvZTs_;5
zoN?C`w7i)5rt#=$00VnbS>)dQma^Tp#L~WOTXB>>TYpvDZYvwNh<Li3)Sa~a0S=$R
z<#9~)%CDQ!XZK`gZ)x_DaEo-<cG_^8!@7I>YDZ+4g!G}y4Qjr@c!LldvhC)shjPf0
zp4&zy4LoEMiI2fnP<3|FGOEF4r)37SUr?EzJi;!Fvq3A6e(v;r``B~oLs#{4(tGqV
z7e;dwoXAAO-%*N&ck~Fw;DXS4aQR|HYShRacic6kM-6?|+iN`Mmi^fx5~O`ao{dS%
zy=b)NQPm%O>`gG#`aY&<vVtOGT#HCFNjN9?c85YKHFYW4H?l0(j$k!FGp0}}<8aHp
zpDC7ZdR@tbz*Nn!0ag*ed?CH1d|py813gYQ9H8cVt2b&M)B-mnwMi5!3U-M9{-y7H
zCQEyy+idZiHD3pW!Cio&6K&ecK1S|Pn@O$k=84y*N2|=IOV$U_FsEz|1D+LPm>y>1
zQJF$8Ob{sQToXXBtvl&zd&I<2pv>pvMEbTO^$#T6ZEj0Fr|?))L=-;FS~1Y&QQ-NE
z71$09oM*|Q9zq=iGLR%V^7iuaY8KZnrSPC~N|;TF+UmJ0%xw8cI^AV<-I*{AK@5ES
zQg^E)y$7^CmGRNCmM&`;1KOgQ4euy2oczWbJKhz+Ug`AdL1xCNtuK9V`)ZU#hB2su
zW$g|a^-b%GNIdKYVGai`u4i?gLh~6<nw00u4Y=n^$TMyE2-S{&th?Z#pq;|K->{B+
zCRUx$v3lE$+&oozwydgof=5>+KQ@?WJh3gPM1!SO1R}xNA3G=)Q<dtYPC2)5**Ydx
z;dnkfZ7O?Q>twajK7U=)23m<2OOS_XRh%b$-g_hgLLE)dgP3zYNX~~dD!h5qhQ+xx
zRt$YzuGFVr(wsGORMlAev=pIbqxh>%g8E01%(C!h_~x-q9_6_$?wT)(#w_aQo{+Au
zg#y!DhB!ez=Cd>*vL4*n=g57$@NSu>BN<eHkvAaH5|S7kqOUC8rl-wc1dA>+)m7`2
z%Sj(lP5VS|qEx~0)+~d|t6bA?$<5wRhp%rR{lvh`Lu)WsEn0?cZ>HvWrPIe|it0L~
z{f$P)($I9a%ciHbO|pCmEsxkoKIa{K3yU5vuE+7TKLI9;V*JI_iyZPaOXQ|04e<)r
z4(O?H8TPB(AyC}0`SJq?{V47`bu{CM8tpLOsFIfaalC^ItLpYlCP_WJRz9JmZGD0Y
zO4)~Sodujw>tCW^4AQ-ZOFYMS9OA0I)0eUQnW_6d=wf}wu;zTp)R6<xm|>0|%P5B+
zs;Y39vWGuolS4s@i#1b(F)v*(kA<}9t<ZP#NooqDk1C}8DN$L|;>pel2KBE(;4Ktq
zx`roRBxMxl+=s*W96?s?HBaJUsp_+wPlyQBGnddngEL@!4_(6Qxh*?Hf|<KC<Rzz?
zd=4hN-8K6-xBM=(c?NRcOhyFFmS``6_9*l+5o|$@ixAu6jGH^cx&m2;n#aEsp}C<V
zW1DB3fDs(n3-$+6)bHn#EW6`gfj%bt16FY*;uJpf%rftw)OX`=M>#sN6jbSFk{5dj
z|B@1)u7?)M&o-^P+XR^?K-Cx26fY@KIG5c`)|l_bLo-?~CamG-ZJJviwcg!$3m)_t
z9w67F{Oq9Gs3yxNY?ZPy8Jg$a`*2~lc}{Xxo}R~ug@$U6L);pxohee4TEBX*us_-I
z$fG^<ENr}r@Ex5#P&Z{RSJ`rnH*A+jDl^??Hb*|S-;E_ipJkXhJL*7!*Qe6(!}dge
zgh|H!l^o;&_)bn7W-N~b#rK1uB=B_dvEDWU#nYoy0%Q^ieO=?wUXGG(ziw3X_=u?t
zcl{Kq=!Ugzkz2-RXJZ822{sm*HHkUX`hwzsfXNNr@Zqon1(sCAvAzO_cjPlNDea(T
zn*9g|*H1ZS0250n@kPnXl_}_If3INi@;v|EZ9E^^>mIeO0gDXe;}56Y7vxubiAKX`
ztt!`3YPAguqjWIxNtYxkq-@QDYYj_4R$+@(w)UwsgdfI54E}X$)X?3zB&OL^Q_$bC
zoUHU^nJi3h+0-+BP=0J(IoFVNE7MTier;ZBZyU*>D<EBEBtGpesP`LJF2!fJ^d_X5
zT5n#;QiQ4#+WL@5nH3m^;$XUGGs)-jaoNT|2Qv+Mzi?wkZFg3r6>>f}7ZgKmCq~iH
zW$c(-xq4nhWfR-190qjbsKM34_FLHcpNn#IiWvI^MRPfIY+um5_RtEXNhTT!jwIMP
zm#dx>_Hl|@D&$B|d^rZcX&}T`gl+xFm0OwnL-$X(@|c&1rqeeju+|Vet^&CgQHLX4
z-~ks}aTPIGUPmd>P$TYI0~a7IHUt=!>if@%7u?}FM&!p0$`hu#tfQ=uo<KzbCIVi3
zNCMrO0}KGaB=k^0)p7ETL=MOCVp{D`_1)Y%#CMh`f~Xkh&)r9V&c|EjpV0;u54tyZ
z6cQwC{d5i%5O|7QVgZfvq8pm9D<_Z{_!p3Aw|N4Y_j&I>3y0-vdam6yFjt&umcd_7
z3*3T-wx$!MW<&ZTD~^&MwlUOK6XwcOmki*D)kNYF%%O03XRaOc<}eqL)S?Gm=`o+t
zHX<Ph1)sCeX6nZg^M2EPnlh%V`FT><<fTeCw?kwx6Eh^3j^&Ednb5%xJePL2?GUT-
zWF&78bzx>-^#?7rx-yb_U+%p5e(6JVjYFZLXUt)b^u_>lWM-!YS>|S4`l2&>wEtdv
zIYUTYw^u3|N#lNenskh;#{)F@8coQ3;#b+Jeu0NY^Q&Rz5e(}de*>Af10GwBZpby`
zvW?gy?G^DQx_Il!_Ox#`Ia_Wwv2mDK#UiuqZ=-6Nnfr~EA&DKQ8c?c7ds_GVE$`6*
z?}xXthOEF_=#oCg&^VqOZi_Ux*$353*@#V7r=RqJmwKdQ8S~pQ82bPVQ2k10A?rr(
z9$Rb2gaw-{aV2|O>2|0I<AX?ag2>rIbK?ft`b1T5j?B8GOKox65@96dNvN_;;nlII
zJAyb5bV;DPbGH_g!{TF&ea%WkoETLvx6@5);viR<&WNGj9J(NZ<zJWq*A6OWk~30d
z_>m;HH>APR*rt<`Eo3&;_I9=>*s7CG-srXr+V()sQs6E~jIr+Z?ZNZQH0wra(ecp<
z57j-_rHK1Dk*%8|y$h6Ech-E+p|N5id0d_vuVPv1S(fAx0@JT+wnG_gjSKfhCTE|^
zT|u9&uZE``28uo*&Y~7wRqe3J6(p83%ODE^LHV7JS@#{ao)lqIg|^*p*2H0A6h%ra
zzsTwk95)cr9@o4Ql>YJXa-DdAtRr~$Ws&DE9PFP~V4Z+g7rvK75OyucPtWDn!T#^E
zSr`6h?XwSAEGgsQpi)@aabiOHUkPN1*Nfb?8BlofIxFa@k>H0)`d^pY{x>W<RrCH8
zL{-Tc5(Yl(IrZ~X68{fG#LJv0>EOGVvlp)QL~{b?_r#9+-;x~{&5Ov)vFTH?%BthR
zTXVMog_#uQp~baBrp_cHIapEXAKu3rP#Sk7TJK)^wb^vFJiX0@*ZbgiQ$u_jp?Q>O
zqPJ{6*U9kpxNo^Zh{Q$l*2MvDwe;}b*}1dfQIQhjZ<g9sTuM?OU*YLj+1NIA)SjT~
z!y&l{?|@LCK|_%E{ei{!D=;;Lm#WAZR$5mOto}rnRImL#h_O#NzhZi8kLrmGy;uiO
z?sCa*Pfx|#CO|tLfJas{nD#dfIpt|Yf4q%yf&?=Ydvp?I-T)j0Q`n>G!yG<h5*)Cw
zAzadhP|*fBmW=&Unm2S6pr{9{BGt%GJi6MLwR#39cjJ6LUhSC_#i_XdHC&<{D!=n!
zXhD&wXitvE#_KVtXKPQNuS`O_nrP>JKTUYlc-Xrhsh-U@9>un1WV1m^#DtE5tXO}r
zq3E*4&^ddLcZ=ORSumGb&tYAjc&=CX7es4>>3ZjKzd(EOchAR)CXL$28Z=rJcC+AX
zA`sj7#3*@@wBra84Ib;)EKRbr@x6y>?Q~H?-abwE965Y3cUj2Qt(U-0r%sZb5?Nuq
zx<4`{5<bfd%Xg-3bXl#Y1KPAtyZ|St4P4FCy2oHj!WNQY5UUR&b*|^d+%M-png}XK
z6GC`CB|3=jt4-?haOGTpMAWd?yP=-h^HM}YGnrBHF=y32f{F$U*L;O9EPpC=T<T^G
z8yLJmcz*BQOd6f)MBM5F65kGO)-uGdDUqgTzMmZE;e&WfeyY$&Dv$MKf61mru`#+<
ze6>L%($@J#e7VKP8|&X#)^-?g1=;?Ms2F6o9=Ziv%)TGaL|*L8nq1vJt~;L4Df*$C
z7&}kT+G|Kxsj==b%v{y}^=dp5nQ?TTZv8F8e@#?`EPNW>S%`cba#b<8Sew~;gI7x-
zY=e-zuO158aj;*u#~GFdI}qe!m!#|AQEKDOhFV}a`7e-;z7VS4$#ow8e?_irPNK`R
zB<2G5)))2Q6>DTW!frDUhE@0t(?U8E%8rW*^4hjuEVsSXv{j8{VXpc1q1y2yIQpHY
z#H{2{X))FjTiJ1^lQx6qZ!||=k5kQY?SIuA>n_@1I&refx2+;@v;n^U1j4+2BJVch
zQg>*O>IpYer^0ff2We?<cD3Wfp+zOm=Tig9sn9K8WEIwRPQ0*5l8n`+yxgAa-&P$7
zDWe)FF=o9Jm&en&S$BH+w&ltaY&HD5IVkooHFoY_iu5;N)szxo&vn@50SyG0?5VF-
zP(%vUD&9%>@8YSGEoNwjTC_~Zel?3BQNfr=LtkkX&)tD<G#Z>0RLx@&#RMd)HEHD)
zJ6K+BK8Sm;tBOn2PY7FgL9X75PT26Vy=)RAw#Do%6^s{(+F0rz(j~j&rm%#PJwMuJ
zJ6BM<gK6Vvlf~*3>ocEqa-Ttv>yB6ID(7GnLI*sj0~TL3n`LN#*QHG^2O)t@5Pf73
z`V~@ye;s>4l3!F=aE{7R*sRhYDL2!wT5--P`!_1GalP=yugW4iceN#q$hQB=^<2&v
zT(3x94xjn2H`6T5+4nor<>HsR-JUtc1Mn#h{|!EQ5&AFx33}Rv80GKvn~$nBMX7u5
z3%JSL=tnK8L&#QWxi+81b$*TGN{I&WlQnFXtGdlMp!aqGUs{DfxdhFyspHlwedZ4K
zy{^@Mgue#WcA@rM?oTDMp5sAFamGPPHF~MKQ2(y@+7ZTwVh30EJfE}3Z)Cb}`7-mn
zA*&oCX|e|j>uy5f6A6eN9aBo`@EgkfCJ=^FU~34K*~t{w;N<6}z>2+u6JZi1ZVPTx
zefinrX>_BIgn(y(V6R+yt4TgpEVvaqroJObG}y+W26ke$O;?JVZ#EPMg?rQE)855T
zHK8Hx?Uw1s9L2eL9P^WCq7T%vQf_;4BpU(n%;MsCa7MZ!xVF#9Khh<`<2T7S(>L5N
zx54&%moLA*$rQ)q195|$;KBlp9*Px;IRU5oX^lS=%7;lXZVC(s9sTe(;l9pECH_&1
zg<|1P$e9(jeS4vVt#}=+Kl7)Q_6dKQi&Kb<p*qLjhP?<En7WV5y;73HTPpZ|HaRf$
zoz3M>GDG#J8eZ?6+htLt#Ifv=H$srnNu_<vnh9e)lg=L7M_)`6Mdq4c@T`v!$P(u^
z-N&QwD(49qP%A3+5M`4T#FEyy&1Ihc-X>ajj`o!U5tjC9o{^*-$y(cIZXyeVfb73p
zb0K~{fOcKw@N{kVE@Q}47T(3`=NvaeL+`y1Mh?U$$kRXv90=keB<d;*`ouk;Z1N5A
z`^ynY8i7#Ipivs#+GCC8+>c$pY=uL@V*e;xw)P3XGh+1fiyv&oB?ZOVu!V)&#1!X#
zgX?@dy8L{r+8CcUG~$%WBi~4Iw>8+E5|F3=1^!$UFZ!49v)d7Ckpv2-)HT{ZOvB)z
z)q9Cs?i+KIatcY%qLZRh(XJElD&uuKC<?bCCrAaw;2G){SU@bJzbq1FSVY(F7W$G&
zg;Y$wfqP-JS%-EzC=IN+{O*WTRQ?rULOxMPn<eDe6PBF-W|luCQ1ztQsB9XN`dIkI
zvc>|^EwUic?GAWz`D%_CsP{DoAZ=n1>zbL8;d7c>MdD0r4Vnj*R8nX{ZZa>N8ZN1o
zfr*iOKD<}Bt+1s%Is37dV37NQeKF*YL5zinhy$2Vo9HU`@NJu}tby&c$kiNn1n$bA
z`)jVi+@7BClLHRjyjD_sI*P0sgZisXkKPVUFq$@4fgnV$IA0{ybT5QDC|#erbZw+v
ziq&rCm)SI09r@gHRu4zq9N|#?R9tgXT|KY<2bX)RL8{e<SrFrwZQMDjWMm!-8;~YR
zV)EgxjWdJ)sACq2|E-S6O{bP$!_dOj%3<pbq#tse)?bAa&C|yYjlPRlz!7ZD#49gm
zzgFOLVOd+8+sdH6(jl1G+92?FA@97@aE|7Ast#_tizHy0iA#>;uP?Q|46~kb0`lup
z{~R$%$*2Jtv-Dq*F|C;Xxr}*p7MI6jH1J~(Cyz4h{In2qV}7bdrLjjkSr|&#-^yH=
zbY;&yUwPq@64mkoQbn1fZD0STpw<rx0)E`tP9m5d(L0rFXwgnPazKqwa&z{m83_LL
zJ?m+lIkzV{hGFxV8L*29sxF#*<Kh)*?VnKNqU!uj3r-f*<)KrW8gf_uM#1*cHrZRr
zE6hsd1VKwMNnrc;Fx5cIHlL;bjXV4j*&eO0l5K(+>-{i;;)pl;i0hi35xLrVZ=1Fi
z;w462={UqH_Wuo3GOEZ=+`{)=m1xr$MhodvwaNFhJUK=H_T$JJmbbza+YtkW;z2@&
zNw<t80+wIygzm9-@<lEdECreTj+KR)e~*>?_%yD7gLj4<{K@Pd4_o!3t!k8Ahf;f9
zrmr^n<)rVHk1pwaj;qP2Ql-i?ECsrwddw{rG4$}Z#cUlu!2_zk-p0!wY>z1!Pl*B<
z19&JCC1!b$U7hktr<J^4&Yy%w+$1?rqPD;LFE`&j1$mACr79?fr#mUmyYkPN39zU#
z_;&yL<6{A{=dIzQO8}~||3o!_HFebCw}63y8mMYGHFqxjzZ*Kg&Jh5v)9UBrA}5DH
z{B_P3Fr6l%SWgZb=!5<*m`la*&>#+!<_Rh~{XA@jk5&VHcT<^wFR2thP2l_!$?{+N
z_V8d3>O~}i3B7%5c9q}O=0&2bQ|N#ht$G4y>Xf=;JTpp0cC666t>Ssbd50wxPo|wp
z+K}Mr2^vPUhd9YZiKXp%a?zxH486MjDk1#J4CIG#h7*OH-*&O?JF7^orc_21E|?m}
z#z&o4UHp(-O~cH$GK-Z^HxcXmCY=aVb+DVbHWmhZpFdPwv0F%Xxj<=MUnZ>QFko|0
z3Eb1O7*i)#`RN%!sch2R3p`~)?cRGa!5a>1P#tCd>WP;YaJ}j!eE^gM<f}H*)ez)^
zS!<5SgNM4RZXd3$x|X0v6ih1j5~;>6sC5@;!7Wt=nYI{oQnFSF@;&g-#K~VsV0)8e
z^=aLe<WAJ%`hYXRf;(shB~~HC7Nd7_Fg5mOENI2XjS#Vo3-Fz{NhDVEKhBqJ?>hXk
zH}V57_ut2BK-WvGM!&tZN||4;u(9#ab)_!-PpqlpU4S+945626(IPbX3_d}{rYwcc
z<cAu{q#!|n)8FJ=&C5<qhKZXBC^4<ajk`fW741|k!ZtRV7HRPn9;VTx?a;*ii>x>I
zjFpX>CvNX0vE<2mmmGeXi^cB_IBm4clR~@zZ%XF%y}l;MK9AZF!=lIc2ZBAL&h?jy
zV5j>yfZz6Nai7{`B0AW2=CU;^QVgdCUwrQRmEhwv_usJR=KXlhgPN=J)^C7!Y(9y_
z=322quF2dOX*X=E{H*e+0J7MJ(WA@BBNF+17Jq?(kJtZT&WaSv;aFo)(O*Q5%*cER
z*4X@&{fA^aY53+p1kc!i6Fl$Wcwmd+f9+=dkH8bu-WrFc1}hbjmFp^}R!DWC^kSB{
zJQ-+(JQ?CsUAT}G;Ig?$^Bp<%GQ1f-<?eyIvh#gP^NRz-227$MS3N#fhJ>F98Zl2U
z&-ErCER1-;9WpwiWt-)fpn}$tzG6l<5<;YRqK-vXChTlpF24JAZ#$<#e=iV$7IwH{
z&2X2!w`sm}#B+F5$YEGhM}bw}ddvhd)Ie_2M@YlUs3WOi7`_^N+oD3IYST||HXks!
z@QB^*>`ZxHesEMR@0K0CRC0hp#G2XgA(RC~XZNKHE53>FU|$DEgA)owzk8xjM`pn6
ztkZP4SF&Ctw3L^eNWE<)It{4Xok3&fHx1LB`lGNF1^&(*i{fD0mQ>}B^U#fZ^S_&8
z<^L6P?9i2sFA8fzBZ>{&)bGG-t>*SLtwCWonrxWb*O+V5q3tOpLVMl0?{qf5erO9E
zPj%gkf(qkE#{{iHSI%?Rh2f=I%)gfZNkhd(rKM?C9=l`Y0vo%Ul{q{+l=Br<EU;Xy
zZuSwF^nwDzyHyDmon!g!`_{?!xdQ!<n&cDGUuYd@cvb}*DPqo_&svn3CafHNBHxg_
zqAqnyJ;yC4yh2Zxzu!1Gw<{9c(&yD-!PK#2-T$j5TZj8K)mdm-*5Gl41~fu%4-~8T
zZ3B)X8LWA8ru7!xqlVeOapCDvt0O0aT;iR~P3}qtCMT;MIc7d%o^p}&*B%<SjDzzt
zhhv697w62}CsB1z(z=dX6GKh5Iv~{ur&28fDXOposM@c4n<%#x+v5eUb_X?!+pL4F
zk0_}tPBrxb^<@V2l#+?BQyk(gndm(Xr%xj;E{ZW1r>XoP-5|n;_ocCKR^@d|;5|Ox
zd-?nNi*#%ExmTMa!8dQRt<xC)qSt8^*$B77LX~{Z;LR5E8Okydo=)#wtzWevBzO26
zCqL1(l7*Yj(htl}be_ylz-}9!j<5P`L%lk$!r<;qi(kos6IF**$2g37X@H{mmrK38
z#Zm6_>ZwXQ3&I7J9fIjN>3&9&a#gPom7R~|V73qZ5d|tRWNBS<0K|flj(*^{f~C9(
zXaKa}amG%!VLu$j38yqK(W?Ff+2;86L0qE<qbwfQXP$uV^nj_eu|OWld=zqF*8*(H
zM1&Y(hHGn8iGS--nKix>YO1T@p=PM;WT?XyeBb3;cU{n`q4A?n(L?pC_Ja73F_lk%
zOZ!-`^|~>lb0q2LTVGb^gXOP@fv$CA%;E+8%(zhv53Na-T%jWq3t7d59o7AqC(io8
zH_xq~t>+oP-?|adAEPCxN#(uMwW11I{<FL)<Wwmvy?d@O=`QdpnuwKKqPr~hriMbR
zeo0OqJ^~@J&P6Pa-c4?0xwe6ml|y~K$!KkNN{!CcZ=<RNVe2$bwONR{T&RV`^}X;)
z?5pj~fZ6>$_(?~D2(4-nmRyah@^)>DIK{J#ua2jJtEiRcIs=6~E$%~&F<PBZSPAPZ
zZu>bxRmB&-|C~rs&oqqK+KXyw-j4omZhIQ~0x~2H7>;b_;g(0wxKLsTrWc$<#;kln
z&nJ6v`=f+ISr~Fls>1n7l@VQ&th4%TtxuR1ef{t+!NQwPfZa66*dFP|nY90mY@^(d
z%t9Wgwll;^X)`F@Nkr7W%PD;=#cdrV6Ke;)1{=46a+*IHGWCm<MUtPIkDb*Mv1k#t
z7)zXP*PgNQT<XxZ9QFebV%F6T%eJ175O!e)U0sUO7LT3zU_o?!e+@$4rcha*r&TQ?
zfhr;QN$c17d#4Ld;N3H{_{U{;hwW`b;;tquTbSDdhJxXR`UOSPb!)Da7~_rKkKPFY
zVV}hq8PqbnI`Q5;Ceu7=^Lo-DE2<<(EEwDQQ7v<@v*8@KIU`^(?SCtB3c_OukT}Kr
z=EXTK*~LiN<t5Rm+0MLQ_&X^EtYUEnK%T|4`a{x6^WX;<|MqqqvsteP{V{Iy9j=|+
z;IbmaFb6^$4wzYEq7QFt3-){#G0mK(?|RV6#w#0c62EdhyLY~#W7%GU%Sw3az0>^`
zgiGIB&y(G!*aY)RjS`g_=+kPYn<pqtr#l=!7@0~<ZR9#r4ERV32r(4)+clyg*Ld!%
zt1r){H>ER=bM0pR&WuRCuyj%RmNa7(i?E?UuE36G^$(D}#RM9>?Z!x*`m30%3-0E_
z4^VODhZH!AmQt6s1&c6&k9UT@_*}yf_gk|kzI>-F=^1N9oEIL8ifvbRW~~4AUik18
zCFogepFnROoii{${H+YjVnVjXftVR23%>+Z4rVI!BlFZ)lX>!D6DZZ}*>ijR1QgHS
z$Dg=+6P_f0=kM{;brK*9XF;{Iw32^J>uvU<lI}|~kNUI0H)T!y_`<u&@kWn3z-d5`
z@~%R4ikCSM(Zv!JQreU5M>?z0XA;B}uR9DlMH&tybzT(@1#XUqKWHRcafgjeRAR^F
zvJNLoaj5E<!qW^}9z;qU@vE<?ht^Qc?Q+C(hu(MDwA!P8Sb*2u-)9w{pLkKsr?jz_
z7wL0}t+O~1YPy}&6h%pz_ON(z`urC_B9DN;AqUbi1bVa5tW|Zy0$gg`uNbF~^iwt$
z#ThMiN+4{t{}MUdtn3SCb~_K8OemMcyjVGUY;u^s*r7QeXDpEID<%G>&z1uEY=af~
zVhKA$gJJ2C@~6*mgFKzb7+<9;1I*v(&(R#VUSi&dtjSY1=;b}h6v={Qv|dR_8*y{c
z_U4#Q7QQU~Jp!t6XWk`N5z@Tv@4Cw$DD10HSP)sxwbqF)Q%=?tew^{Q=o}dI_vri~
zAkta$cE=^dj!P2VbtassY<8`Xw@z)=FRup}S$?i;=5F7oa%A)PC>pL^uHdOYOS-(Z
zK7WER?s6yQ;1~0L895hZ|Ir*=5?#zG@Bt7&GvujZY45p0pfu}NaX`QcqBoVkZV(<{
z+pj-B>u3~dy-3rfCcy$01*~J;b#KCaA9GVwoce-WoBz%i+{pOPeZez4sLXUdMRNG^
zs(;OPHyzA1Ff|0E(%t@4XG1r71TG$xZqJ8$=4B0|bgNlp&PlZ=cd7nOtHpRMk^@@+
z(^zfa?Su9<Ek%q=yGc1ILdxPYxTf{1>Ld@U^&fQF)E9r!X|v2;zz>qwq}(zPWC0%n
zAd8r8H+k!}0Bq{3XM`dBR)SF?v7%;g!1{pS@Wds@)%vD4tMj8Rcq@sObyiYYZ-;Xi
zn2XhaY*?JiwyQZR)7IL>U&?1)8^jWFt~pizuEn}(##@8j9Ab5CHENXJj&rXdGE@#v
z9SkRO>09moAt?8D?ROT!!vu8VF3_9s{~CDwmsHq)KU4XCkKn(bvj0wm)Uo&kuGBYD
z(iv=<+~8Nvxk=~DgL<Raz~*W?Ry$jNVD|m=KP5uh!s$~^FAo4`qeAJTv`%fwtn+8)
zZj1l5p;(Ik-!v2xYq>W*s1)mL+IiXA;lx;+hCacTwl7cc$?CxEV(T0a)&{9YYM+Kc
zQ>b{_kg@fLtQnxPhOAwn2z1yE;W&yGSj7bAd9n5f%zO*T(!;a*Pl*4jif|iyr=J^R
zzm{t{XMAc7i&pfsqpK1&rzoqvN1gGTEF0wdIn(uh+FnXZacFV%GwRh59Vs_VZ-(^V
z{}kyA>jk(OMFFb1Y0I#BdEyhj6G~=;e3bxG;z<dKhNb}iPxd|?2ngv&EhE_!KFN9N
zHTHo`+Ofyrn>JfvwHdXKuk{W=;pxtrO@pG*_~zeG=Vz{S`mvi&siJ(6A-2LXQQ-RK
zJq@Cfze{vBdY8v6wa%%{J-=0eU->n&>VD@3!BUoZgkxLE&dvvddtL6&9n`}zY&)E@
zNT*Ic!|SI}*`=3c&p?j<yZV~_sQy=`IG*SO|F2;^TrfkO_-3*;^NWa(IAwV=!X%CE
zdv~pF%tChEH@>-lyA+I;0gJ+7cDcG!5mCK{Ly$(Z1&x-A_2zx#K?a{Kz!7ugVC%aR
zUq%TvY}1T*cZs#EQ<DKFvETWo{qC4YGI?R+Be&RstOcl}+<HDsr^r%iI_RRM7oQ|$
zob@K?epFC9{z<xWuFx<-n0>2l(4?bq(EQbFZOU~XQ6_`Qx_YAt6<R~HvE{%m!-^l)
z;OVXgXpwZ;RfMVe%~YH&Ox_Z3A?xrF5H1;WvmvO)5KVc5IheR#JtRhtC4dZ)8x3*@
zeJQlHSqEJi2eH+TKBO1(0HMJx;YO9bGoIFE2ZIiwObsD|o+4lN_bW<P!*7Tt$j2wh
zwiwKi(=!i)c?4}4@y!e3WwV-%5D<;Q6}GC)qYY>tQWRmXc7qb;kS9&~!wd>ogBytS
zkF{$d4(-0cs~=ao`Ml9>$oK(GqqMn3x?zEIqMd5mD3KcpC`s`~9A=bx&-8=Vu#wK=
z0N+%#&c3?`GL7)afshqN52^4s%9XK;s92_9BPTV`DBufbF!;Fh2hieVTFuFbyh#2z
z&IXskykL#J$nKo_+p3bYp4`GQP@CF^VnM#o|0e4xz%s}@<|)$OO!g<u6-p!*f!WLa
ziL>_84Wd_VFex=L8t=i@C*EE1*l%eYs)Q)+xFA(^d2R!n?9^xWlxn9uJN6*8fOTFS
zY6_b?4&QuI;DqZZil>(!Xg)|KKQtda(uJUTD#+lVCyUb#7Qm|?-96$hLIf#v0XLX?
zUdn3^L$>`VGcD!X@77%?==gw&#8|*#oJ0M}_iy-kERQLqLr_4Xe*;?2vUi#t<yx=-
zf?ALn7F&ak!m_p;me>aaW;-kPbCTnEs~X<}so{&^+N#o|N}51mIq!2x`LINkb4M5~
z`XuPdTXIbGjGJH3g%ejW?br_G-YnrTOp=kqCzJF~borQ|7|c}OX*&Pm`K1m#YBS`e
z0sz(jf^i|Q!mS^K3M%HEdZ;kiWmvkGa=Hh@QJ|ciThu}3ws4v=D8Ql8$Y1NhgT_Tj
z(z}IjDF9K>R+eaj4}m}!4!~4W#!q1o;Uo3GQ()bX-#2^Pi%i2?-#$BNy;?#(z1h|H
zgfNQ0Z&@tW_gC*lK4e)tPu5llt0q`biX0G7ALfO%Dt{4_P%=51zY@8ho@_+`6R))*
zSAPW?)~J=fc1#|Gv#<Fw7>Ad6!#XNwL;<`_ba^>DYE|7#d^xaETO%H7kDH;kkhc)a
z!*QV?B|<YHVos}iC!)1|d-77)ru&j-gq!2liY+3AZ^q@?cQiqjyLN}Xfm%`>n**t>
z=;eao(9*8L*IEhv$C;kbbvntG5ktKlZ_2)H5Y4AaInlnH%|Wo_@Vugw3R$H>xNCl)
zbk!`|=IZg!sd-a{d7NT!=V_|UU>fE$rzG2Fm3g6bC7z2qytJ{${kkANt@qp_5vX6N
z74YcVYS>242lm-rSa^khLS87^98c71PWZU`a4R2+_`Gaa&V@oy#Sw<FMNpS*G18<k
z-!5VddYQ9v3G~UzHC`$J!hRM>m7K~szE$vYve7i~!j%eX{DMy?aaS>1s%mbBt+73Z
zZk{*z7S-ZG<~DP~GY}@d_I`?cA8so0TA5|u(kCEbn$0ys|I1$UhKC-2v{gm|Aty+i
zHVYtp@Rv{Pzg}~REMwE$?Qj8QExC$mnj83QC15CUAD5_^f7Tv23Iy8B@KO~GMIvST
zbHcHbr4CbuYr?7%COLV#EtXPG$}M|Ue@rMAAf3Vwi;?0&9b~neK^F>>fcM(@VuM5;
z4oU19Du~CD-JXaeG(ZBTxbtNJzR(BOxwQ(4g-!JmyHu}0R{z`}9MZ=RS9YqN<Ip9a
z22;xu&2LU7O&ptzWBkX|%so@bu1j-S_Q=HS_)fsp9nxCdf@plCYig8$(b>|V9coz*
zim3rObh!84=leS8+k%Zde5t^mZPs^v;N5bT{Og1H&@kk_h2A3IFlHg@AEBNAUk7Xu
zqf7ECNlvu79>LDFbh_Wa>Qc7W8eNmja$$+zb1dd5o~3dyEJ_T7H)$CKc_1eeq%V*M
z7E4!xevY`vXhoBYxfc}C-&kl-L2ut}J-&00&zmCpDSI-90}yU)&OwOqF;DAnn%}UG
z31ij&0jGX2jjcQL-$uV~FrOb~(5W1j&^AS^92ScCb^9-slBzszNq->Pcs>6ZEYw}i
z`$qy*_TK1MM$C2VPu)4jMNu!fiFR9z<(Pst5;|4cO(|uP3WiK__~U{+W-QmZ0zIKc
z%Rpf|y3PlVc<^Hy6K|6yvpV(=i>#U~K~X!c(Mz~poAQ@W7o*>95Dm2Pig>6?Hk4Ou
zV6#KZ5Oqi|=b_YRC6(uu)Ko+k(qvUSOZBGTN~-d<&HN`6>9=9W@ZWg6;)UumesP_=
z;28+DsqJ!`b)rJ~D4D3MV$&aR$d)%fMeTQ8(+5AQfXVi8d)&lPLdjy5d2O37{nF8L
zn`v~Y3;Tme&uy$xn~R7ASjmrNM{vtf8##}T@$=JN)QrSOEK)<rts)YHq)BzzznY~$
zU;Co}a0^e3`u-Gh#iLV0*m@#Y^u*~kq9+TY>sg1AIVqaM#6=?7x+UaH^g7Il_}cG8
zRV;yB(A>kkd~_FSdojrhuA7qGeL{hj=2Us)GpAbawjCH8nwQ7nOv2vvHvRJAYZ&>>
zyrLv0-_$jdl8>5hlf8~Y$_%jUbE+u?cH2fUDW6bJGi8bpIlFItL_+h&nVSo78e4;B
zFle2kMe3hYv6*0#GtsNabhK94!Od_z9f{n|0^l8IO9>orxW(xi7H7wR461!jW$&vx
zgMsB={Kv%$V)4y`$!M)|g>zTt47_T1)OQLww-?}zRp<|${y)sxBG6v*k6-Vv=u<uX
znM>Ude;`nB|1_7{i20dIedL@1v0EYZhf?KSsK9ZaYP&<xKeb)P+hvVvD|zf5;gL!L
zlKrJ<uHP9nIi)-<sBvm7%2@~Zq3|m6CZl|0(qSQQ0gFcppH&A}Ip7v%+v+*73v)+}
zT#9Nejq4<{iEenhUNIs-V*tk(;#d^<*pIo&R#;>2FQp5jCn`qJLZiCm&<{(4G;Be)
zz8zeq(cZqeQ|&>p+8-Gro83`4NOp*;lb=;M<xfAPl*Jp~q>nIAf5xlW&+|}yD>p}j
z1M@H*RzUcs$S{Xy?>)x}$HSbeN+0`FcqOxW+-k9+GyHx=+tRuXVa*!DoLBTFY*~9B
zsM7oj_K_l^M-VjtgIH*;<Z=v=wY*paDcHK7<aoah!y;rhCfTw_>YwwW6G1Pock04{
zv7f4~kNtl)2%q%o0AlTH4%7wUDOlM2S*dg4t#t^zb{A*}P0RvH!~d`QcYeds-|Qp5
zslq4p{FjwKe=-T52+{u+g75z|Z8{m0Xs{=*jaBtdEos5!UC%FEoOO~<_PmmbXML;w
z2Z?UapKbl4-3I6rQvOW}ZczCvU+~YGBLBIE&gWw-GF*Wdh-BFk8UOO`AN5^%?>-vV
zcr;^nN&qYL=}X|1sLL{p+;wgqrBm;KMCz%0afhNzkRnTP#L6&}F$q?`mS$Sx33yY1
z7~z71`bf|C?G4_!qfOl1gA{)Gb<^EQV9=7}D=GU^@HOGmA8kaj<x>^ky8qC(i9h~^
zc>5pPf)b08%mD${{a)t;d~Ecl!3KHMd(G}IDgP#jo^}gW@z@xGP&RW5zzTvZJ1ZK$
z{2<ry#$Y_=3RX<NHl%G6mcpTmTQ`!BjumRMV=9X2vj!}m#Z5!HwZUAkRA=mfh7C|`
z>QLEbb@ZRRh}?)2m~8b9;$9A|Jo!y&e-Ww6bhoc}Bft9haO*vC3A3|FR0BY$m6oC-
zyJwHpJCTEG2CtzFisHJE^4c1j2N@%DyEgELItzOK0`PaEVkJD_rFv4+Kl7{(8t0J$
zDLOY7_3JlY7u$7qe@vcsOtK-Kg^sgL<M^sxE9vu2y>{`^IuX*9$Q6zyj$~mmJbBql
zGl38u9-MSXdTNocN+yT(1w9G37+guUXoA;E482;XvThnq!4W$?TdeIIvq2`P$t8AY
z^M!`S$kK3^5aGk7DB8To`A3fG=_*0C$VfhBeNW9{>3P;uqf%+L9J2w@RgYI{<u-9W
zx!yY37YNB`I8dR>WF`732K)81I}6<R0<><|q|Ea5u`ED8;_o)NA1}O8ux&MI(8x3R
z4#b@|FO0XZN_ATQ;9%Tg=6umOi)b0wGoQS$q$$ftp079dX&@RcFnCsyiO&?(tyuw;
zIO#m`(52@r>+j|v2!S<$HbcyfV8J`NfxxROr=@KQr=@ed4~LOYlNeORyO+(Wth4h6
zRoSSoO`F_eqWqcDm0E}E3ZCY4S7SF8URL^Pc=na3&dbeQc$@HJxePQ9m4E0)f?2}0
zEK=Pc`EjF055MS-FBj(?aPjhix;q3sGUiz;w*9}3vQYJn+S!GC3_Gs}A!<lA#`bal
z&kkUp6*7b?-QLP-+Efft3tAbZ%YxZZv0q86TdCPZS~M!?R>7%PnPO-|sH<08QM*wD
z^gmVA7_Pc7Ma<JXBy0gfQk`kFB-P4hx=WDyPd^y+&%WQZMQq{T`*Y+!+J^M=KU^^b
z_2+NBK9UoJugNndY~>q&@$rXOL01jNLpLd`vJbl#MjN&pgL}0MmTB5aD0s*2mQd+E
z_LdkP3}?ybT?t)|G42ouB90^jL+-M*l@LO?(aS(nXAzIFiTo-7dzX9UwSZ-9&Ca}l
zFGN)%3|Lz_61#Oz$zLH3ohADwZ6$#Z23l0G2l>TcJYnwr$7$_{VYHT}RGO4;v@V3}
zbVL_@U^>gjez>s)xrMh{!*lnviViyh(ro9e*3N}w*Lw|G((#jxA>6=f^8`F6w_FU9
z)3V&bfz;(?5K^@tMM~8i6CXCKOZ~Pi^NcqA%3XI2PvCmvt~{BlLdhI>8?OC&NEk80
zPbuvB`nR4o3()=~9{m5+_TB+atZlb9ZVNWVEl4jaN^eqvAVs7}?;u?SLJKGa#Dr!A
zrS}#<Fc69qA#^Ds9TJclLY3Y@N+_Y73F>~_`+eSW&i8(QGE8PN_au{h-Rru3i;-9t
z&1l=(efgJHs;=?u)f~e>8;F|0Zb*^p^;_?U?q*;0<e7YqN<4yCDAup$F*N@aqYjCB
z120x~<57J-q$sf5^c8MF0gaHTPGrDzw8#bIB=hLU)F#ujQ8w-bb#TcA%<%~K2nF)X
zy_#udZ!OAN_=d6rN3L@)4p>bWS31x!gR*(OM>hplns@Zyv07aAqP?H*IJC~Jri%8e
ziR&;awN17GA#uV;4{b_A`;bvcqsM*^Y{PLPilMP@RMROZ4%{nVDiol{F}!@k9V>m=
z9U5jp+b@E8<2s~Q<L|1#66~h<;kdeMj~rzwuD02R8V_OEIo+ou)?lHePyfNuy5`_6
z36vD{kcySpS`&G*)v7HNR{fYTGxMWEg#;h!mvrOvLHJ8!m?`9&>jt8nP4!kd#kN(r
zS)8ez0a3XTW}ql5dd+V!IDVM7JRLhiSN}<dk>!HNm$6pJJnX?sI_F#JN1dg9X;Mcu
zGnc`SH8o`zK;F{1x!V{}+M~hJq_$7b&r_w$=+@4;t9~-aS?5DaWxJTNMmRt=aC)U&
zTkN}gZ0Y`k-Ar%_0x<1eHJ5Q`DHXi299_)VloCJ2%Ij=HouyGRtXk^`KCdKmzqzX2
z4`xf{V-(0{%$$j9HF&*X4=8Vdky+BCZA<UhXS92rKiYgEK}kh`r|4jB=vOUs;nQ)2
z4pLufVrQGB$UVQmih3jM4TczK?EM-_pJFJ*P95=xyc!-r_iY@;M<`z}o;u@XcMXAM
zE8;BXAjIESArQ;s9-QJUZW64}Q>9AE;YBt~=Nu-Nc6{{ncEa)Al^cm!bAA&sY6sR$
z3bdHHWfpFA-V8(z2$aI)Vy3W}ZvVn1`wLZm@UrCOr}-8D)F>Ro9x761KKjO8NRKEw
zQ8?i`<U1{u(9Z|(yap(oiX^lgM@r|1wPOGPk&Sgtb!q@8Xyhx?p>VB{U%SMIFRU&3
zQFR;bjx1bN&VSuvKpzsEM<?ex0xY(schymeltWrCEt{Q9gHFi|eP<8!wCfjvNK--X
z|G{^SANnH9QNS_oD*8S~(*%POwUiZUjRE>cBgyYFCj4IB8+!9ZmRjV`22z_emN?tW
z+aK!vYQ<&miHT&_PD>__XkQt<q3>5+yv#fp_P$DT;8P{r49@<K`|TBta;-os!26_m
z`zkqzFhYAiUP!Y9a3#lW60jQ%GVqPZp72GgnW!)3GQ!UMfoS7LLb34)SEv^RE6f$c
z7pyZOTj{(AY6gT<U#q`Vh@Jaq8@geU-p1ANHqHcC<g`i85>PPABhe@-1h9_Wdq|_R
zu*V|kn=*?tWmTjU>H9kW0yoDd4&&RP{|-I!WYVQDsD#xPO0)gi)&M-Dl_i$fxEjjZ
zD|Twubf-Ryb^#AijXd}NUCU|YF}<g^)~USw+mF5)lyU-vd>usw?Pq<w=sTP#oa~++
z^YVV7WrH`3KhQ?i8tiDRj(wjD3F<k|Ez!7Bes8MVU#G9o0dH6Ms}#7|cNRdQf88K0
z>tWVccl23cbIi$$g0hM0Y7_L?<}prtae||RP;>Mq|H{3c;0DMkjOF9~DqY(Zmm)Y=
z?c%&r2leWStJ+PIjwfr0JcbGvVTp!da|@R${W4+Fm&->W!Zt`oB<tQXYsE&V!a#(#
z<Lrs6>%@u}?Rp8WR^<3ehBdv^;-ZNC1bT4rdWNDvqKo{8<Bca$t>Jn-%E@GUB7_Ub
z3%5c%c#vP$OpjbrX{v43dqImlZEQ6d?>Xetg-l`JTv1=znFS51vmV;|!!|p|F)-=&
zP!**2i?EwqA=nM`@`q#=HP-W@VJkI2rE|r18LQU`SR_e1Jl_OLh1uFEjb_$30R`G8
zyrSJs=G;uw)~4`RFp5xo6Z@D;DE3U@rVH;pi+enk*t(Ty`^^Nb;4XT@2K<yhdT}pz
zx=RF*i4XvV#EX1C;~zV2bl*iM;ly&fN%%<MvX6ai?>UaPkJm<xpENjWZ!I*9+^mb7
z8?kTD6X`w}8Qf|8)}?d=&`|hJ^aIA4?~y^-9uPGrez@nH+WEnz*&c-KL&pT_8EqF;
zvM?PY(tRVPTnse(dX2e-Vyl#^JQ;G$MO9I~SV-acC!fkgz-^3uEi@kr)!w=vBi+^Z
z=5n=004t|LXtUvs%><WQ`SF%CFOjs)F7nyO6=5~Jz8l}Wl%Q=R@9EzMePMniz~%`9
zk=RK@u$GJ2ccU*;+CW?Do)RT^FNEZnBHQ;?jgzOkm&0+p$#>b9GfF$qG0Ls{11bsw
z*JbIQ`Mj-r@|^}EOmQC!o2@)i8t<JbYL{dTkLJJwZAVB}t!qcK`TspW>o0xyU+TgC
zd%N=Y(&aB=VnFrqx04&2M~xew#l(Pu;S<A<qwD&8$N%oVXaQ4;CqY<n@o#kA|ApG)
z|5A$nM<x<ZALzB5AE~;{m**^6`pWQGh?aTj_4(420f36s3wIU{o*Q||9<AUj{WMpS
z@<;!ve0IvFP9{F;P!?Dpc$TMe4NPi1{i{#){K@~6V9PS}9L2z$EFH8wKPX4{%$h+E
z0&>c$g81Fd>Ap?dm9}xvb%k(GHN*BS&)ma6`nZ(JzJBii6@i(7mjp~uRD-fouXY^v
zhcym#Yqn4bh`ng{dk+w5*RIO^<Ra~UyI^{mLi3+oq+qz4X2uQCf~E!AByPl&JWU}f
z2}jYTydh1KK$NbZ;Pie|Y_|gRo&2N?sS+4qb#T>H1mG+A#{q8Wuy{oncRgXZjQ5=)
zijXq0CGegNn`Ct>8m~4F0!lImCXSl2zHqvh8DhWy^`}Tnl5#U}?W}8811AUnZ*Tc$
zgDDAPg{}M-xAr2%d-QXyV1nxFM=gHB0I#;~3TKdC<!|O@an4V3(@canzNlKdpX}6M
zKqO~T{+SOkCQ_cI8Jh1e>(gQ`q6;qmzeva*QvF}erMdrojqla-J9oIVo!p&flPEZU
zQ<2jjq}mXd`D?hBkn1sBK|#`PCg$nUdE|c5cezZ(H0*J;IUj(MTUWsMB?KAscjfJk
zt-(oc8a(GLy4D;`<*E)Az&-ze>&S;U5o5mh=y2ROK7@g&LrTYiT3+Ku+n!aQ4eRA6
z5{@yYIr+!e?QFCk`&Q*7ZmE<xj%_AZmT+iJYwlkO)e}gZahImr`%&XWGBhbdMiwmN
z6AgK$<i!6=OS9o+l&4a;;d0B1+@hMo7c>;A>B;{Y>Zo<L#V*(Es;A#?t)w%N!8C!4
z=RkA->L^R_Q~q9Z!p+FOWgzKZ1>7=0E^vDUwQs`~ITGm1Tyk$yjee{Jr7g%H^EWLy
z_0c-tZFfhH?a?F$oy-i!efB5Cdhw`?){*11b~&_7%NYYuvG)n;qKlH(Y9iVbcOzP7
zBq4NOmg7TtMxL=AX?xj4Xj!_XPjMstE(6()-ml8X8_mR&a+?gkUJ2h6y>SlWcimM=
z7$ctH@})2|_pwo)lOST%w5CrOk$#5J#6j%o^J%o(ebXAC&eiOdZ~w634@A)x&sk1g
zx`>16P(GYcz<mz6^!d83FT3fh`dbJgEzOvmaG0Jur!lh@Slp`p)Q9tBm5WWEVzq(!
zt43Sf4KKbnPO&Nu_Z5ViN1Tnex!@3ZQr}xt@sytVsQ^buI{AI`w@>)Cn+lRk0FLWa
z720s`N~ozo(0aD*3yGDB>ny8?qsK77((%!9?eK%&VXWzo#5Ufl#3vrLjLMW9|KVGv
ze!VjRO5jvmr24S%0`;X2Ij<+YgjtfSBB$v(gQmSB8df^ZQ02|7v8-)Pat*eG)pO}J
zD*<xR_mAeJ_R;TuwU37PLepD?wu#Tf$tS!TXQHk)Y(&#L#5b&^80qP(<o_iYJ!M1V
zackL@ZvB~si@{F7U6|a<?g-64TYWAEC+a-((%wF1g?1gbu!%u4?9UP~vt~VY`Uw+a
zh*dK{C+!d1O7|-uZ0R!cpp4wxbAzt+DwldHo1rxohMCfOPlAHE-ZP2yuB4iVE3qYY
z&fke-B7Ch|au;-^2aLROOk#gt^yYE>3!fGUpQfHI?X?pb><;9o2^W;g_AF_ZjO{v<
z_49*--s*H<*XQ%E7icf_+J?hMcT|rmq~x(EhmWw?ik9307m<sbjS`&uwYhMm@>)Zk
z)$hlNelU%yaF5o5JBEca{e)XasrG2Z+oxN$bw~zDW*`7sw?i&1nVw`zmeWT7<kaWW
zY<h9ERk!!;`ZsopO2&l;zb843KH*<EC8QRRta&m6$F~GGi>xXH`aIcE&GR3yrNp}Q
zz`+UUq=u5GzdC06FU-B&B4(|Zz2<Vs&l$dTN}Uox^;1Qse-jmEKQ48@S<2zxsYf8;
zn4fayHiA&-FG$><maIWnE5cdiKhePPrXF|}{*L*54~|W@ou6GRSoS~;^NqzL6S9g)
z@uhWU6&7XbfTTo<#e*Ai$0A7`qD_0Z7-<c9_Rl%f2IJ)iOnu`M7!WT+Tms&U`BaoK
z(WY;vNmHpROk^b;v28uiBUOt<I$K(Wj3MpB71-{1$9~)s>@~XJk|+<ks69oXJjirU
zqG>LGX@PnCJ{FZ@3)YO4j&jn3&WiTb5jN^Q_W{;XsP*GAax8(Um=l@Wl}{hb96NC!
zywX|k%q3FO<!p!SeQvy7t-lgdxY(q`&$dgT&`;ath}p%$4#GTZT`ovT4irBq=$u(I
z0VreA0x}Ll<`i$DW}s7h$W;xZ=hO|)`^a6w{QS{e@dyUH`NM#W)Qn1`{QkSZRINH*
zyrcGgjD_SsQoTCz9~T-Q`XmOQ;~6+m%$F~OMDdw9z2^~<N)5J{6_n5(-u#1`b4PEo
ziSC6SN;#`Mt7XqRRtQKP5*|s?A3xQ1q%l3$U%(`*kawz8v(I}w4&N?Z)vK%CT(etQ
z3rQTE1$Wams;OWvE$L}4Fh4}#gLFEgV1*P&9x8!u2+DA`6A3IeSiQTILA^<gcYzvZ
zp5fu;7bcje3JC*LV1iJ9DTkcRCjlFL+SmTY0t4wqlKA1Tn?+@T0I-^3`@({rQapB(
zPSKWr%R}hK)>5AO!=OZ4g4##*_DeEkh`a<K@$XlStap{v{xI7S!>G)<b1iANUSRLp
zp2A9ES#6^w!htT2C1t4S`h2|f+mQ?CjZQ*>m?;NO=J&_b9NQO?s-6Qb8H=B}wMnvl
zZsO&=?ZS!oV-!w%|1(W#pMBpV%9`FLu2gnX#%+$x#_otmH@&mH#~oU^aX~DEs$RT9
zBsq272HzNZW}O*`GjarmFlzKZ1|>vJ^n_`={4+Nhpyd)fg%ujpA|!W=Wj`LQg|f6y
zR0^#V*V3qjhvI?d3)ULi7U4$L1ikB9lxD=)YfdfIqHa0?FmJOq&WB0VQ`)P4P{6Xk
z8XLFxV9yJ;?C2tCfsV-DV*n&cNQ!&@x~3mj0^DDloT=$kw6+~AFGX7}!w9Ex5O!(0
z-DwWVt~9K(i(WO?u`*Q^L${0(>zUgFrN{X0gTnJqst!L&wCEjd2`~`Yu9QseitE>t
zeLXJTL>1Zt+fUO%zdgKi;+cRQD>{p1D8%C1-M^{HaIbBpf2v7)`k0T?O%91xA_&V(
z+qpK(_re?a9TRN2{oO4ae2lb;YDVIF2b28BWLEP4TYzh1f2l0i`Bw+3Kq9FF)p71x
zslsqRt7p@BO_XQGW!+AUwFygy;i*{ZdEqOOYuqnzVjBs?k6`F8Q(`pemYo@ob2gd@
z<qiK<Q)VBW%Ink7-Xyb3snDGt?zSUj8wuq)gCj4G5+?QyJ4MQQqqKb!11p*eH^R*o
zbH2Ol?A_sl%U5$3;DYL4*z;&QrmDw*Y&y(>t-CfmNdMSN2_~B~*o!tm(7Go*z76ft
z#1nN*?Y>J=I1S;v>%+8~t3mkl(t$%5FbRU01(2M~50h-D=8QR4L#aex<?)y%8xdhU
z=8V$bH<;}{vaZnnrXqKgHH72Kf>>p0uevoKb*>(@QEFuZ#O#q<x>nVwOFrtlBqww9
zNRm-!Z;BuqbJl!B3I(?{_^FTTnU7xb{}L(!IG}(Inhg^~82w7H`~|69W%~kQxd?^=
zk)dQ}KZ0TYzfzK3$6>8Vzk`2NmmdREs6a}oCh5-;)#W4}(JYv!9>O9;qz9I(@5ia{
zkzXaN0Mc8JVpOOff*eD7b$V+V7$Qa6X~@WCjemK#K-gqK$1A*~n$=eTvm5&(=w|H&
z3A3BPHhmiboZ&Cx5oZs?2ma>5QvUmbxGN`q-x-WOkOD|;RF<Hoep0^FFDw)QPbwyt
zNtN@IexK8c{1roUBy@qRshF2?v%`^#OlN8TefY58UM06}D-eS1pD&@>_0Ym5Z`m*E
zvO#`^+Wb12z=g%MgyEIWvW(<k8J|ZNKj{DpUBsXI8GriY{$QtT&D=I3mqeUJNcSiH
zKXldReE=d&08EmHvFWgb^O<}y=G01O<sK5L_oQn!VF=97T}7_W9eCh1n>}S@7$K)w
zQ<%h`FgmE}<5l7phn47tg!lu#xN7A8wD$KWgqR~Cvj4JOcIx<C-E3a9)T?9nP{-=P
z-O~eYV9t7pD(F>pl@$RBozNmTIO<~re@Wc)GueE&9JX}K=@|k(KotmVIij6dLWbrc
zIr9)S><6MB5wSxg{A!7HQuQ>c$HlF;ZMn`yj`LPU;!XUT9?}f=EQ8Tg*Ys&LfLItG
zcDIZ{0I43(dJg;zt0laI-KDxQY9VhCZ!*AbJAAHw8?vNwRus|8+TB^TQb$T!1u{6+
z>OvW1ZRI-4_D}9;CH@M1;eY<&{h0EKva&s!J*+``pcEanrkJ4}y8PdwhM&yYtQO+k
zgq19E+M_JZ8X)GhE&vn<;OO1EJWljBjnQO#{dWFGH>|jyZag;4nS_d!YCp<a2)gF)
zSqspF+jZ<WbJyqviys_cqUm_05P2$a<3`~6JJ8mAML@=~yFRcK2q4XX+^=W+n%77v
zKdP@^!gYY2>I7K%KV90mzq_=k|JtS9Q<eGALR%Wt_%jk_D)a27>pk@KpB=Qx$p55+
z_NaK6n!@~dc9U5e!KkI@7j^h-_mhtbQL%WFw%zp|j$80+guOJIfj0Trc{2@9n^^jH
zsk%4V<gFyb0vt@t7~vVuC$|eHMNh}PbDpQpJ_hMn1HW#|SJ|DdOc!B8QVz!$+NUo(
zPYu;Niwo8ra2H&dPmz7e1QvFcnn*7EyG@HL^Mmi>D4rw419pg=XW~bI^nxt&PX|D^
z_9SIx{9thM;OAaAH&ztBrQcy&W#r>*Q-9WiL#_eGYyX{XO{q2W(kIK?2As>X+R4Wo
zU>g$DSr?ku_+jR#*okEHqA0^y=F72G&IG(jD?6T>QEpGN0t;t(%@cV<J-);GXGZ4B
z?tm;i)P6;BzOh2LHS-iaOc{1Ln>R=z><6yNpn9!@yiKJh1Au);%{;zT={qzr2A$o7
z(#wCaSl+TAxxJ&lV|n{n(qddK)vNFAz@s2p9>X5U$W(=^6B5riX!Va<f1b%O!Qw4E
zTV9E?HzU|MI78kiL5W%&Ca!Z-tK~)_c|*5bDVhLB*WTCWBp*YJij*#NmW{r{$XKRO
zj6ko=Ej{OedgPF8=i94n4>EByY)($~w{`6papq3m30ovQKsE@meB%xo){7hd56EHW
zN8JZq-vC}dkRuZzrK?!xa6VWu;2&kh_<w8Z3aw>R|4(JO$I3{k;tW4Z>`7wDyfLfg
z_5RGc=}bcZS%&Lf)hKHq2T(E3)=zv!MC1Nu!R3ECx-Vf5P9}78S-R|J&+oYZS$FRS
z0h{*6@^C%?cv>z8`9jJ`YyI@x`m8ZDBLczs6{Arw-$LtP3^H4;bN-o78>vRw=JS+|
z%t#f<n%CgLHC2U}j{=b29LI5E_TcgOUNNr8YF(WEFgZQ6b*>F+o2j$6eR^7XxG6-U
zM?DSiH7r|`;hdQD=k8+c;-L1G{DS$c5W0?D_KG5CGNx%SDK>M?VHPb~vI~@J?S0<}
z04NQ;N{tXVVCq~ULXzsAT{`?6a)QV`3kj-HiNB<J*uRnLInV)5y`&>!H<JW6u-rVK
zb!zQL<V=fH0B>~3w_P7pmgvM=4`2R3fInU|Vu-X<VYbkqn4X!us$kF&&E58Gfn1R#
zXr2C@t{=6@ijNVvK+=vTT8}cI;(~Jk7$ojncvAvw-uA(-(-PU*wdHgOs0|Ck&Z>Ux
zR_{hdqts|^kx1KC;7+Bx=d=-67%n9YrzJd&p5DfSy>OaIN;M#jEKA7#eote7y+IO`
z2YJuEYsp*(x2UTvMsDx^T-_>wvq_!c$!R#*dC#^;;_G!KDZmY54gxfX?OQWN=@*2X
zoK?KTt*?9^&k_=g#RPgQ@~~fKMdM{M?*nrv_dB~|ACjM|Is~obSE$m#5_(}*u_^E+
z4p+(c3fugZ&Nk_d16@K>?!hqc>p1oDjm~8!Iz{r7z{pIz9tDWfEU?LX_IO9<om;GN
zD#YVPgb>%4`Dx>0<TDiOiEy@+D510SvX0FoapH{6zZT)K@|C;jv9Vtrub?+$BOH1p
z%9BHoTe1HUobSu|Wr{haI#fqS@#S}TzYV9|5-3b8tW#@#M{gD-t4Z>L1+)P#_)aE{
zr$1`WhN(DN)c0C&6pQn3ina$f^d%}yxsbjo<@vY2dBJL@;2*<0lPK2P+4l-*lmL%3
zKRWj;uA4452$*cn+qh<a+YDpTZZ9=wC(7TJQtzB6YcpCg!a0tFRfWl6%)QdTuf9sg
z<@z*056hz)um+j<Apy*E)1bZN!OM$eW(hzuHlXsqf9wo_Dhl{_UZHpRs{<Bg<l?!l
zBFtMY&RPvDYlvNUSrK5k>2u^6<E<<^>$%Q4rTyPn##Xo^%h;l{XmBCHh2JM>!c8HB
z&~Bas)&+c~<7-|-tr970Do%^C6!CmJ?=R07NGloxY|#zJMw_OovO|ogNP)>&Y<>~r
zfSr3vU*)4-&j{XKz#VP&@s?|-3NN^Tyxn#^0zdiI_&5+*m)0dQ;r{2K_%+<I81%@8
zmf)5xa^EQQwI(XKx#xbs;Q^E<5Wz=_-U$~(43bI>$Bz_0!;#{@J#x$ybTRc*UD&}D
zJqn+)F?E`)uOIFEz1aKjoG_L*oj!3DXWl1Rr&18dYR@t;^bSi#nc;$j%sEh*h0mRF
zO8ZB}ahj023RYcxn&VScIQ&8K>T=E{#!~?CclhgLAPnXyT<N)2tR6kFufhXT=loOe
zTa@~B8R4GZBeBm53*p8q7Y8xmC^(AY@t|OZ(5es?3@>Jtf|p52ZN7!7SmwW@7mIB$
z!iGJL&pLA#7>orQ>T(Ug)+ZLNg~~@2%wGKyZw$yy{W{fkotRk5fu|q#Df?;hw(DJj
z73)eVz%AG+K%3uQiIm%E{9e9p*3wM+44Jd6j`}*=xS%gT1nu}D8NpO_v%oZcpbj#>
zur#+~LaI$JY`PH`vofSa2tFoZD1Fm<{1l_V)AY+*KNwTm9UICUPk{R29<Av0*Rabh
z?RzIiEepl215pQcUjrckV=7ws0jou$@EtiuF7q^_cUSa`K!zyaBaCs6&MnFCt8Aij
zA`$-z%88*kw-6Y?i#)#$db8)x@11sDJ%1OPg^^@^XECKsC{nvPBia4bFFV$TQHC9(
zh=*ZGMm<TA(hK_6y0eWzz9M^t0hulXN4?=V{Z@kAg6DLfMLGA2=A#vWfQ8&INu&k0
z0@yhH1f@E6#4d0ax9}3{Q3eUw=E~|k8|ng$fVIr0&;2Cz?f7yhMN}Ymw|pHozR&~T
z)|B&O$oCp+CsN*LdC<9kcBwR>e;qS(l)LjiK84SFLoM7zDiB2xzM7RDYT7oLoyjq-
z<WP3zE&yUWlf_mm(gYMmxf*O~2*hlqCGgg7X-+<sA8<V2|MH1cz^te5Ar9FOARH`Q
z1Fs*q1o8a%_=e&|7+ib=C1RD{_CiXMVI8LMG}g;4v<paHWwv_NGV1uY6GpqYXxu|9
zsNW!V3RtTDWh`ff|86X&r|W8H7w6)XJ17Mj(BBV7NANOA`bjR8hdRfVo6pg_U3wOM
z@F2&D$qso%;Oen!8?TFsgdSSee$~mD6QRKy9}8|&JkPKFHSH_JT(HIO#LI%YdoHKW
zMMhj`z+B(mkenGod$w13Y%Q}pR(b61W4vs?BoBLbv_V&PMxgCd@-i{(&z0sv3}d?z
zGT@QO$AuS=N)aZsFsFGRkG)q($pdQ&0u#0cJ$*{kF#_gJF{4CqSF{)-x@Bsn__b?M
z(*aP?>^-68e5u;3g#6thC38nxC;R1^x3?py?M->q?@T4IOAywM#TyEsTPFK__V#-W
zZaFxzdFyULN~B#A-frCFV$r%5+MIsLo8^&?aEy@}*8FJ_o9_Ahg#99~*)hHs7u>7m
zH3KA6wmi`x7@{@Qpt{gcL&JXS(mVCx?%uc6gwB0+|18)`(QHV=7?Zl)AOmwi^)=Rq
z%aJ?HSjgIF;&c>YSZ(IdDOzyFhdCd5$E{L6*9Ep*J~>NJetiYki03JR)3RF4(LjMT
z8JVSmMSGa3d3eU*9+`D$8$@G6!M><8@QL%F_4PX!sri9L3bKQD;fG6BQ*s+_w*{i<
zQu6xLT_tW0k08GV)>&Dv^9FAwqL@v@7|vWg@tU;4{p`>q@erzsI@CYo<x+;3_TL{C
z`2vQvSt<T;LUxQ4=R)@E$~PedD}_AQ!NI%Nc(0y&&#rKq0&AmWWEW4Ef}z|`{P=5d
zvbV)>e;t&J?8UQE{Nj%AQhhV~iPy%!c}SZEA)7UP7%<1uK!7OXA~l%wcF9iv!NP{n
zt{C!6c;ZwyIQy^7&S>$+8gbZCI}SzARnDHjPPkro02OIOR9L-JKYg|s_{fuyoj4YY
zPkfVvEZbv!1vuiIn7?+0R<4*a%+>lDo{_aARl@wZ7^{M<S)GnSV5NfE_2--5NAHZy
z3O0<apenFWWlz8O!VApO$jD?r+kiMG*hGeKs)MBuu)xI_dAY~|8ei*T+Loq8xsZg)
zYOQp3{vhP&2COzv059^w0|U9;%o%)sqdSD?^pBCGT0O%+&vXe4{S;0nt5pWnbCQu=
zIsG&a%OfHrqDDa={B3^_0vWkc`wggrr}*1;Aw;Ya`&`#&PJkcw+VtlDw?RUJO;b~!
z|C#NNf0d#|YF;3_bMbK~q_JtP>)VYW$X%^wpi+!<K42|I>p3Yl71#lQpQZdk!U+ST
zLn?4TNm`*IUAq%VNuWFZ7!YlH_S4US)<lb6$FPqm`lmepdHADO_tH9nsMfpPTsuGx
z;)n73XUN8Ee6~6HOiF^18O=Y+C~LlG%uLUWGXRit2PbYBmANF$$MR)JB^_+}r}WzL
z!^rW+NN3JYkHc2K+|qH;K3?U{X6gGdJkC3GlZG#&mGw#IQu$SfEN&Dboa=Tkf-*!;
zXU@<>-XlWlE&f*0P-%E|for)SnN87?31K(*T1nE`I7g|PRH@!Am6t`8*$F;FG)R;6
zC*zll)DYg`oWfsh_LVm*HZ!<rq+!7huf@Lug;6^e2&`|zV3z#^1NX$H$qvOp&)zAs
zBs0?y+T*1+V`KAewvxtmCA2@?MG5pho@#?+msEAIIqlsS<+Io%Q)t{D<fVN8TBihV
z%H_-$z<rvS()bEPC&6ZB3Xe;8t>*2&l__V4t!M6B)r-|~>7{|+9MIgCO6t)uyde?o
zK=hW}U8fOx=O%r1AS0;S;~TZv8;Y;-&C=O_Htvm>nYpzcwCkKM#BT^Gu_k3l+gsj5
zcr=t}H<VYK;}o?!eSGI6@0w)CbO(@!cJ&V(HUd@SMy5rG3R?`6U#&(_^b5p=80!R5
zmfu*Qu+cN-8VCGGm9P2^CWd#X7Bss?mpax?V!#J32=&U~3$iCuftyjkmsS~W*yCY0
zJvG`htjF(6#EM*(khdjIl~~9aFpprim23K>{4&MbeG)3t3wz^$iwW#l)Nae_n7T<P
zZmg}Rny;B5@wtBJqNpKFcWc$k_25R^mjdicn+Ap}sS_^`i*zCA>uWn_-ziPLRtkBd
z#6J5@_mK{C$pJR<2&6bW&%D4??(<H0i0OTa6lFKJ%fWcIF}wt-5*1V+(RA75LiaiH
zKHYRdr`Tx)Z#=Si&s+L{DkS_~m85<#IB7Psb1K_nV_*ioo#u@eZ51y6hBuO+xc)9*
zwnR4j04N<#!x&00Ae0TwqqizzXlGjz&JvAPdE@i_L6Uc;m>A#LEj?(OuW(-gmL#Bw
zoqK%qQiaMTN(}?2h*pET#;{ya&xC~-(tMh8VN;iVZkNN}*zxeN-gxr($bm;r_+WjK
z{k&a?;#P0-Op%$dxqE$DsIu4)xPemU8mmr8i3M7wnC=l3E+w;ryxwJlu9f<DVfCOd
z`+D1q^wUMdBK)5(=jJ)lcxuY>PWDxV(1h#*%e69$1@{Wrb9A&{QBEwESU8Xu6ylbs
zOcm+_>!4O0!QB=F(yLSc=+(in*D;4k&xebM*95g(;7!7t0>4f^18XL5r)>}xi_z(*
zJ<Gl0AiS@?C&eLQ$ih6OUEXBU@%0X`ijtUtj`EZ_+#-2K7w+A5HoJf5>OogL(zl-6
z{=s)Edr&!YEIf5(c_zH-oSW;R$7C}HBcI=Gon`7AsA)<`WAxf+wCL_!Z?ez4lgt(0
z!|w%e6}&AN66bX)Y$vqEg>2Ge@rt$cUS<5tA3Xh%A9=^-b!fKPw{$tIKg~uKwMI(F
z#B%6!u&=)?nWI;8uT*;oHr{*kjQx?<vLmRsXL6eDW`)nhqaOF~pJHlh+1oz=*&U<t
ztsmB^A$aa=N1qTMj{{?&KJHiL50NMY^7ZOOk;deH^ri(P={_1wC$4YT7t~zuwyEO(
z0-5geIfv6!WkVzDM4rAa*R<Cw8vQ0BKs!eMDPMcF)!1RGbKj1qcdfa2|KpUA61`Pd
zaDYGU083P(q1mI>N|}*^0A6Ik)fzf2aQXB%#ukZhL?Pc5GbJCe@Xc=ZPYqQwgH8r}
zf-U|!yR|O|KbcO>%x&s<#z^%m8Y=8%mq5*ZxmottlEq_&aGzi+e*nw(q^E}is2ut&
z{CKa?{>;O`vQ(5JZC5<j7LLhs9-h1oMA1^DH|k~1-($Hg8ZC6W@lAH5_`H2y%4N#?
z%x91i&7KLlozm_aqF++hVvJX85yrccz}INuAxt|MM09Y!75%AV7PaqzC*E_NROz*G
z*m<shYT;?$DADaf7w?mF%=>Z08RvL0@2IA?@9>jrbB@E8Jb00HiqV}lh(lt#sX1W_
zDUi|k$3j6PJ6m+DczJbP=xz5^d>VcuRM^o?ThkEMJ`9=e^O?T|AH1dA-A^Ryu?*|p
zoY7Z`f7rEPtm6c__7Ivxa}HA3svuP@?j4?>K%eVHZ1|j$Nch@~rNfv4<EM+wZk`DA
z&DzvoLLTIfhmXO*FSmEM?`AJ8k{4NfHCMDGdeq$4A>>%Be5Uv{Y`y9+8F{u<5{ydZ
zmQVV)+$P>DD&-=IUXN&dIkW1nOeS$6Q#^Rv+c6@l<}hKbeBP*SUEQ39O9jwHOy7S6
zWulqcI^ixUAQwT2j*nwRmN2lim?$uAF{2EThCy836Q5vtD+ud&>Z(MQM2q~&g#vaZ
zo4`J0Xj+WnN3QOLezErH1Mc9cWanx8uphi4`JL&YCUX;ydM%qh%0-P{%jdyrHd5{8
zoI79o00vIq%ph8Xxy|@t&~L1j>3FyCaJF0bN1Hr0U$i~KzF4i^vQgjDllk2s4^)yk
zIm{6=E&1?d8SspT%pX0Y6V&}IDml3ZRA(ODM=}vb463mx8;AXjPFpARc<*Xfc&I6c
z(&M7IZ;gAg>BGlxA_&`#L5Z}9yLw2+W2fnub9qw(hM7fjSp%cFA4GVmAyubs=O*rR
zNZHm9EDDJ&lSTQRVEUlOhx5BAP1rsLB|#%FQ${n4FqKQp#Yee-WUhy1XxboPPfAmh
zofEJ_0|E&94K;A2EraBsn3Y;Z=U~u6$b!o^qS1hvo`$~_DwPoUTzR)b-%*KveJg&U
z8DjD1(&q6$G`-iol`Y26kI^Q{3nm>67^`!uLSdNI*+`F3&zRc=&lqFzOr$xY-o;iR
zqSbNN=i>^89ypYnGm-h#uAj3d1MLEPl8;I&L#k!>V<J2osg4PR;ss8_LJCpweb~l5
zULb>k{@aa{LtGr?!m5WcJ1!p5%l2-7JTuNJ_Lh%oN@&zYDc=;k?RaSOUZTc7xwx;L
zyI=5@#l<cPbqm$(AY6MXgJT;FO5+|I66K90HhXy6^5@5fyEZata?u)swB+QJT`3AI
zLEhtP@f=nRX7NwsZEx2M$b|x*h9)l;jqsBFMJUwFD?6ASnv_NRsxV0rx4;QitGJn`
zY9uyQgmh6VWSSP=d-&OkdjQniw<3(w1_5mspOJa#j0u@pCGsQZBAgs?S=F0S+KRUk
zPt{^Q4n1Rb;pEQ1%s2B+G$lG~r8FbI^kE?g;aZ>m+<b8^V=n&0@a({nF{Gn0b&!Ri
zIz<0|I{P7a)`*<13YyS4yuBi6VW2fPhtYJPNW#lb61|iCq#Ym~8`)kw+nrWa?^WGA
zq$`hAAH2}YSr5Y;8Vo-8u$Gzoc>APZLMuZ+5ESODjjN{Uc?`fkxu=nvr#@UT8Tmd$
zyysq>P6^V@@RpRW=4N|Twf<~-pK3e~XPejky+Con@{4)t3<T|k^FXbEtw6n;vDM2x
z;_yXU+rD#mKg>4$>60p7A7^S17GSaSM*!ypI_b%7z^1`m``+Y$PbGiEDBWRu@|(SC
z&jqB(hQWl?GVQCyO+pSb=qA@Z8xd+;lgn3L9DxVN#80ke;m^&GMit(I3aaLK7-3QP
zc5hai=M+=TRyLc5H%mtD7rpEfolIKTc3JxpPS5kh(&vhSl5Pi|w=>``O%URY6qL6-
z-{Tv}tvsu@a}!~}(Jp2_v&o51z`kCvwO=t_ZZ^=q-fk~#(slajx!5;V>RM~JL)3@8
zOUGA*WLnzsi&tFtrIC+>>rA>uSj4R!sZR{=(3!C6>vxYdf4n)L7VBR+zN5ZjWq;|Z
z_0&^$u3T8Qn0VnefLC_C+&vtJTJ~tt?4PsQz@j3l@fP5yRrGy_1!O>RanB|7;`~q8
zHIq@bik}0?6kI6dlAu0%3sIwR)AC-K)b^h5>{Ig)aMrf^P<-0G31fR_Zk$MGRxD+6
zB|Ki8y>xS81z-rcGP3aaBmy%=G$GtvNsSmsP01OqG^z7edY7pkgg$TRu=!<yDgNQ-
z?3IiuIm$<@Zkg*h;5t3p6{84u>%JMxj)m4vD}#i%&4_Bxd4K4up1Y48jTmRW)#%?@
z7e*ZXZHA&>P0}1>AE}4HP)LxU->KL59I;DRPM?kaOVu%jhJH=2r4#LW^pAfeZl}DH
zo?S@ytH}L_E;97v|JvLDEkZh@e-~JQB<rmOOx$s!0i&(5fBZ-3<&6E}-Kf6_X+W6*
z0#PsJr<Rn&OnZ|4Ci_cUM&cli0*RNwRF1z%PDv$@fW@0Gev;P8{He8oQ%`;t57<gh
zO&SFKO(gr{y<!zTN8dA>SpI$tEZ8(oopgk<pGN@Hp|d4Ov+g$m2W&!%aAT)`3U!Mi
zK$KpjJ~6i+=>!^0V<u@^hu`F=|M5rX(0DG)H1co5b+d2>)PRRLzXoQEg1_`)JT~iq
sGx!X;oC^4?-z8zHNn%h00o|~;dUIvlzdWc8*g~ePpdp`k_rZ(*1G_WWX8-^I

literal 0
HcmV?d00001

diff --git a/mkdocs.yml b/mkdocs.yml
index c9b35846734..6d7ef2dbec5 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -33,7 +33,7 @@ plugins:
 
 # Project information
 site_name: Virto Commerce Documentation
-site_description: Documentation for enterprise-level Microsoft .NET ecommerce platform Virto Commerce. 
+site_description: Documentation portal for enterprise-level Microsoft .NET ecommerce platform Virto Commerce. 
 site_author: Virto Commerce
 site_url: https://virtocommerce.com/docs/latest
 

From 1bf303a22c711a64c50716edec4aada20be59295 Mon Sep 17 00:00:00 2001
From: vc-ci <ci@virtocommerce.com>
Date: Mon, 22 Mar 2021 07:53:24 +0000
Subject: [PATCH 27/70] Updating Github Action workflows.

---
 .github/workflows/e2e.yml            |  6 ++--
 .github/workflows/platfotm-owasp.yml | 41 ++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/platfotm-owasp.yml

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index f13b4d8d388..b612cde27f6 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -81,14 +81,14 @@ jobs:
       run: git clone https://github.com/VirtoCommerce/vc-quality-gate-katalon.git
 
     - name: Katalon Studio Github Action
-      uses: katalon-studio/katalon-studio-github-action@v2.2
+      uses: VirtoCommerce/vc-github-actions/katalon-studio-github-action@master
       with:
         version: '7.5.5'
         projectPath: '${{ github.workspace }}/vc-quality-gate-katalon/platform_storefront.prj'
-        args: '-noSplash -retry=0 -testSuitePath="${{ github.event.inputs.testSuite || env.DEFAULT_TEST_SUITE }}" -browserType="Chrome" -apiKey= ${{ secrets.KATALON_API_KEY }} -g_urlBack="http://localhost:8090" -g_urlFront="http://localhost:8080" -executionProfile="default"'
+        args: '-noSplash -retry=0 -testSuitePath="${{ github.event.inputs.testSuite || env.DEFAULT_TEST_SUITE }}" -browserType="Chrome" -apiKey= ${{ secrets.KATALON_API_KEY }} -g_urlBack="http://localhost:8090" -g_urlFront="http://localhost:8080" -executionProfile="default" -webui.autoUpdateDrivers=true'
 
     - name: Katalon Report to PR
       if: ${{ ( success() || failure() ) && github.event_name == 'pull_request' }}
       uses: VirtoCommerce/vc-github-actions/publish-katalon-report@master
       with: 
-        testProjectPath: ${{ github.workspace }}
+        testProjectPath: ${{ github.workspace }}
\ No newline at end of file
diff --git a/.github/workflows/platfotm-owasp.yml b/.github/workflows/platfotm-owasp.yml
new file mode 100644
index 00000000000..f1ae1c44135
--- /dev/null
+++ b/.github/workflows/platfotm-owasp.yml
@@ -0,0 +1,41 @@
+name: Platform OWASP ZAP
+on:
+  push:
+    paths-ignore:
+      - '.github/**'
+      - 'docs/**'
+      - 'build/**'
+      - 'README.md'
+      - 'LICENSE'
+    branches: [ dev ]
+  workflow_dispatch:
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - name: Docker Login
+        uses: azure/docker-login@v1
+        with:
+          login-server: docker.pkg.github.com
+          username: $GITHUB_ACTOR
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker Env
+        uses: VirtoCommerce/vc-github-actions/docker-env@master
+        with:
+          githubUser: ${{ env.GITHUB_ACTOR }}
+          githubToken: ${{ env.GITHUB_TOKEN }}
+          platformImage: docker.pkg.github.com/virtocommerce/vc-platform/platform
+          storefrontImage: docker.pkg.github.com/virtocommerce/vc-storefront/storefront
+          validateSwagger: 'false'
+
+      - name: OWASP ZAP Full Scan
+        uses: zaproxy/action-baseline@v0.4.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          docker_name: 'owasp/zap2docker-stable'
+          target: 'http://localhost:8090'
+          cmd_options: '-a -d'

From 1b4477ff8624d9efa689f88d1f5aea6abd6ac2df Mon Sep 17 00:00:00 2001
From: Andrei Kolchanov <akak1977@gmail.com>
Date: Mon, 22 Mar 2021 13:10:21 +0500
Subject: [PATCH 28/70] 3.51.0

---
 Directory.Build.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index ea15feca316..f4ec0ba940c 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -9,7 +9,7 @@
     </PropertyGroup>
 
     <PropertyGroup>
-        <VersionPrefix>3.50.0</VersionPrefix>
+        <VersionPrefix>3.51.0</VersionPrefix>
         <VersionSuffix></VersionSuffix>
         <VersionSuffix Condition=" '$(VersionSuffix)' != '' AND '$(BuildNumber)' != '' ">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
         <NoWarn>$(NoWarn);S3875</NoWarn>

From 63371f35af37db7e16950d6748b7b1f7a25a5b28 Mon Sep 17 00:00:00 2001
From: vc-ci <ci@virtocommerce.com>
Date: Mon, 22 Mar 2021 10:19:26 +0000
Subject: [PATCH 29/70] Updating Github Action workflows.

---
 .github/workflows/e2e.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index b612cde27f6..6bdb470edc1 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -19,7 +19,7 @@ on:
 
 jobs:
   e2e-tests:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-18.04
     env:
       SONAR_TOKEN: ${{secrets.SONAR_TOKEN}}
       GITHUB_TOKEN: ${{ secrets.REPO_TOKEN }}

From fdbe2cd5851b4547d499633e5905c5b2f6fb321d Mon Sep 17 00:00:00 2001
From: vc-ci <ci@virtocommerce.com>
Date: Mon, 22 Mar 2021 10:37:50 +0000
Subject: [PATCH 30/70] Updating Github Action workflows.

---
 .github/workflows/e2e.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 6bdb470edc1..efe421c5cc9 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -85,7 +85,7 @@ jobs:
       with:
         version: '7.5.5'
         projectPath: '${{ github.workspace }}/vc-quality-gate-katalon/platform_storefront.prj'
-        args: '-noSplash -retry=0 -testSuitePath="${{ github.event.inputs.testSuite || env.DEFAULT_TEST_SUITE }}" -browserType="Chrome" -apiKey= ${{ secrets.KATALON_API_KEY }} -g_urlBack="http://localhost:8090" -g_urlFront="http://localhost:8080" -executionProfile="default" -webui.autoUpdateDrivers=true'
+        args: '-noSplash -retry=0 -testSuitePath="${{ github.event.inputs.testSuite || env.DEFAULT_TEST_SUITE }}" -browserType="Chrome" -apiKey= ${{ secrets.KATALON_API_KEY }} -g_urlBack="http://localhost:8090" -g_urlFront="http://localhost:8080" -executionProfile="default"'
 
     - name: Katalon Report to PR
       if: ${{ ( success() || failure() ) && github.event_name == 'pull_request' }}

From 61d5a500680c4e18bdd8e46ac3d093f39e8761d4 Mon Sep 17 00:00:00 2001
From: Tatarincev Eugeney <et@virtoway.com>
Date: Wed, 24 Mar 2021 11:18:20 +0200
Subject: [PATCH 31/70] PT-323: PoC  the single abstract polymorph  json
 converter (#2178)

---
 .../Domain/AbstractTypeFactory.cs             | 14 ++-
 .../JsonConverters/PolymorphJsonConverter.cs  | 81 ++++++++++++-----
 src/VirtoCommerce.Platform.Web/Startup.cs     |  7 +-
 .../UnitTests/PolymorphJsonConverterTests.cs  | 87 +++++++++++++++++++
 4 files changed, 167 insertions(+), 22 deletions(-)
 create mode 100644 tests/VirtoCommerce.Platform.Tests/UnitTests/PolymorphJsonConverterTests.cs

diff --git a/src/VirtoCommerce.Platform.Core/Domain/AbstractTypeFactory.cs b/src/VirtoCommerce.Platform.Core/Domain/AbstractTypeFactory.cs
index 92b5c36a4b4..a7eafc9bdee 100644
--- a/src/VirtoCommerce.Platform.Core/Domain/AbstractTypeFactory.cs
+++ b/src/VirtoCommerce.Platform.Core/Domain/AbstractTypeFactory.cs
@@ -23,8 +23,20 @@ public static IEnumerable<TypeInfo<BaseType>> AllTypeInfos
             }
         }
 
+#pragma warning disable S2743 // Static fields should not be used in generic types
+        // False-positive SLint warning disabled.
+        // This field really need for every class applied by the template
+        public static bool HasOverrides
+#pragma warning restore S2743 // Static fields should not be used in generic types
+        {
+            get
+            {
+                return _typeInfos.Count > 0;
+            }
+        }
+
         /// <summary>
-        /// Register new  type (fluent method)
+        /// Register new type (fluent method)
         /// </summary>
         /// <returns>TypeInfo instance to continue configuration through fluent syntax</returns>
         public static TypeInfo<BaseType> RegisterType<T>() where T : BaseType
diff --git a/src/VirtoCommerce.Platform.Core/JsonConverters/PolymorphJsonConverter.cs b/src/VirtoCommerce.Platform.Core/JsonConverters/PolymorphJsonConverter.cs
index c6a0be0f5c1..e6b66c99b77 100644
--- a/src/VirtoCommerce.Platform.Core/JsonConverters/PolymorphJsonConverter.cs
+++ b/src/VirtoCommerce.Platform.Core/JsonConverters/PolymorphJsonConverter.cs
@@ -1,53 +1,94 @@
 using System;
-using System.Linq;
+using System.Collections.Concurrent;
+using System.Reflection;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
+using VirtoCommerce.Platform.Core.Caching;
 using VirtoCommerce.Platform.Core.Common;
-using VirtoCommerce.Platform.Core.DynamicProperties;
-using VirtoCommerce.Platform.Core.Security;
-using VirtoCommerce.Platform.Core.Settings;
 
 namespace VirtoCommerce.Platform.Core.JsonConverters
 {
     public class PolymorphJsonConverter : JsonConverter
     {
-        private static readonly Type[] _knowTypes = { typeof(ObjectSettingEntry), typeof(DynamicProperty), typeof(ApplicationUser), typeof(Role), typeof(PermissionScope) };
+        
+       
+        /// <summary>
+        /// Factory methods for create instances of proper classes during deserialization
+        /// </summary>
+        private static readonly ConcurrentDictionary<Type, Func<JObject, object>> _convertFactories = new ConcurrentDictionary<Type, Func<JObject, object>>();
+        /// <summary>
+        /// Cache for conversion possibility (to reduce AbstractTypeFactory calls thru reflection)
+        /// </summary>
+        private static readonly ConcurrentDictionary<Type, bool> _canConvertCache = new ConcurrentDictionary<Type, bool>();
+        /// <summary>
+        /// Cache for instance creation method infos (to reduce AbstractTypeFactory calls thru reflection)
+        /// </summary>
+        private static readonly ConcurrentDictionary<string, MethodInfo> _createInstanceMethodsCache = new ConcurrentDictionary<string, MethodInfo>();
 
         public override bool CanWrite => false;
+
         public override bool CanRead => true;
 
         public override bool CanConvert(Type objectType)
         {
-            return _knowTypes.Any(x => x.IsAssignableFrom(objectType));
+            if (objectType.IsPrimitive || objectType.Equals(typeof(string)) || objectType.IsArray)
+            {
+                return false;
+            }
+
+            var result = _canConvertCache.GetOrAdd(objectType, _ =>
+            {
+                return (bool)typeof(AbstractTypeFactory<>).MakeGenericType(objectType).GetProperty("HasOverrides").GetValue(null, null);
+            });
+            return result;
         }
 
         public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
         {
             object result;
             var obj = JObject.Load(reader);
-            if (typeof(PermissionScope).IsAssignableFrom(objectType))
+
+            var factory = _convertFactories.GetOrAdd(objectType, obj2 => {
+                var tryCreateInstance = _createInstanceMethodsCache.GetOrAdd(CacheKey.With(nameof(PolymorphJsonConverter), objectType.Name), _ =>
+                    typeof(AbstractTypeFactory<>).MakeGenericType(objectType).GetMethod("TryCreateInstance", 0 /* This guarantees template-parameterless method */, new Type[] { }));
+                return tryCreateInstance?.Invoke(null, null);
+            }); // Create instances for overrides and discriminator-less cases
+
+            result = factory(obj);
+
+            serializer.Populate(obj.CreateReader(), result);
+            return result;
+        }
+
+        public static void RegisterTypeForDiscriminator(Type type, string discriminator)
+        {
+            RegisterType(type, obj =>
             {
-                var scopeType = objectType.Name;
-                var pt = obj["type"] ?? obj["Type"];
+                // Create discriminator-defined instances
+                var typeName = type.Name;
+                var pt = obj.GetValue(discriminator, StringComparison.InvariantCultureIgnoreCase);
                 if (pt != null)
                 {
-                    scopeType = pt.Value<string>();
+                    typeName = pt.Value<string>();
                 }
-                result = AbstractTypeFactory<PermissionScope>.TryCreateInstance(scopeType);
+
+                var tryCreateInstance = _createInstanceMethodsCache.GetOrAdd(CacheKey.With(nameof(PolymorphJsonConverter), type.Name, "+"/* To make a difference in keys for discriminator-specific methods */), _ =>
+                    typeof(AbstractTypeFactory<>).MakeGenericType(type).GetMethod("TryCreateInstance", new Type[] {typeof(string) }));
+                var result = tryCreateInstance?.Invoke(null, new[] { typeName });
                 if (result == null)
                 {
-                    throw new NotSupportedException("Unknown scopeType: " + scopeType);
+                    throw new NotSupportedException("Unknown discriminator type name: " + typeName);
                 }
-            }
-            else
-            {
-                var tryCreateInstance = typeof(AbstractTypeFactory<>).MakeGenericType(objectType).GetMethods().FirstOrDefault(x => x.Name.EqualsInvariant("TryCreateInstance") && x.GetParameters().Length == 0);
-                result = tryCreateInstance?.Invoke(null, null);
-            }
-            serializer.Populate(obj.CreateReader(), result);
-            return result;
+                return result;
+            });
         }
 
+        public static void RegisterType(Type type, Func<JObject, object> factory)
+        {
+            _canConvertCache[type] = true;
+            _convertFactories[type] = factory;
+        }               
+
         public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer)
         {
             throw new NotImplementedException();
diff --git a/src/VirtoCommerce.Platform.Web/Startup.cs b/src/VirtoCommerce.Platform.Web/Startup.cs
index 8ee8abf1c10..1a76de6043f 100644
--- a/src/VirtoCommerce.Platform.Web/Startup.cs
+++ b/src/VirtoCommerce.Platform.Web/Startup.cs
@@ -115,7 +115,6 @@ public void ConfigureServices(IServiceCollection services)
                     options.SerializerSettings.ContractResolver = new PolymorphJsonContractResolver();
                     //Next line allow to use polymorph types as parameters in API controller methods
                     options.SerializerSettings.Converters.Add(new StringEnumConverter());
-                    options.SerializerSettings.Converters.Add(new PolymorphJsonConverter());
                     options.SerializerSettings.Converters.Add(new ModuleIdentityJsonConverter());
                     options.SerializerSettings.PreserveReferencesHandling = PreserveReferencesHandling.None;
                     options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
@@ -518,6 +517,12 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 
             // Use app insights telemetry 
             app.UseAppInsightsTelemetry();
+
+            
+            var mvcJsonOptions = app.ApplicationServices.GetService<IOptions<MvcNewtonsoftJsonOptions>>();
+            mvcJsonOptions.Value.SerializerSettings.Converters.Add(new PolymorphJsonConverter());
+            PolymorphJsonConverter.RegisterTypeForDiscriminator(typeof(PermissionScope), nameof(PermissionScope.Type));
+            PolymorphJsonConverter.RegisterTypeForDiscriminator(typeof(SearchCriteriaBase), nameof(SearchCriteriaBase.ObjectType));
         }
     }
 }
diff --git a/tests/VirtoCommerce.Platform.Tests/UnitTests/PolymorphJsonConverterTests.cs b/tests/VirtoCommerce.Platform.Tests/UnitTests/PolymorphJsonConverterTests.cs
new file mode 100644
index 00000000000..8f75f75de84
--- /dev/null
+++ b/tests/VirtoCommerce.Platform.Tests/UnitTests/PolymorphJsonConverterTests.cs
@@ -0,0 +1,87 @@
+using FluentAssertions;
+using Newtonsoft.Json;
+using VirtoCommerce.Platform.Core.Common;
+using VirtoCommerce.Platform.Core.JsonConverters;
+using VirtoCommerce.Platform.Core.Security;
+using Xunit;
+
+namespace VirtoCommerce.Platform.Tests.UnitTests
+{
+    class PermissionScopeExt1 : PermissionScope
+    {
+    }
+
+    class PermissionScopeExt2 : PermissionScope
+    {
+    }
+
+    class PermissionScopeOverridden : PermissionScope
+    {
+        public string Extension { get; set; }
+    }
+
+    public class PolymorphJsonConverterTests
+    {
+        /// <summary>
+        /// Test PolymorphJsonConverter returns proper instances of overridden types
+        /// </summary>
+        [Fact]        
+        public void DeserializeObject_DeserializeOverridden()
+        {
+            AbstractTypeFactory<PermissionScope>.OverrideType<PermissionScope, PermissionScopeOverridden>();
+            var jsonOver = "{'scope':'ScopeOver', 'extension':'ext'}".Replace("'", "\"");
+            var scopeOver = JsonConvert.DeserializeObject<PermissionScope>(jsonOver, new PolymorphJsonConverter());
+            scopeOver.Should().NotBeNull();
+            scopeOver.Should().BeOfType<PermissionScopeOverridden>();
+            (scopeOver as PermissionScopeOverridden).Extension.Should().Be("ext");
+        }
+
+
+        /// <summary>
+        /// Test PolymorphJsonConverter returns proper instances of discriminator-defined types and defaults
+        /// </summary>
+        [Fact]
+        public void DeserializeObject_DeserializeWithDiscriminator()
+        {
+            //Arrange
+            AbstractTypeFactory<PermissionScope>.RegisterType<PermissionScope>();
+            AbstractTypeFactory<PermissionScope>.RegisterType<PermissionScopeExt1>();
+            AbstractTypeFactory<PermissionScope>.RegisterType<PermissionScopeExt2>();
+
+            var json0 = "{'scope':'Scope000'}".Replace("'", "\"");
+            var json1 = "{'Type':'PermissionScopeExt1','scope':'Scope111'}".Replace("'", "\"");
+            var json2 = "{'Type':'PermissionScopeExt2','scope':'Scope123'}".Replace("'", "\"");
+
+            var converter = new PolymorphJsonConverter();
+            PolymorphJsonConverter.RegisterTypeForDiscriminator(typeof(PermissionScope), nameof(PermissionScope.Type));
+
+            //Act
+            var scope0 = JsonConvert.DeserializeObject<PermissionScope>(json0, converter);
+
+            //Assert
+            scope0.Should().NotBeNull();
+            scope0.Should().BeOfType<PermissionScope>();
+            scope0.Should().NotBeOfType<PermissionScopeExt1>();
+            scope0.Should().NotBeOfType<PermissionScopeExt2>();
+
+            //Act
+            var scope1 = JsonConvert.DeserializeObject<PermissionScope>(json1, converter);
+
+            //Assert
+            scope1.Should().NotBeNull();
+            scope1.Should().BeOfType<PermissionScopeExt1>();
+            scope1.Should().NotBeOfType<PermissionScope>();
+            scope1.Should().NotBeOfType<PermissionScopeExt2>();
+
+            //Act
+            var scope2 = JsonConvert.DeserializeObject<PermissionScope>(json2, converter);
+
+            //Assert
+            scope2.Should().NotBeNull();
+            scope2.Should().BeOfType<PermissionScopeExt2>();
+            scope2.Should().NotBeOfType<PermissionScope>();
+            scope2.Should().NotBeOfType<PermissionScopeExt1>();
+        }
+    }
+}
+

From aa73f1fd15e3cb12b730341bfb9860f63439a236 Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Wed, 24 Mar 2021 15:11:01 +0200
Subject: [PATCH 32/70] PT-578: Add property
 ApplicationUser.LastPasswordChangedDate (#2184)

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../Security/ApplicationUser.cs               |   6 +
 ...075715_LastPasswordChangedDate.Designer.cs | 575 ++++++++++++++++++
 .../20210323075715_LastPasswordChangedDate.cs |  24 +
 .../SecurityDbContextModelSnapshot.cs         |   3 +
 .../Repositories/SecurityDbContext.cs         |   2 +
 .../Controllers/Api/SecurityController.cs     |   6 +
 .../Model/Security/UserDetail.cs              |   2 +
 .../Security/CustomUserManager.cs             |   3 +
 8 files changed, 621 insertions(+)
 create mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.Designer.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.cs

diff --git a/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs b/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
index 5080877d781..501855310db 100644
--- a/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
+++ b/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
@@ -62,6 +62,11 @@ public virtual DateTime? LockoutEndDateUtc
         /// </summary>
         public virtual bool PasswordExpired { get; set; }
 
+        /// <summary>
+        /// The last date when the password was changed
+        /// </summary>
+        public virtual DateTime LastPasswordChangedDate { get; set; }
+
         public virtual void Patch(ApplicationUser target)
         {
             target.UserName = UserName;
@@ -87,6 +92,7 @@ public virtual void Patch(ApplicationUser target)
             target.Status = Status;
             target.Password = Password;
             target.PasswordExpired = PasswordExpired;
+            target.LastPasswordChangedDate = LastPasswordChangedDate;
         }
 
         #region ICloneable members
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.Designer.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.Designer.cs
new file mode 100644
index 00000000000..e12d3fa14f1
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.Designer.cs
@@ -0,0 +1,575 @@
+// <auto-generated />
+using System;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Metadata;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using VirtoCommerce.Platform.Security.Repositories;
+
+namespace VirtoCommerce.Platform.Security.Migrations
+{
+    [DbContext(typeof(SecurityDbContext))]
+    [Migration("20210323075715_LastPasswordChangedDate")]
+    partial class LastPasswordChangedDate
+    {
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "3.1.8")
+                .HasAnnotation("Relational:MaxIdentifierLength", 128)
+                .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("RoleId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetRoleClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderKey")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserLogins");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("RoleId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetUserRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("AspNetUserTokens");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(100)")
+                        .HasMaxLength(100);
+
+                    b.Property<string>("ClientSecret")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("ConsentType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Permissions")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("PostLogoutRedirectUris")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("RedirectUris")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ClientId")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictApplications");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Scopes")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Status")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.Property<string>("Subject")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)")
+                        .HasMaxLength(450);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictAuthorizations");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictScope", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("Description")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Resources")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Name")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictScopes");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("AuthorizationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<DateTimeOffset?>("CreationDate")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<DateTimeOffset?>("ExpirationDate")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<string>("Payload")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ReferenceId")
+                        .HasColumnType("nvarchar(100)")
+                        .HasMaxLength(100);
+
+                    b.Property<string>("Status")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.Property<string>("Subject")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)")
+                        .HasMaxLength(450);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("AuthorizationId");
+
+                    b.HasIndex("ReferenceId")
+                        .IsUnique()
+                        .HasFilter("[ReferenceId] IS NOT NULL");
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictTokens");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.ApplicationUser", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("int");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<bool>("IsAdministrator")
+                        .HasColumnType("bit");
+
+                    b.Property<DateTime>("LastPasswordChangedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<string>("MemberId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("PasswordExpired")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("PhotoUrl")
+                        .HasColumnType("nvarchar(2048)")
+                        .HasMaxLength(2048);
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Status")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<string>("StoreId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("UserType")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedEmail")
+                        .HasName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasName("UserNameIndex")
+                        .HasFilter("[NormalizedUserName] IS NOT NULL");
+
+                    b.ToTable("AspNetUsers");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.Role", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedName")
+                        .IsUnique()
+                        .HasName("RoleNameIndex")
+                        .HasFilter("[NormalizedName] IS NOT NULL");
+
+                    b.ToTable("AspNetRoles");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserApiKeyEntity", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ApiKey")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<bool>("IsActive")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ApiKey")
+                        .IsUnique()
+                        .HasFilter("[ApiKey] IS NOT NULL");
+
+                    b.ToTable("UserApiKey");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
+                        .WithMany("Authorizations")
+                        .HasForeignKey("ApplicationId");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
+                        .WithMany("Tokens")
+                        .HasForeignKey("ApplicationId");
+
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", "Authorization")
+                        .WithMany("Tokens")
+                        .HasForeignKey("AuthorizationId");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.cs
new file mode 100644
index 00000000000..f4578f16ce8
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.cs
@@ -0,0 +1,24 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace VirtoCommerce.Platform.Security.Migrations
+{
+    public partial class LastPasswordChangedDate : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<DateTime>(
+                name: "LastPasswordChangedDate",
+                table: "AspNetUsers",
+                nullable: false,
+                defaultValue: new DateTime(1, 1, 1, 0, 0, 0, 0, DateTimeKind.Unspecified));
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "LastPasswordChangedDate",
+                table: "AspNetUsers");
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
index 2d9f9d52283..993e1b8be53 100644
--- a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
+++ b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
@@ -346,6 +346,9 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                     b.Property<bool>("IsAdministrator")
                         .HasColumnType("bit");
 
+                    b.Property<DateTime>("LastPasswordChangedDate")
+                        .HasColumnType("datetime2");
+
                     b.Property<bool>("LockoutEnabled")
                         .HasColumnType("bit");
 
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
index 5096761aa46..2c52b9c0085 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
@@ -45,6 +45,8 @@ protected override void OnModelCreating(ModelBuilder builder)
             builder.Entity<ApplicationUser>().Property(x => x.Id).HasMaxLength(128).ValueGeneratedOnAdd();
             builder.Entity<ApplicationUser>().Property(x => x.StoreId).HasMaxLength(128);
             builder.Entity<ApplicationUser>().Property(x => x.MemberId).HasMaxLength(128);
+            builder.Entity<ApplicationUser>().Property(x => x.LastPasswordChangedDate);
+
             builder.Entity<Role>().Property(x => x.Id).HasMaxLength(128).ValueGeneratedOnAdd();
             builder.Entity<IdentityUserClaim<string>>().Property(x => x.UserId).HasMaxLength(128);
             builder.Entity<IdentityUserLogin<string>>().Property(x => x.UserId).HasMaxLength(128);
diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index 1ead9ca9be6..00e6adb46da 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -122,6 +122,7 @@ public async Task<ActionResult<UserDetail>> GetCurrentUser()
                 isAdministrator = user.IsAdministrator,
                 UserName = user.UserName,
                 PasswordExpired = user.PasswordExpired,
+                LastPasswordChangedDate = user.LastPasswordChangedDate,
                 Permissions = user.Roles.SelectMany(x => x.Permissions).Select(x => x.Name).Distinct().ToArray()
             };
 
@@ -547,6 +548,11 @@ public async Task<ActionResult<SecurityResult>> Update([FromBody] ApplicationUse
                 await _userManager.SetEmailAsync(user, user.Email);
             }
 
+            if (user.LastPasswordChangedDate != applicationUser.LastPasswordChangedDate)
+            {
+                user.LastPasswordChangedDate = applicationUser.LastPasswordChangedDate;
+            }
+
             var result = await _userManager.UpdateAsync(user);
 
             return Ok(result.ToSecurityResult());
diff --git a/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs b/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
index 69f8f81ca83..3cce7f46014 100644
--- a/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
+++ b/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Collections.Generic;
 using VirtoCommerce.Platform.Core.Common;
 
@@ -9,5 +10,6 @@ public class UserDetail : Entity
         public string UserName { get; set; }
         public bool isAdministrator { get; set; }
         public bool PasswordExpired { get; set; }
+        public DateTime LastPasswordChangedDate { get; set; }
     }
 }
diff --git a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
index fbd2dab5a7a..5ac0026cd04 100644
--- a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
+++ b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
@@ -103,6 +103,7 @@ public override async Task<IdentityResult> ResetPasswordAsync(ApplicationUser us
         {
             //It is important to call base.FindByIdAsync method to avoid of update a cached user.
             var existUser = await base.FindByIdAsync(user.Id);
+            existUser.LastPasswordChangedDate = DateTime.UtcNow;
 
             var result = await base.ResetPasswordAsync(existUser, token, newPassword);
             if (result == IdentityResult.Success)
@@ -118,6 +119,8 @@ public override async Task<IdentityResult> ResetPasswordAsync(ApplicationUser us
 
         public override async Task<IdentityResult> ChangePasswordAsync(ApplicationUser user, string currentPassword, string newPassword)
         {
+            user.LastPasswordChangedDate = DateTime.UtcNow;
+
             var result = await base.ChangePasswordAsync(user, currentPassword, newPassword);
             if (result == IdentityResult.Success)
             {

From 4c574156d7657529a8d8abd0b57242446ab84f7d Mon Sep 17 00:00:00 2001
From: Konstantin Savosteev <Konstantin.Savosteev@virtoway.com>
Date: Wed, 24 Mar 2021 16:20:25 +0200
Subject: [PATCH 33/70] PT-373 add user name to request telemetry (#2188)

* PT-373 add user name to request telemetry

* PT-373 condition null check

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../Telemetry/ServiceCollectionExtensions.cs  |  4 +++
 .../Telemetry/UserTelemetryInitializer.cs     | 32 +++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 src/VirtoCommerce.Platform.Web/Telemetry/UserTelemetryInitializer.cs

diff --git a/src/VirtoCommerce.Platform.Web/Telemetry/ServiceCollectionExtensions.cs b/src/VirtoCommerce.Platform.Web/Telemetry/ServiceCollectionExtensions.cs
index e233d75f3bb..454a2346575 100644
--- a/src/VirtoCommerce.Platform.Web/Telemetry/ServiceCollectionExtensions.cs
+++ b/src/VirtoCommerce.Platform.Web/Telemetry/ServiceCollectionExtensions.cs
@@ -1,5 +1,6 @@
 using Microsoft.ApplicationInsights.AspNetCore.Extensions;
 using Microsoft.ApplicationInsights.DependencyCollector;
+using Microsoft.ApplicationInsights.Extensibility;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using VirtoCommerce.Platform.Core.Telemetry;
@@ -23,6 +24,9 @@ public static IServiceCollection AddAppInsightsTelemetry(this IServiceCollection
             // https://github.com/microsoft/ApplicationInsights-dotnet/blob/develop/NETCORE/src/Shared/Extensions/ApplicationInsightsServiceOptions.cs
             services.AddApplicationInsightsTelemetry();
 
+            // Register app insights extensions
+            services.AddSingleton<ITelemetryInitializer, UserTelemetryInitializer>();
+
             // Disable adaptive sampling before custom configuration to have a choice between processors in Configure,
             // according to instructions: https://docs.microsoft.com/en-us/azure/azure-monitor/app/sampling#configure-sampling-settings
             services.Configure((ApplicationInsightsServiceOptions o) => o.EnableAdaptiveSampling = false);
diff --git a/src/VirtoCommerce.Platform.Web/Telemetry/UserTelemetryInitializer.cs b/src/VirtoCommerce.Platform.Web/Telemetry/UserTelemetryInitializer.cs
new file mode 100644
index 00000000000..d0f59ffb044
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Web/Telemetry/UserTelemetryInitializer.cs
@@ -0,0 +1,32 @@
+using Microsoft.ApplicationInsights.AspNetCore.TelemetryInitializers;
+using Microsoft.ApplicationInsights.Channel;
+using Microsoft.ApplicationInsights.DataContracts;
+using Microsoft.AspNetCore.Http;
+
+namespace VirtoCommerce.Platform.Web.Telemetry
+{
+    /// <summary>
+    /// A telemetry initializer that will gather user identity context information.
+    /// </summary>
+    public class UserTelemetryInitializer : TelemetryInitializerBase
+    {
+        public UserTelemetryInitializer(IHttpContextAccessor httpContextAccessor)
+            : base(httpContextAccessor)
+        {
+        }
+
+        /// <summary>
+        /// Initializes user id and name for Azure Web App case
+        /// </summary>
+        /// <param name="platformContext">Platform context.</param>
+        /// <param name="requestTelemetry">Request telemetry.</param>
+        /// <param name="telemetry">Telemetry item.</param>
+        protected override void OnInitializeTelemetry(HttpContext platformContext, RequestTelemetry requestTelemetry, ITelemetry telemetry)
+        {
+            if (platformContext.User?.Identity?.Name != null)
+            {
+                telemetry.Context.User.AuthenticatedUserId = platformContext.User.Identity.Name;
+            }
+        }
+    }
+}

From 8d1e9091e7c1d526b683acef09dda36904b4fa09 Mon Sep 17 00:00:00 2001
From: Konstantin Savosteev <Konstantin.Savosteev@virtoway.com>
Date: Wed, 24 Mar 2021 17:10:26 +0200
Subject: [PATCH 34/70] PT-552 Use Assets IBlobStorage as Distributed storage
 for the license file (#2187)

* PT-552 Use Assets IBlobStorage as Distributed storage for the license file

* PT-552 simplified public key resource name

* PT-552 fix code smell

* PT-552 removed one-line method

* PT-552 removed sync GetLicense implementation, added verify tests

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../PlatformOptions.cs                        |   8 +-
 .../Controllers/Api/DiagnosticsController.cs  |   5 +-
 .../Controllers/Api/LicensingController.cs    |  13 ++-
 .../Controllers/HomeController.cs             |   2 +-
 .../ApplicationBuilderExtensions.cs           |   4 +-
 .../Licensing/License.cs                      |  38 ++++---
 .../Licensing/LicenseProvider.cs              |  64 ++++++++++-
 .../Api/LicensingControllerTests.cs           |   6 +-
 .../Licenseing/LicenseProviderTests.cs        | 106 ++++++++++++++++++
 9 files changed, 213 insertions(+), 33 deletions(-)
 create mode 100644 tests/VirtoCommerce.Platform.Tests/Licenseing/LicenseProviderTests.cs

diff --git a/src/VirtoCommerce.Platform.Core/PlatformOptions.cs b/src/VirtoCommerce.Platform.Core/PlatformOptions.cs
index d1fbac2eaaa..3eeac3c07cf 100644
--- a/src/VirtoCommerce.Platform.Core/PlatformOptions.cs
+++ b/src/VirtoCommerce.Platform.Core/PlatformOptions.cs
@@ -1,4 +1,3 @@
-using System;
 using System.ComponentModel.DataAnnotations;
 
 namespace VirtoCommerce.Platform.Core
@@ -19,8 +18,11 @@ public class PlatformOptions
         //Local path for license file
         public string LicenseFilePath { get; set; } = "app_data/VirtoCommerce.lic";
 
-        //Local path to public key for license
-        public string LicensePublicKeyPath { get; set; } = "app_data/VirtoCommerce_rsa.pub";
+        //Name of the licence file with blob container
+        public string LicenseBlobPath { get; set; } = "license/VirtoCommerce.lic";
+
+        //Name of the public key embedded resource
+        public string LicensePublicKeyResourceName { get; set; } = "VirtoCommerce_rsa.pub";
 
         //Local path to private key for signing license
         public string LicensePrivateKeyPath { get; set; }
diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/DiagnosticsController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/DiagnosticsController.cs
index 026a14b7523..b9b03bb897a 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/DiagnosticsController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/DiagnosticsController.cs
@@ -2,6 +2,7 @@
 
 using System;
 using System.Linq;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using VirtoCommerce.Platform.Core.Common;
@@ -28,10 +29,10 @@ public DiagnosticsController(IModuleCatalog moduleCatalog, LicenseProvider licen
 
         [HttpGet]
         [Route("systeminfo")]
-        public ActionResult<SystemInfo> GetSystemInfo()
+        public async Task<ActionResult<SystemInfo>> GetSystemInfo()
         {
             var platformVersion = PlatformVersion.CurrentVersion.ToString();
-            var license = _licenseProvider.GetLicense();
+            var license = await _licenseProvider.GetLicenseAsync();
 
             var installedModules = _moduleCatalog.Modules.OfType<ManifestModuleInfo>().Where(x => x.IsInstalled).OrderBy(x => x.Id)
                                        .Select(x => new ModuleDescriptor(x))
diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/LicensingController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/LicensingController.cs
index c69ccd55aad..2f35697086a 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/LicensingController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/LicensingController.cs
@@ -20,11 +20,13 @@ public class LicensingController : Controller
     {
         private readonly PlatformOptions _platformOptions;
         private readonly ISettingsManager _settingsManager;
+        private readonly LicenseProvider _licenseProvider;
 
-        public LicensingController(IOptions<PlatformOptions> platformOptions, ISettingsManager settingsManager)
+        public LicensingController(IOptions<PlatformOptions> platformOptions, ISettingsManager settingsManager, LicenseProvider licenseProvider)
         {
             _platformOptions = platformOptions.Value;
             _settingsManager = settingsManager;
+            _licenseProvider = licenseProvider;
         }
 
         [HttpPost]
@@ -46,7 +48,7 @@ public async Task<ActionResult<License>> ActivateByCode([FromBody] string activa
                 if (httpResponse.IsSuccessStatusCode)
                 {
                     var rawLicense = await httpResponse.Content.ReadAsStringAsync();
-                    license = License.Parse(rawLicense, Path.GetFullPath(_platformOptions.LicensePublicKeyPath));
+                    license = License.Parse(rawLicense, _platformOptions.LicensePublicKeyResourceName);
                 }
             }
 
@@ -71,7 +73,7 @@ public async Task<ActionResult<License>> ActivateByFile(IFormFile file)
 
             if (!string.IsNullOrEmpty(rawLicense))
             {
-                license = License.Parse(rawLicense, Path.GetFullPath(_platformOptions.LicensePublicKeyPath));
+                license = License.Parse(rawLicense, _platformOptions.LicensePublicKeyResourceName);
             }
 
             if (license != null)
@@ -86,12 +88,11 @@ public async Task<ActionResult<License>> ActivateByFile(IFormFile file)
         [Route("activateLicense")]
         public async Task<ActionResult<License>> ActivateLicense([FromBody] License license)
         {
-            license = License.Parse(license?.RawLicense, Path.GetFullPath(_platformOptions.LicensePublicKeyPath));
+            license = License.Parse(license?.RawLicense, _platformOptions.LicensePublicKeyResourceName);
 
             if (license != null)
             {
-                var licenseFilePath = Path.GetFullPath(_platformOptions.LicenseFilePath);
-                System.IO.File.WriteAllText(licenseFilePath, license.RawLicense);
+                _licenseProvider.SaveLicense(license);
             }
 
             if (license != null)
diff --git a/src/VirtoCommerce.Platform.Web/Controllers/HomeController.cs b/src/VirtoCommerce.Platform.Web/Controllers/HomeController.cs
index ffd5926ef29..0df3af858b6 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/HomeController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/HomeController.cs
@@ -48,7 +48,7 @@ public async Task<ActionResult> Index()
                 ForceWebSockets = _pushNotificationOptions.ForceWebSockets
             };
 
-            var license = _licenseProvider.GetLicense();
+            var license = await _licenseProvider.GetLicenseAsync();
 
             if (license != null)
             {
diff --git a/src/VirtoCommerce.Platform.Web/Extensions/ApplicationBuilderExtensions.cs b/src/VirtoCommerce.Platform.Web/Extensions/ApplicationBuilderExtensions.cs
index c46940c6e1d..e053fe0b52e 100644
--- a/src/VirtoCommerce.Platform.Web/Extensions/ApplicationBuilderExtensions.cs
+++ b/src/VirtoCommerce.Platform.Web/Extensions/ApplicationBuilderExtensions.cs
@@ -19,12 +19,12 @@ public static IApplicationBuilder UsePlatformSettings(this IApplicationBuilder a
             settingsRegistrar.RegisterSettingsForType(UserProfile.AllSettings, typeof(UserProfile).Name);
 
             var settingsManager = appBuilder.ApplicationServices.GetRequiredService<ISettingsManager>();
-            
+
             var sendDiagnosticData = settingsManager.GetValue(Setup.SendDiagnosticData.Name, (bool)Setup.SendDiagnosticData.DefaultValue);
             if (!sendDiagnosticData)
             {
                 var licenseProvider = appBuilder.ApplicationServices.GetRequiredService<LicenseProvider>();
-                var license = licenseProvider.GetLicense();
+                var license = licenseProvider.GetLicenseAsync().GetAwaiter().GetResult();
 
                 if (license == null || license.ExpirationDate < DateTime.UtcNow)
                 {
diff --git a/src/VirtoCommerce.Platform.Web/Licensing/License.cs b/src/VirtoCommerce.Platform.Web/Licensing/License.cs
index 9dc4ab6f2ba..fd68772aaab 100644
--- a/src/VirtoCommerce.Platform.Web/Licensing/License.cs
+++ b/src/VirtoCommerce.Platform.Web/Licensing/License.cs
@@ -1,5 +1,7 @@
 using System;
 using System.IO;
+using System.Linq;
+using System.Reflection;
 using System.Security.Cryptography;
 using System.Text;
 using Newtonsoft.Json;
@@ -18,7 +20,7 @@ public sealed class License
         public DateTime ExpirationDate { get; set; }
         public string RawLicense { get; set; }
 
-        public static License Parse(string rawLicense, string publicKeyPath)
+        public static License Parse(string rawLicense, string publicKeyResourceName)
         {
             License result = null;
 
@@ -29,13 +31,11 @@ public static License Parse(string rawLicense, string publicKeyPath)
                     var data = reader.ReadLine();
                     var signature = reader.ReadLine();
 
-                    if (data != null && signature != null)
+                    if (data != null && signature != null
+                        && ValidateSignature(data, signature, publicKeyResourceName))
                     {
-                        if (ValidateSignature(data, signature, publicKeyPath))
-                        {
-                            result = JsonConvert.DeserializeObject<License>(data);
-                            result.RawLicense = rawLicense;
-                        }
+                        result = JsonConvert.DeserializeObject<License>(data);
+                        result.RawLicense = rawLicense;
                     }
                 }
             }
@@ -43,7 +43,7 @@ public static License Parse(string rawLicense, string publicKeyPath)
             return result;
         }
 
-        private static bool ValidateSignature(string data, string signature, string publicKeyPath)
+        private static bool ValidateSignature(string data, string signature, string publicKeyResourceName)
         {
             bool result;
             byte[] dataHash;
@@ -62,7 +62,7 @@ private static bool ValidateSignature(string data, string signature, string publ
                 using (var rsa = new RSACryptoServiceProvider())
 #pragma warning restore S4426 // The license intentionally has a low cryptography strength because it wasn’t designed to be hijacked-proof.
                 {
-                    rsa.FromXmlStringCustom(ReadFileWithKey(publicKeyPath));
+                    rsa.FromXmlStringCustom(ReadResourceFileWithKey(publicKeyResourceName));
 
                     var signatureDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
                     signatureDeformatter.SetHashAlgorithm(_hashAlgorithmName);
@@ -77,14 +77,26 @@ private static bool ValidateSignature(string data, string signature, string publ
             return result;
         }
 
-        private static string ReadFileWithKey(string path)
+
+        private static string ReadResourceFileWithKey(string publicKeyResourceName)
         {
-            if (!File.Exists(path))
+            var assembly = Assembly.GetExecutingAssembly();
+
+            var resourceNames = assembly.GetManifestResourceNames();
+            var fullResourceName = resourceNames.FirstOrDefault(x => x.Contains(publicKeyResourceName, StringComparison.OrdinalIgnoreCase));
+
+            if (string.IsNullOrEmpty(fullResourceName))
             {
-                throw new LicenseOrKeyNotFoundException(path);
+                throw new LicenseOrKeyNotFoundException(publicKeyResourceName);
             }
 
-            return File.ReadAllText(path);
+            using (var stream = assembly.GetManifestResourceStream(fullResourceName))
+            {
+                using (var reader = new StreamReader(stream))
+                {
+                    return reader.ReadToEnd();
+                }
+            }
         }
     }
 }
diff --git a/src/VirtoCommerce.Platform.Web/Licensing/LicenseProvider.cs b/src/VirtoCommerce.Platform.Web/Licensing/LicenseProvider.cs
index 34ba2014206..e4bdc9dc3db 100644
--- a/src/VirtoCommerce.Platform.Web/Licensing/LicenseProvider.cs
+++ b/src/VirtoCommerce.Platform.Web/Licensing/LicenseProvider.cs
@@ -1,26 +1,64 @@
 using System.IO;
+using System.Threading.Tasks;
 using Microsoft.Extensions.Options;
 using VirtoCommerce.Platform.Core;
+using VirtoCommerce.Platform.Core.Assets;
+using VirtoCommerce.Platform.Core.Common;
 
 namespace VirtoCommerce.Platform.Web.Licensing
 {
     public class LicenseProvider
     {
         private readonly PlatformOptions _platformOptions;
+        private readonly IBlobStorageProvider _blobStorageProvider;
+        private readonly IBlobUrlResolver _blobUrlResolver;
 
-        public LicenseProvider(IOptions<PlatformOptions> platformOptions)
+        public LicenseProvider(IOptions<PlatformOptions> platformOptions, IBlobStorageProvider blobStorageProvider, IBlobUrlResolver blobUrlResolver)
         {
             _platformOptions = platformOptions.Value;
+            _blobStorageProvider = blobStorageProvider;
+            _blobUrlResolver = blobUrlResolver;
         }
-        public License GetLicense()
+
+        public async Task<License> GetLicenseAsync()
+        {
+            License license = null;
+
+            var licenseUrl = _blobUrlResolver.GetAbsoluteUrl(_platformOptions.LicenseBlobPath);
+            if (await LicenseExistsAsync(licenseUrl))
+            {
+                var rawLicense = string.Empty;
+                using (var stream = _blobStorageProvider.OpenRead(licenseUrl))
+                {
+                    rawLicense = stream.ReadToString();
+                }
+
+                license = License.Parse(rawLicense, _platformOptions.LicensePublicKeyResourceName);
+
+                if (license != null)
+                {
+                    license.RawLicense = null;
+                }
+            }
+
+            // Fallback to the old file system implementation
+            if (license == null)
+            {
+                license = GetLicenseFromFile();
+            }
+
+            return license;
+        }
+
+        public License GetLicenseFromFile()
         {
             License license = null;
 
             var licenseFilePath = Path.GetFullPath(_platformOptions.LicenseFilePath);
-            if (System.IO.File.Exists(licenseFilePath))
+            if (File.Exists(licenseFilePath))
             {
-                var rawLicense = System.IO.File.ReadAllText(licenseFilePath);
-                license = License.Parse(rawLicense, Path.GetFullPath(_platformOptions.LicensePublicKeyPath));
+                var rawLicense = File.ReadAllText(licenseFilePath);
+                license = License.Parse(rawLicense, _platformOptions.LicensePublicKeyResourceName);
 
                 if (license != null)
                 {
@@ -30,5 +68,21 @@ public License GetLicense()
 
             return license;
         }
+
+        public void SaveLicense(License license)
+        {
+            using (var stream = _blobStorageProvider.OpenWrite(_blobUrlResolver.GetAbsoluteUrl(_platformOptions.LicenseBlobPath)))
+            {
+                var streamWriter = new StreamWriter(stream);
+                streamWriter.Write(license.RawLicense);
+                streamWriter.Flush();
+            }
+        }
+
+        private async Task<bool> LicenseExistsAsync(string licenseUrl)
+        {
+            var blobInfo = await _blobStorageProvider.GetBlobInfoAsync(licenseUrl);
+            return blobInfo != null;
+        }
     }
 }
diff --git a/tests/VirtoCommerce.Platform.Tests/Controllers/Api/LicensingControllerTests.cs b/tests/VirtoCommerce.Platform.Tests/Controllers/Api/LicensingControllerTests.cs
index b255cd5490e..def1c8bf133 100644
--- a/tests/VirtoCommerce.Platform.Tests/Controllers/Api/LicensingControllerTests.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Controllers/Api/LicensingControllerTests.cs
@@ -10,6 +10,7 @@
 using VirtoCommerce.Platform.Core;
 using VirtoCommerce.Platform.Core.Settings;
 using VirtoCommerce.Platform.Web.Controllers.Api;
+using VirtoCommerce.Platform.Web.Licensing;
 using Xunit;
 using static VirtoCommerce.Platform.Web.Controllers.Api.LicensingController;
 
@@ -20,6 +21,7 @@ public class LicensingControllerTests
         private readonly Mock<IOptions<PlatformOptions>> _options = new Mock<IOptions<PlatformOptions>>();
         private readonly Mock<ISettingsManager> _settingsManager = new Mock<ISettingsManager>();
         private readonly PlatformOptions platformOptions = new PlatformOptions();
+        private readonly LicenseProvider _licenseProvider;
 
         private readonly LicensingController _controller;
 
@@ -27,7 +29,9 @@ public LicensingControllerTests()
         {
             _options.SetupGet(x => x.Value).Returns(platformOptions);
 
-            _controller = new LicensingController(_options.Object, _settingsManager.Object);
+            _licenseProvider = new LicenseProvider(_options.Object, null, null);
+
+            _controller = new LicensingController(_options.Object, _settingsManager.Object, _licenseProvider);
         }
 
         [Theory]
diff --git a/tests/VirtoCommerce.Platform.Tests/Licenseing/LicenseProviderTests.cs b/tests/VirtoCommerce.Platform.Tests/Licenseing/LicenseProviderTests.cs
new file mode 100644
index 00000000000..e0a58f9e1de
--- /dev/null
+++ b/tests/VirtoCommerce.Platform.Tests/Licenseing/LicenseProviderTests.cs
@@ -0,0 +1,106 @@
+using System.IO;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Options;
+using Moq;
+using VirtoCommerce.Platform.Core;
+using VirtoCommerce.Platform.Core.Assets;
+using VirtoCommerce.Platform.Core.Common;
+using VirtoCommerce.Platform.Web.Licensing;
+using Xunit;
+
+namespace VirtoCommerce.Platform.Tests.Licenseing
+{
+    public class LicenseProviderTests
+    {
+        private readonly Mock<IOptions<PlatformOptions>> _options = new Mock<IOptions<PlatformOptions>>();
+        private readonly Mock<IBlobStorageProvider> _blobStorageProvider = new Mock<IBlobStorageProvider>();
+        private readonly Mock<IBlobUrlResolver> _blobUrlResolver = new Mock<IBlobUrlResolver>();
+        private readonly PlatformOptions platformOptions = new PlatformOptions();
+        private readonly LicenseProvider _licenseProvider;
+
+        public LicenseProviderTests()
+        {
+            _options.SetupGet(x => x.Value).Returns(platformOptions);
+            _licenseProvider = new LicenseProvider(_options.Object, _blobStorageProvider.Object, _blobUrlResolver.Object);
+        }
+
+        [Fact]
+        public async Task GetLicenseAsync_LicenceFound_ReadMethodCalled()
+        {
+            // Arrange
+            _blobStorageProvider.Setup(x => x.GetBlobInfoAsync(It.IsAny<string>())).ReturnsAsync(new BlobInfo());
+            _blobStorageProvider.Setup(x => x.OpenRead(It.IsAny<string>())).Returns(new MockStream());
+
+            // Act
+            _ = await _licenseProvider.GetLicenseAsync();
+
+            // Assert
+            _blobUrlResolver.Verify(x => x.GetAbsoluteUrl(It.Is<string>(s => s.EqualsInvariant(platformOptions.LicenseBlobPath))), Times.Once);
+            _blobStorageProvider.Verify(x => x.OpenRead(It.IsAny<string>()), Times.Once);
+        }
+
+        [Fact]
+        public async Task GetLicenseAsync_LicenceNotFound_ReadMethodNotCalled()
+        {
+            // Arrange
+            _blobStorageProvider.Setup(x => x.OpenRead(It.IsAny<string>())).Returns(new MockStream());
+
+            // Act
+            _ = await _licenseProvider.GetLicenseAsync();
+
+            // Assert
+            _blobUrlResolver.Verify(x => x.GetAbsoluteUrl(It.Is<string>(s => s.EqualsInvariant(platformOptions.LicenseBlobPath))), Times.Once);
+            _blobStorageProvider.Verify(x => x.OpenRead(It.IsAny<string>()), Times.Never);
+        }
+
+        [Fact]
+        public void SaveLicense_WriteMethodCalled()
+        {
+            // Arrange
+            var license = new License();
+
+            var mockSteam = new Mock<MockStream>();
+            mockSteam.SetupGet(x => x.CanWrite).Returns(true);
+            _blobStorageProvider.Setup(x => x.OpenWrite(It.IsAny<string>())).Returns(mockSteam.Object);
+
+            // Act
+            _licenseProvider.SaveLicense(license);
+
+            // Assert
+            _blobUrlResolver.Verify(x => x.GetAbsoluteUrl(It.Is<string>(s => s.EqualsInvariant(platformOptions.LicenseBlobPath))), Times.Once);
+            _blobStorageProvider.Verify(x => x.OpenWrite(It.IsAny<string>()), Times.Once);
+            mockSteam.Verify(x => x.Flush(), Times.Once);
+        }
+
+        public class MockStream : Stream
+        {
+            public override bool CanRead => true;
+            public override bool CanSeek => true;
+            public override bool CanWrite => true;
+            public override long Length { get; }
+            public override long Position { get; set; }
+
+            public override void Flush()
+            {
+            }
+
+            public override int Read(byte[] buffer, int offset, int count)
+            {
+                return 0;
+            }
+
+            public override long Seek(long offset, SeekOrigin origin)
+            {
+                return 0;
+            }
+
+            public override void SetLength(long value)
+            {
+            }
+
+            public override void Write(byte[] buffer, int offset, int count)
+            {
+            }
+        }
+    }
+}

From dfa9062cef5c63026005e05e506eccc8e8df260d Mon Sep 17 00:00:00 2001
From: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
Date: Wed, 24 Mar 2021 18:12:05 +0200
Subject: [PATCH 35/70] Revert "PT-578: Add property
 ApplicationUser.LastPasswordChangedDate (#2184)" (#2189)

This reverts commit aa73f1fd15e3cb12b730341bfb9860f63439a236.
---
 .../Security/ApplicationUser.cs               |   6 -
 ...075715_LastPasswordChangedDate.Designer.cs | 575 ------------------
 .../20210323075715_LastPasswordChangedDate.cs |  24 -
 .../SecurityDbContextModelSnapshot.cs         |   3 -
 .../Repositories/SecurityDbContext.cs         |   2 -
 .../Controllers/Api/SecurityController.cs     |   6 -
 .../Model/Security/UserDetail.cs              |   2 -
 .../Security/CustomUserManager.cs             |   3 -
 8 files changed, 621 deletions(-)
 delete mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.Designer.cs
 delete mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.cs

diff --git a/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs b/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
index 501855310db..5080877d781 100644
--- a/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
+++ b/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
@@ -62,11 +62,6 @@ public virtual DateTime? LockoutEndDateUtc
         /// </summary>
         public virtual bool PasswordExpired { get; set; }
 
-        /// <summary>
-        /// The last date when the password was changed
-        /// </summary>
-        public virtual DateTime LastPasswordChangedDate { get; set; }
-
         public virtual void Patch(ApplicationUser target)
         {
             target.UserName = UserName;
@@ -92,7 +87,6 @@ public virtual void Patch(ApplicationUser target)
             target.Status = Status;
             target.Password = Password;
             target.PasswordExpired = PasswordExpired;
-            target.LastPasswordChangedDate = LastPasswordChangedDate;
         }
 
         #region ICloneable members
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.Designer.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.Designer.cs
deleted file mode 100644
index e12d3fa14f1..00000000000
--- a/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.Designer.cs
+++ /dev/null
@@ -1,575 +0,0 @@
-// <auto-generated />
-using System;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.EntityFrameworkCore.Infrastructure;
-using Microsoft.EntityFrameworkCore.Metadata;
-using Microsoft.EntityFrameworkCore.Migrations;
-using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
-using VirtoCommerce.Platform.Security.Repositories;
-
-namespace VirtoCommerce.Platform.Security.Migrations
-{
-    [DbContext(typeof(SecurityDbContext))]
-    [Migration("20210323075715_LastPasswordChangedDate")]
-    partial class LastPasswordChangedDate
-    {
-        protected override void BuildTargetModel(ModelBuilder modelBuilder)
-        {
-#pragma warning disable 612, 618
-            modelBuilder
-                .HasAnnotation("ProductVersion", "3.1.8")
-                .HasAnnotation("Relational:MaxIdentifierLength", 128)
-                .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
-                {
-                    b.Property<int>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("int")
-                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
-
-                    b.Property<string>("ClaimType")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("ClaimValue")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("RoleId")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("RoleId");
-
-                    b.ToTable("AspNetRoleClaims");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
-                {
-                    b.Property<int>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("int")
-                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
-
-                    b.Property<string>("ClaimType")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("ClaimValue")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("UserId")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("UserId");
-
-                    b.ToTable("AspNetUserClaims");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
-                {
-                    b.Property<string>("LoginProvider")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("ProviderKey")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("ProviderDisplayName")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("UserId")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.HasKey("LoginProvider", "ProviderKey");
-
-                    b.HasIndex("UserId");
-
-                    b.ToTable("AspNetUserLogins");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
-                {
-                    b.Property<string>("UserId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("RoleId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.HasKey("UserId", "RoleId");
-
-                    b.HasIndex("RoleId");
-
-                    b.ToTable("AspNetUserRoles");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
-                {
-                    b.Property<string>("UserId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("LoginProvider")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("Name")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("Value")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.HasKey("UserId", "LoginProvider", "Name");
-
-                    b.ToTable("AspNetUserTokens");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ClientId")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(100)")
-                        .HasMaxLength(100);
-
-                    b.Property<string>("ClientSecret")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(50)")
-                        .HasMaxLength(50);
-
-                    b.Property<string>("ConsentType")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("DisplayName")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Permissions")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("PostLogoutRedirectUris")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("RedirectUris")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Type")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(25)")
-                        .HasMaxLength(25);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ClientId")
-                        .IsUnique();
-
-                    b.ToTable("OpenIddictApplications");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ApplicationId")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(50)")
-                        .HasMaxLength(50);
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Scopes")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Status")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(25)")
-                        .HasMaxLength(25);
-
-                    b.Property<string>("Subject")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(450)")
-                        .HasMaxLength(450);
-
-                    b.Property<string>("Type")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(25)")
-                        .HasMaxLength(25);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
-
-                    b.ToTable("OpenIddictAuthorizations");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictScope", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(50)")
-                        .HasMaxLength(50);
-
-                    b.Property<string>("Description")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("DisplayName")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Name")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(200)")
-                        .HasMaxLength(200);
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Resources")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("Name")
-                        .IsUnique();
-
-                    b.ToTable("OpenIddictScopes");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ApplicationId")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("AuthorizationId")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(50)")
-                        .HasMaxLength(50);
-
-                    b.Property<DateTimeOffset?>("CreationDate")
-                        .HasColumnType("datetimeoffset");
-
-                    b.Property<DateTimeOffset?>("ExpirationDate")
-                        .HasColumnType("datetimeoffset");
-
-                    b.Property<string>("Payload")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("ReferenceId")
-                        .HasColumnType("nvarchar(100)")
-                        .HasMaxLength(100);
-
-                    b.Property<string>("Status")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(25)")
-                        .HasMaxLength(25);
-
-                    b.Property<string>("Subject")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(450)")
-                        .HasMaxLength(450);
-
-                    b.Property<string>("Type")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(25)")
-                        .HasMaxLength(25);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("AuthorizationId");
-
-                    b.HasIndex("ReferenceId")
-                        .IsUnique()
-                        .HasFilter("[ReferenceId] IS NOT NULL");
-
-                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
-
-                    b.ToTable("OpenIddictTokens");
-                });
-
-            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.ApplicationUser", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<int>("AccessFailedCount")
-                        .HasColumnType("int");
-
-                    b.Property<string>("ConcurrencyStamp")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("CreatedBy")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<DateTime>("CreatedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<string>("Email")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.Property<bool>("EmailConfirmed")
-                        .HasColumnType("bit");
-
-                    b.Property<bool>("IsAdministrator")
-                        .HasColumnType("bit");
-
-                    b.Property<DateTime>("LastPasswordChangedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<bool>("LockoutEnabled")
-                        .HasColumnType("bit");
-
-                    b.Property<DateTimeOffset?>("LockoutEnd")
-                        .HasColumnType("datetimeoffset");
-
-                    b.Property<string>("MemberId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("ModifiedBy")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<DateTime?>("ModifiedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<string>("NormalizedEmail")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.Property<string>("NormalizedUserName")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.Property<bool>("PasswordExpired")
-                        .HasColumnType("bit");
-
-                    b.Property<string>("PasswordHash")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("PhoneNumber")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<bool>("PhoneNumberConfirmed")
-                        .HasColumnType("bit");
-
-                    b.Property<string>("PhotoUrl")
-                        .HasColumnType("nvarchar(2048)")
-                        .HasMaxLength(2048);
-
-                    b.Property<string>("SecurityStamp")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Status")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.Property<string>("StoreId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<bool>("TwoFactorEnabled")
-                        .HasColumnType("bit");
-
-                    b.Property<string>("UserName")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.Property<string>("UserType")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("NormalizedEmail")
-                        .HasName("EmailIndex");
-
-                    b.HasIndex("NormalizedUserName")
-                        .IsUnique()
-                        .HasName("UserNameIndex")
-                        .HasFilter("[NormalizedUserName] IS NOT NULL");
-
-                    b.ToTable("AspNetUsers");
-                });
-
-            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.Role", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("ConcurrencyStamp")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Description")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Name")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.Property<string>("NormalizedName")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("NormalizedName")
-                        .IsUnique()
-                        .HasName("RoleNameIndex")
-                        .HasFilter("[NormalizedName] IS NOT NULL");
-
-                    b.ToTable("AspNetRoles");
-                });
-
-            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserApiKeyEntity", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("ApiKey")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("CreatedBy")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.Property<DateTime>("CreatedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<bool>("IsActive")
-                        .HasColumnType("bit");
-
-                    b.Property<string>("ModifiedBy")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.Property<DateTime?>("ModifiedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<string>("UserId")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("UserName")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ApiKey")
-                        .IsUnique()
-                        .HasFilter("[ApiKey] IS NOT NULL");
-
-                    b.ToTable("UserApiKey");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
-                        .WithMany()
-                        .HasForeignKey("RoleId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
-                        .WithMany()
-                        .HasForeignKey("RoleId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
-                {
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
-                        .WithMany("Authorizations")
-                        .HasForeignKey("ApplicationId");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
-                {
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
-                        .WithMany("Tokens")
-                        .HasForeignKey("ApplicationId");
-
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", "Authorization")
-                        .WithMany("Tokens")
-                        .HasForeignKey("AuthorizationId");
-                });
-#pragma warning restore 612, 618
-        }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.cs
deleted file mode 100644
index f4578f16ce8..00000000000
--- a/src/VirtoCommerce.Platform.Security/Migrations/20210323075715_LastPasswordChangedDate.cs
+++ /dev/null
@@ -1,24 +0,0 @@
-using System;
-using Microsoft.EntityFrameworkCore.Migrations;
-
-namespace VirtoCommerce.Platform.Security.Migrations
-{
-    public partial class LastPasswordChangedDate : Migration
-    {
-        protected override void Up(MigrationBuilder migrationBuilder)
-        {
-            migrationBuilder.AddColumn<DateTime>(
-                name: "LastPasswordChangedDate",
-                table: "AspNetUsers",
-                nullable: false,
-                defaultValue: new DateTime(1, 1, 1, 0, 0, 0, 0, DateTimeKind.Unspecified));
-        }
-
-        protected override void Down(MigrationBuilder migrationBuilder)
-        {
-            migrationBuilder.DropColumn(
-                name: "LastPasswordChangedDate",
-                table: "AspNetUsers");
-        }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
index 993e1b8be53..2d9f9d52283 100644
--- a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
+++ b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
@@ -346,9 +346,6 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                     b.Property<bool>("IsAdministrator")
                         .HasColumnType("bit");
 
-                    b.Property<DateTime>("LastPasswordChangedDate")
-                        .HasColumnType("datetime2");
-
                     b.Property<bool>("LockoutEnabled")
                         .HasColumnType("bit");
 
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
index 2c52b9c0085..5096761aa46 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
@@ -45,8 +45,6 @@ protected override void OnModelCreating(ModelBuilder builder)
             builder.Entity<ApplicationUser>().Property(x => x.Id).HasMaxLength(128).ValueGeneratedOnAdd();
             builder.Entity<ApplicationUser>().Property(x => x.StoreId).HasMaxLength(128);
             builder.Entity<ApplicationUser>().Property(x => x.MemberId).HasMaxLength(128);
-            builder.Entity<ApplicationUser>().Property(x => x.LastPasswordChangedDate);
-
             builder.Entity<Role>().Property(x => x.Id).HasMaxLength(128).ValueGeneratedOnAdd();
             builder.Entity<IdentityUserClaim<string>>().Property(x => x.UserId).HasMaxLength(128);
             builder.Entity<IdentityUserLogin<string>>().Property(x => x.UserId).HasMaxLength(128);
diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index 00e6adb46da..1ead9ca9be6 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -122,7 +122,6 @@ public async Task<ActionResult<UserDetail>> GetCurrentUser()
                 isAdministrator = user.IsAdministrator,
                 UserName = user.UserName,
                 PasswordExpired = user.PasswordExpired,
-                LastPasswordChangedDate = user.LastPasswordChangedDate,
                 Permissions = user.Roles.SelectMany(x => x.Permissions).Select(x => x.Name).Distinct().ToArray()
             };
 
@@ -548,11 +547,6 @@ public async Task<ActionResult<SecurityResult>> Update([FromBody] ApplicationUse
                 await _userManager.SetEmailAsync(user, user.Email);
             }
 
-            if (user.LastPasswordChangedDate != applicationUser.LastPasswordChangedDate)
-            {
-                user.LastPasswordChangedDate = applicationUser.LastPasswordChangedDate;
-            }
-
             var result = await _userManager.UpdateAsync(user);
 
             return Ok(result.ToSecurityResult());
diff --git a/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs b/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
index 3cce7f46014..69f8f81ca83 100644
--- a/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
+++ b/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
@@ -1,4 +1,3 @@
-using System;
 using System.Collections.Generic;
 using VirtoCommerce.Platform.Core.Common;
 
@@ -10,6 +9,5 @@ public class UserDetail : Entity
         public string UserName { get; set; }
         public bool isAdministrator { get; set; }
         public bool PasswordExpired { get; set; }
-        public DateTime LastPasswordChangedDate { get; set; }
     }
 }
diff --git a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
index 5ac0026cd04..fbd2dab5a7a 100644
--- a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
+++ b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
@@ -103,7 +103,6 @@ public override async Task<IdentityResult> ResetPasswordAsync(ApplicationUser us
         {
             //It is important to call base.FindByIdAsync method to avoid of update a cached user.
             var existUser = await base.FindByIdAsync(user.Id);
-            existUser.LastPasswordChangedDate = DateTime.UtcNow;
 
             var result = await base.ResetPasswordAsync(existUser, token, newPassword);
             if (result == IdentityResult.Success)
@@ -119,8 +118,6 @@ public override async Task<IdentityResult> ResetPasswordAsync(ApplicationUser us
 
         public override async Task<IdentityResult> ChangePasswordAsync(ApplicationUser user, string currentPassword, string newPassword)
         {
-            user.LastPasswordChangedDate = DateTime.UtcNow;
-
             var result = await base.ChangePasswordAsync(user, currentPassword, newPassword);
             if (result == IdentityResult.Success)
             {

From bba631590934eee7797dc6c3901bd81703974a20 Mon Sep 17 00:00:00 2001
From: Andrei Kolchanov <akak1977@users.noreply.github.com>
Date: Thu, 25 Mar 2021 22:03:39 +0500
Subject: [PATCH 36/70] PT-314: Change extending-model doc with
 PolymorphJsonConverter info (#2192)

---
 .../extensibility/extending-domain-models.md  | 55 ++++++++++++++-----
 1 file changed, 40 insertions(+), 15 deletions(-)

diff --git a/docs/fundamentals/extensibility/extending-domain-models.md b/docs/fundamentals/extensibility/extending-domain-models.md
index 1f8bab9c4dc..5a260ca87b9 100644
--- a/docs/fundamentals/extensibility/extending-domain-models.md
+++ b/docs/fundamentals/extensibility/extending-domain-models.md
@@ -165,7 +165,7 @@ Also is so important to register our new persistent schema representation `Custo
     }
 ```
 
-## The known problems with updating when you have a schema  of persistent layer extensions.
+## The known problems with updating when you have a schema of persistent layer extensions.
 
 As a background, a huge limitation of the persistent layer extension technique is the mandatory creation of an empty database migration after each derived module update that has a new migration with schema changes. Without this, you will receive this error
 
@@ -186,31 +186,56 @@ Add-Migration BumpVersionEmptyMigration -Context {{ full type name with namespac
 
 * Update the module dependency version in `module.manifest file` of your custom module to point to the actual version of dependency. 
 
-## PolymorphicOperationJsonConverter. How the API understand/deserializes the derived domain types 
+## How the API understands/deserializes the derived domain types 
 
-In the previous paragraphs, we are considered how to extend the domain types and persistent layer but, in some cases, it is not enough. Especially when your domain types are used as DTO (Data Transfer Object) in public API contacts and can use as result or parameters in the API endpoints. In order to force ASP.NET Core API Json serializer to understand our domain extensions, we use the special `PolymorphicOperationJsonConverter` class. Its primary responsibility is an instantiation of the right “effective” type instance from incoming JSON (deserialization) data. Looking to implementation it uses the `AbstractTypeFactory<>`  and reflection to construct the proper type instance based on base type or discriminator is used from JSON request body.
+In the previous paragraphs, we have considered extending domain types and persistent layers, but, in some cases, it is not enough. Especially when your domain types are used as DTOs (Data Transfer Objects) in public API contracts and can be used as a result or parameter in the API endpoints. 
 
+There is a technical task of an instantiation of the right “effective” type instance from incoming JSON data (deserialization).
 
-*`VirtoCommerce.OrdersModule.Web/JsonConverters/PolymorphicOperationJsonConverter.cs`*
+There are two ways to force ASP.NET Core API Json serializer to understand our domain extensions:
+1. Use platform-defined `PolymorphJsonConverter`. It's preferable to use in most cases. The `PolymorphJsonConverter` transparently deserializes extended domain types with no developer effort.
+2. Custom JSON converter passed to MvcNewtonsoftJsonOptions. Consider using it, if `PolymorphJsonConverter` is not suitable for your specific case.
+
+### Universal `PolymorphJsonConverter`
+The `PolymorphJsonConverter` uses `AbstractTypeFactory<>` to construct instances during deserialization. There are following cases of overriding/extending, when `PolymorphJsonConverter` fits:
+
+1. Full type override. It's the case when the derived type replaces the original type thru the call to `AbstractTypeFactory<>.OverrideType`, and the API uses the original type as a formal definition. No developer actions needed in that case. `PolymorphJsonConverter` will deserialize instances of the derived type.
+1. Extending types controlled by registration thru the call to `AbstractTypeFactory<>.RegisterType`, and the API uses the basic type as a formal definition. `PolymorphJsonConverter` will construct instances of derived types by looking at the value of discriminator property (formally defined in basic type) that stores the type name of the descendant. Because the discriminator property defined in the base class, there are 2 subcases:
+    * The basic type was defined in the Platform or another module and the discriminator already registered as needed. No additional developer actions needed to support the deserialization of extending types.
+    * The basic type resides in the newly created custom module. In that case, the developer needs to tell `PolymorphJsonConverter` which of the basic type properties stores the discriminator thru the call of static method `PolymorphJsonConverter.RegisterTypeForDiscriminator` in module's `PostInitialize`.
+    For example, check VC Customer module: *`VirtoCommerce.CustomerModule.Web\Module.cs `*
 ```C#
-    public class PolymorphicOperationJsonConverter : JsonConverter
+    public class Module : IModule, IExportSupport, IImportSupport
     {
         ...
-        
-        public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
+        public void PostInitialize(IApplicationBuilder appBuilder)
         {
-            object retVal;
-            var obj = JObject.Load(reader);
-
-            var tryCreateInstance = typeof(AbstractTypeFactory<>).MakeGenericType(objectType).GetMethods().FirstOrDefault(x => x.Name.EqualsInvariant("TryCreateInstance") && x.GetParameters().Length == 0);
-            retVal = tryCreateInstance?.Invoke(null, null);
+            ...
+            AbstractTypeFactory<Member>.RegisterType<Organization>().MapToType<OrganizationEntity>();
+            AbstractTypeFactory<Member>.RegisterType<Contact>().MapToType<ContactEntity>();
+            AbstractTypeFactory<Member>.RegisterType<Vendor>().MapToType<VendorEntity>();
+            AbstractTypeFactory<Member>.RegisterType<Employee>().MapToType<EmployeeEntity>();
+            ...
+            PolymorphJsonConverter.RegisterTypeForDiscriminator(typeof(Member), nameof(Member.MemberType));
+            ...
         }
         ...
     }
 ```
-The many base VirtoCommerce modules have such PolymorphicOperationJsonConverter for their own types that support extensions and register it in their `Module.cs` in this way.
 
-*`VirtoCommerce.OrdersModule.Web/Module.cs`*
+### Custom JSON-converter
+
+ Of course, you can use the standard converters extension technique by registering custom converter in `MvcNewtonsoftJsonOptions` in module `PostInitialize`:
+
+```C#
+    public class YourCustomJsonConverter : JsonConverter
+    {
+        ...
+        ...
+    }
+```
+
+*`/Module.cs`*
 ```C#
     public class Module : IModule
     {
@@ -220,7 +245,7 @@ The many base VirtoCommerce modules have such PolymorphicOperationJsonConverter
 
             // enable polymorphic types in API controller methods
             var mvcJsonOptions = appBuilder.ApplicationServices.GetService<IOptions<MvcNewtonsoftJsonOptions>>();
-            mvcJsonOptions.Value.SerializerSettings.Converters.Add(appBuilder.ApplicationServices.GetService<PolymorphicOperationJsonConverter>());
+            mvcJsonOptions.Value.SerializerSettings.Converters.Add(appBuilder.ApplicationServices.GetService<YourCustomJsonConverter>());
 
             ...
 

From d8543dc4901317cef0d5a0d0e3f3f1dab22f6d73 Mon Sep 17 00:00:00 2001
From: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
Date: Fri, 26 Mar 2021 09:53:05 +0200
Subject: [PATCH 37/70] Update Startup.cs (#2191)

Remove type registration in generic converters for the SearchCriteria.
---
 src/VirtoCommerce.Platform.Web/Startup.cs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/VirtoCommerce.Platform.Web/Startup.cs b/src/VirtoCommerce.Platform.Web/Startup.cs
index 1a76de6043f..12e2011df06 100644
--- a/src/VirtoCommerce.Platform.Web/Startup.cs
+++ b/src/VirtoCommerce.Platform.Web/Startup.cs
@@ -522,7 +522,6 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             var mvcJsonOptions = app.ApplicationServices.GetService<IOptions<MvcNewtonsoftJsonOptions>>();
             mvcJsonOptions.Value.SerializerSettings.Converters.Add(new PolymorphJsonConverter());
             PolymorphJsonConverter.RegisterTypeForDiscriminator(typeof(PermissionScope), nameof(PermissionScope.Type));
-            PolymorphJsonConverter.RegisterTypeForDiscriminator(typeof(SearchCriteriaBase), nameof(SearchCriteriaBase.ObjectType));
         }
     }
 }

From 588a1a7015165ea7a028010e592e3d570dcacf97 Mon Sep 17 00:00:00 2001
From: Filip Kuksov <vectorfield4@gmail.com>
Date: Fri, 26 Mar 2021 09:57:49 +0200
Subject: [PATCH 38/70] 3.52.0

---
 Directory.Build.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index f4ec0ba940c..6b4a80602e3 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -9,7 +9,7 @@
     </PropertyGroup>
 
     <PropertyGroup>
-        <VersionPrefix>3.51.0</VersionPrefix>
+        <VersionPrefix>3.52.0</VersionPrefix>
         <VersionSuffix></VersionSuffix>
         <VersionSuffix Condition=" '$(VersionSuffix)' != '' AND '$(BuildNumber)' != '' ">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
         <NoWarn>$(NoWarn);S3875</NoWarn>

From 670548bc30ec2fff3a75b4a458f8aab25b909075 Mon Sep 17 00:00:00 2001
From: Andrei Kolchanov <akak1977@users.noreply.github.com>
Date: Fri, 26 Mar 2021 16:44:26 +0500
Subject: [PATCH 39/70] PT-548: Add a distributed lock for migrations applying
 (#2185)

---
 .../LocalStorageModuleCatalogOptions.cs       |  6 +++
 .../ApplicationBuilderExtensions.cs           | 51 +++++++++++++++++++
 .../ApplicationBuilderExtensions.cs           | 39 ++++++++++++++
 src/VirtoCommerce.Platform.Web/Startup.cs     | 43 ++++++++--------
 .../VirtoCommerce.Platform.Web.csproj         |  1 +
 5 files changed, 118 insertions(+), 22 deletions(-)
 create mode 100644 src/VirtoCommerce.Platform.Web/Migrations/ApplicationBuilderExtensions.cs

diff --git a/src/VirtoCommerce.Platform.Core/Modularity/LocalStorageModuleCatalogOptions.cs b/src/VirtoCommerce.Platform.Core/Modularity/LocalStorageModuleCatalogOptions.cs
index 3a56164d2a9..565a1c244cb 100644
--- a/src/VirtoCommerce.Platform.Core/Modularity/LocalStorageModuleCatalogOptions.cs
+++ b/src/VirtoCommerce.Platform.Core/Modularity/LocalStorageModuleCatalogOptions.cs
@@ -23,5 +23,11 @@ public class LocalStorageModuleCatalogOptions
         public string[] LocalizationFileExtensions { get; set; } = new[] { "resources.dll" };
         public string[] AssemblyFileExtensions { get; set; } = new[] { ".dll", ".exe" };
         public string[] AssemblyServiceFileExtensions { get; set; } = new[] { ".pdb", ".xml", ".deps.json", ".runtimeconfig.json", ".runtimeconfig.dev.json", ".dep" };
+
+        /// <summary>
+        /// Option for managing distributed lock access to apply migrations sequentially in multiinstance platform installations. 
+        /// Total time in seconds to wait until the lock is available.
+        /// </summary>
+        public int DistributedLockWait { get; set; } = 180;
     }
 }
diff --git a/src/VirtoCommerce.Platform.Web/Extensions/ApplicationBuilderExtensions.cs b/src/VirtoCommerce.Platform.Web/Extensions/ApplicationBuilderExtensions.cs
index e053fe0b52e..1b53000d8f9 100644
--- a/src/VirtoCommerce.Platform.Web/Extensions/ApplicationBuilderExtensions.cs
+++ b/src/VirtoCommerce.Platform.Web/Extensions/ApplicationBuilderExtensions.cs
@@ -3,6 +3,12 @@
 using System.Linq;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using RedLockNet.SERedis;
+using RedLockNet.SERedis.Configuration;
+using StackExchange.Redis;
+using VirtoCommerce.Platform.Core.Exceptions;
 using VirtoCommerce.Platform.Core.Modularity;
 using VirtoCommerce.Platform.Core.Settings;
 using VirtoCommerce.Platform.Web.Licensing;
@@ -61,6 +67,51 @@ private static IEnumerable<ManifestModuleInfo> GetInstalledModules(IServiceProvi
                 .Where(x => x.State == ModuleState.Initialized && !x.Errors.Any())
                 .ToArray();
         }
+
+        /// <summary>
+        /// Run specified payload in sync between several instances
+        /// </summary>
+        /// <param name="app"></param>
+        /// <param name="payload"></param>
+        /// <returns></returns>
+        public static IApplicationBuilder WithDistributedLock(this IApplicationBuilder app, Action payload)
+        {
+            var redisConnMultiplexer = app.ApplicationServices.GetService<IConnectionMultiplexer>();
+
+            var logger = app.ApplicationServices.GetService<ILogger<Startup>>();
+
+            if (redisConnMultiplexer != null)
+            {
+                var distributedLockWait = app.ApplicationServices.GetRequiredService<IOptions<LocalStorageModuleCatalogOptions>>().Value.DistributedLockWait;
+
+                // Try to acquire distributed lock
+                using (var redlockFactory = RedLockFactory.Create(new RedLockMultiplexer[] { new RedLockMultiplexer(redisConnMultiplexer) }))
+                using (var redLock = redlockFactory.CreateLock(nameof(WithDistributedLock),
+                    TimeSpan.FromSeconds(120 + distributedLockWait) /* Successfully acquired lock expiration time */,
+                    TimeSpan.FromSeconds(distributedLockWait) /* Total time to wait until the lock is available */,
+                    TimeSpan.FromSeconds(3) /* The span to acquire the lock in retries */))
+                {
+                    if (redLock.IsAcquired)
+                    {
+                        logger.LogInformation("Distributed lock acquired");
+                        payload();
+                    }
+                    else
+                    {
+                        // Lock not acquired even after migrationDistributedLockOptions.Wait
+                        throw new PlatformException($"Can't apply migrations. It seems another platform instance still applies migrations. Consider to increase MigrationDistributedLockOptions.Wait timeout.");
+                    }
+                }
+            }
+            else
+            {
+                // One-instance configuration, no Redis, just run
+                logger.Log(LogLevel.Information, "Distributed lock not acquired, Redis ConnectionMultiplexer is null (No Redis connection ?)");
+                payload();
+            }
+
+            return app;
+        }
     }
 
 }
diff --git a/src/VirtoCommerce.Platform.Web/Migrations/ApplicationBuilderExtensions.cs b/src/VirtoCommerce.Platform.Web/Migrations/ApplicationBuilderExtensions.cs
new file mode 100644
index 00000000000..8eb962c5060
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Web/Migrations/ApplicationBuilderExtensions.cs
@@ -0,0 +1,39 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using RedLockNet.SERedis;
+using RedLockNet.SERedis.Configuration;
+using StackExchange.Redis;
+using VirtoCommerce.Platform.Core;
+using VirtoCommerce.Platform.Core.Common;
+using VirtoCommerce.Platform.Core.Exceptions;
+using VirtoCommerce.Platform.Data.Extensions;
+using VirtoCommerce.Platform.Data.Repositories;
+using VirtoCommerce.Platform.Security.Repositories;
+namespace VirtoCommerce.Platform.Web.Migrations
+{
+    public static class ApplicationBuilderExtensions
+    {
+        /// <summary>
+        /// Apply platform migrations
+        /// </summary>
+        /// <param name="appBuilder"></param>
+        /// <returns></returns>
+        public static IApplicationBuilder UsePlatformMigrations(this IApplicationBuilder appBuilder)
+        {
+            using (var serviceScope = appBuilder.ApplicationServices.CreateScope())
+            {
+                var platformDbContext = serviceScope.ServiceProvider.GetRequiredService<PlatformDbContext>();
+                platformDbContext.Database.MigrateIfNotApplied(MigrationName.GetUpdateV2MigrationName("Platform"));
+                platformDbContext.Database.Migrate();
+
+                var securityDbContext = serviceScope.ServiceProvider.GetRequiredService<SecurityDbContext>();
+                securityDbContext.Database.MigrateIfNotApplied(MigrationName.GetUpdateV2MigrationName("Security"));
+                securityDbContext.Database.Migrate();
+            }
+
+            return appBuilder;
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Web/Startup.cs b/src/VirtoCommerce.Platform.Web/Startup.cs
index 12e2011df06..930add561e7 100644
--- a/src/VirtoCommerce.Platform.Web/Startup.cs
+++ b/src/VirtoCommerce.Platform.Web/Startup.cs
@@ -41,7 +41,6 @@
 using VirtoCommerce.Platform.Core.Modularity;
 using VirtoCommerce.Platform.Core.Security;
 using VirtoCommerce.Platform.Data.Extensions;
-using VirtoCommerce.Platform.Data.Repositories;
 using VirtoCommerce.Platform.Hangfire.Extensions;
 using VirtoCommerce.Platform.Modules;
 using VirtoCommerce.Platform.Security.Authorization;
@@ -52,6 +51,7 @@
 using VirtoCommerce.Platform.Web.Infrastructure;
 using VirtoCommerce.Platform.Web.Licensing;
 using VirtoCommerce.Platform.Web.Middleware;
+using VirtoCommerce.Platform.Web.Migrations;
 using VirtoCommerce.Platform.Web.PushNotifications;
 using VirtoCommerce.Platform.Web.Redis;
 using VirtoCommerce.Platform.Web.Security;
@@ -474,31 +474,31 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             app.UseAuthentication();
             app.UseAuthorization();
 
-            //Force migrations
-            using (var serviceScope = app.ApplicationServices.CreateScope())
+            app.WithDistributedLock(() =>
             {
-                var platformDbContext = serviceScope.ServiceProvider.GetRequiredService<PlatformDbContext>();
-                platformDbContext.Database.MigrateIfNotApplied(MigrationName.GetUpdateV2MigrationName("Platform"));
-                platformDbContext.Database.Migrate();
+                // This method contents will run inside of critical section of instance distributed lock.
+                // Main goal is to apply the migrations (Platform, Hangfire, modules) sequentially instance by instance.
+                // This ensures only one active EF-migration ran simultaneously to avoid DB-related side-effects.
 
-                var securityDbContext = serviceScope.ServiceProvider.GetRequiredService<SecurityDbContext>();
-                securityDbContext.Database.MigrateIfNotApplied(MigrationName.GetUpdateV2MigrationName("Security"));
-                securityDbContext.Database.Migrate();
-            }
+                // Apply platform migrations
+                app.UsePlatformMigrations();
+
+                app.UseDbTriggers();
 
-            app.UseDbTriggers();
-            //Register platform settings
-            app.UsePlatformSettings();
+                // Register platform settings
+                app.UsePlatformSettings();
 
-            // Complete hangfire init
-            app.UseHangfire(Configuration);
+                // Complete hangfire init and apply Hangfire migrations
+                app.UseHangfire(Configuration);
 
-            //Register platform permissions
-            app.UsePlatformPermissions();
-            app.UseSecurityHandlers();
-            app.UsePruneExpiredTokensJob();
+                // Register platform permissions
+                app.UsePlatformPermissions();
+                app.UseSecurityHandlers();
+                app.UsePruneExpiredTokensJob();
 
-            app.UseModules();
+                // Complete modules startup and apply their migrations
+                app.UseModules();
+            });
 
             app.UseEndpoints(endpoints =>
             {
@@ -514,11 +514,10 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             // Enable middleware to serve generated Swagger as a JSON endpoint.
             app.UseSwagger();
 
-
             // Use app insights telemetry 
             app.UseAppInsightsTelemetry();
 
-            
+
             var mvcJsonOptions = app.ApplicationServices.GetService<IOptions<MvcNewtonsoftJsonOptions>>();
             mvcJsonOptions.Value.SerializerSettings.Converters.Add(new PolymorphJsonConverter());
             PolymorphJsonConverter.RegisterTypeForDiscriminator(typeof(PermissionScope), nameof(PermissionScope.Type));
diff --git a/src/VirtoCommerce.Platform.Web/VirtoCommerce.Platform.Web.csproj b/src/VirtoCommerce.Platform.Web/VirtoCommerce.Platform.Web.csproj
index d965458668a..4cca9e59636 100644
--- a/src/VirtoCommerce.Platform.Web/VirtoCommerce.Platform.Web.csproj
+++ b/src/VirtoCommerce.Platform.Web/VirtoCommerce.Platform.Web.csproj
@@ -40,6 +40,7 @@
         <PackageReference Include="OpenIddict" Version="2.0.1" />
         <PackageReference Include="OpenIddict.Core" Version="2.0.1" />
         <PackageReference Include="OpenIddict.EntityFrameworkCore" Version="2.0.1" />
+        <PackageReference Include="RedLock.net" Version="2.2.0" />
         <PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" />
         <PackageReference Include="Swashbuckle.AspNetCore.Annotations" Version="5.6.3" />
         <PackageReference Include="Swashbuckle.AspNetCore.Cli" Version="4.0.1" />

From a5bbc6dbd725ff32d59f5510da875ee2dc8e9708 Mon Sep 17 00:00:00 2001
From: vc-ci <ci@virtocommerce.com>
Date: Fri, 26 Mar 2021 12:16:41 +0000
Subject: [PATCH 40/70] Updating Github Action workflows.

---
 .github/workflows/e2e.yml  | 2 +-
 .github/workflows/main.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index efe421c5cc9..4f09f4f2498 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -78,7 +78,7 @@ jobs:
 
     - name: Getting tests
       shell: sh
-      run: git clone https://github.com/VirtoCommerce/vc-quality-gate-katalon.git
+      run: git clone https://github.com/VirtoCommerce/vc-quality-gate-katalon.git --branch dev
 
     - name: Katalon Studio Github Action
       uses: VirtoCommerce/vc-github-actions/katalon-studio-github-action@master
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index e17bdfaf51a..91e022aa2a3 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -25,7 +25,7 @@ on:
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   ci:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-18.04
     env:
       SONAR_TOKEN: ${{secrets.SONAR_TOKEN}}
       GITHUB_TOKEN: ${{ secrets.REPO_TOKEN }}

From 16ec4e331dc19fdfb19f7bee192d0e3ac08a9db9 Mon Sep 17 00:00:00 2001
From: vc-ci <ci@virtocommerce.com>
Date: Mon, 29 Mar 2021 13:18:47 +0000
Subject: [PATCH 41/70] Updating Github Action workflows.

---
 .github/workflows/e2e.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 4f09f4f2498..47400763a4a 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -87,6 +87,16 @@ jobs:
         projectPath: '${{ github.workspace }}/vc-quality-gate-katalon/platform_storefront.prj'
         args: '-noSplash -retry=0 -testSuitePath="${{ github.event.inputs.testSuite || env.DEFAULT_TEST_SUITE }}" -browserType="Chrome" -apiKey= ${{ secrets.KATALON_API_KEY }} -g_urlBack="http://localhost:8090" -g_urlFront="http://localhost:8080" -executionProfile="default"'
 
+    - name: 'Katalon Reports'
+      if: always()
+      uses: actions/upload-artifact@v2
+      with:
+        name: reports
+        path: |
+          vc-quality-gate-katalon/Reports
+          /home/runner/.katalon/*/Katalon_Studio_Engine_Linux_*/configuration/*.log.
+        retention-days: 5
+
     - name: Katalon Report to PR
       if: ${{ ( success() || failure() ) && github.event_name == 'pull_request' }}
       uses: VirtoCommerce/vc-github-actions/publish-katalon-report@master

From cf5ed8875703bc61929188c830a29c1255b42d4e Mon Sep 17 00:00:00 2001
From: Aleksandr Vishniakov <av@virtoway.com>
Date: Mon, 29 Mar 2021 23:20:13 +0200
Subject: [PATCH 42/70] Fix spelling (#2045)

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../developer-guide/modules-development-via-docker.md | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/docs/developer-guide/modules-development-via-docker.md b/docs/developer-guide/modules-development-via-docker.md
index 9a936b4dcbe..4deca3653ce 100644
--- a/docs/developer-guide/modules-development-via-docker.md
+++ b/docs/developer-guide/modules-development-via-docker.md
@@ -41,12 +41,12 @@ For the *docker* and *docker-compose* files configuring convenience, all configu
 
 * For Docker installation, first review the information at Docker for Windows: [What to know before you install](https://docs.docker.com/docker-for-windows/install/#what-to-know-before-you-install)
 * Install [Docker Desktop for Windows](https://docs.docker.com/docker-for-windows/install/) on your machine
-* During installation you'll need to choose Linux as operating system used inside your containers
+* During installation you'll need to choose Linux as operating system used inside your containers and install update for WSL 2 (Windows Subsystem for Linux)
 
 ## How to use
 
 1. Copy [ModulesDevelop](https://github.com/VirtoCommerce/vc-platform/blob/dev/DockerCompose/ModulesDevelop/) folder to local machine
-2. Create an external network for the Docker engine
+2. Create an external network for the Docker engine. Run the following command in powershell with elevated admimistrator priviliges:
 
 ```cmd
 docker network create nat
@@ -55,7 +55,6 @@ docker network create nat
 3. Parameterize values in the *.env* file.
 
 ```cmd
-CMS_CONTENT_VOLUME=c:\path\to\folder\cms-content
 APP_DATA_MODULES=c:\path\to\folder\modules
 ```
 
@@ -70,10 +69,10 @@ SEARCH_PROVIDER=ElasticSearch
 4. Build and launch `docker-compose` by command:
 
 ```cmd
-docker-compose -f docker-compose.yml up --build -d
+docker-compose -f c:\path\to\modulesdevelop\docker-compose.yml up --build -d
 ```
 
-5. Run Virto Commerce Platform Manager (configure modules as sample data)
+5. Run Virto Commerce Platform Manager - http://localhost:8090/ (configure modules as sample data)
 6. [Create new module](./create-new-module.md) as described in the article
 7. Write code for new module
 8. Build new module
@@ -82,7 +81,7 @@ docker-compose -f docker-compose.yml up --build -d
 
 ## Run Virto Commerce Platform Manager
 
-Once the containers are started, open VC Platform Manager - http://localhost:8090 . This will launch the application and install default modules. After modules have been installed you need to restart the container with the platform what gives you the opportunity to configure sample data.
+Once the containers are started, open VC Platform Manager. This will launch the application and install default modules. After modules have been installed you need to restart the container with the platform what gives you the opportunity to configure sample data.
 
 ![Choose sample data](../media/screen-sample-data.png)
 

From 021a9eceaed28cc7e155dfd3d66cc78b1726d10b Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Tue, 30 Mar 2021 10:42:31 +0300
Subject: [PATCH 43/70] PT-82: Configuration of password expiration policy
 (#2193)

* Make LastPasswordChangedDate nullable
* PT-81: Add password changing API, configuration, and UI
* PT-81: Refactor by PR comments, Add expiry unit tests
---
 .../Security/ApplicationUser.cs               |   6 +
 .../Security/UserOptionsExtended.cs           |  17 +
 ...092444_LastPasswordChangedDate.Designer.cs | 575 ++++++++++++++++++
 .../20210325092444_LastPasswordChangedDate.cs |  23 +
 .../SecurityDbContextModelSnapshot.cs         |   3 +
 .../Repositories/SecurityDbContext.cs         |   1 +
 .../Controllers/Api/SecurityController.cs     |  32 +-
 .../Model/Security/UserDetail.cs              |   2 +
 .../Security/CustomUserManager.cs             |  17 +
 src/VirtoCommerce.Platform.Web/Startup.cs     |   1 +
 .../appsettings.json                          |   1 +
 .../en.VirtoCommerce.Platform.json            |  16 +-
 .../themes/main/sass/includes/_constants.sass |   4 +-
 .../main/sass/modules/_base-modules.sass      |   7 +
 .../main/sass/modules/_project-modules.sass   |   2 +-
 .../main/sass/modules/_window-modals.sass     |   2 +
 .../dialogs/changePasswordDialog.tpl.html     |  34 +-
 .../js/app/security/resources/accounts.js     |   2 +-
 .../wwwroot/js/app/security/security.js       |  72 ++-
 .../Security/PasswordExpiryTests.cs           |  57 ++
 .../Security/SecurityMockHelpers.cs           |  24 +-
 21 files changed, 830 insertions(+), 68 deletions(-)
 create mode 100644 src/VirtoCommerce.Platform.Core/Security/UserOptionsExtended.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210325092444_LastPasswordChangedDate.Designer.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210325092444_LastPasswordChangedDate.cs
 create mode 100644 tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs

diff --git a/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs b/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
index 5080877d781..f5ef27ecff7 100644
--- a/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
+++ b/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
@@ -62,6 +62,11 @@ public virtual DateTime? LockoutEndDateUtc
         /// </summary>
         public virtual bool PasswordExpired { get; set; }
 
+        /// <summary>
+        /// The last date when the password was changed
+        /// </summary>
+        public virtual DateTime? LastPasswordChangedDate { get; set; }
+
         public virtual void Patch(ApplicationUser target)
         {
             target.UserName = UserName;
@@ -87,6 +92,7 @@ public virtual void Patch(ApplicationUser target)
             target.Status = Status;
             target.Password = Password;
             target.PasswordExpired = PasswordExpired;
+            target.LastPasswordChangedDate = LastPasswordChangedDate;
         }
 
         #region ICloneable members
diff --git a/src/VirtoCommerce.Platform.Core/Security/UserOptionsExtended.cs b/src/VirtoCommerce.Platform.Core/Security/UserOptionsExtended.cs
new file mode 100644
index 00000000000..6bdda985d4e
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Core/Security/UserOptionsExtended.cs
@@ -0,0 +1,17 @@
+using System;
+
+namespace VirtoCommerce.Platform.Core.Security
+{
+    public class UserOptionsExtended
+    {
+        /// <summary>
+        /// Max. valid time for a password. Property that has the null as default value. Null value means what the password never expires.
+        /// </summary>
+        public TimeSpan? MaxPasswordAge { get; set; }
+
+        /// <summary>
+        /// The number of days to start showing password expiry reminder
+        /// </summary>
+        public int RemindPasswordExpiryInDays { get; set; } = 7;
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210325092444_LastPasswordChangedDate.Designer.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210325092444_LastPasswordChangedDate.Designer.cs
new file mode 100644
index 00000000000..eba96ebe053
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/Migrations/20210325092444_LastPasswordChangedDate.Designer.cs
@@ -0,0 +1,575 @@
+// <auto-generated />
+using System;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Metadata;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using VirtoCommerce.Platform.Security.Repositories;
+
+namespace VirtoCommerce.Platform.Security.Migrations
+{
+    [DbContext(typeof(SecurityDbContext))]
+    [Migration("20210325092444_LastPasswordChangedDate")]
+    partial class LastPasswordChangedDate
+    {
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "3.1.8")
+                .HasAnnotation("Relational:MaxIdentifierLength", 128)
+                .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("RoleId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetRoleClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderKey")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserLogins");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("RoleId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetUserRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("AspNetUserTokens");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(100)")
+                        .HasMaxLength(100);
+
+                    b.Property<string>("ClientSecret")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("ConsentType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Permissions")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("PostLogoutRedirectUris")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("RedirectUris")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ClientId")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictApplications");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Scopes")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Status")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.Property<string>("Subject")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)")
+                        .HasMaxLength(450);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictAuthorizations");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictScope", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("Description")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Resources")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Name")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictScopes");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("AuthorizationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<DateTimeOffset?>("CreationDate")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<DateTimeOffset?>("ExpirationDate")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<string>("Payload")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ReferenceId")
+                        .HasColumnType("nvarchar(100)")
+                        .HasMaxLength(100);
+
+                    b.Property<string>("Status")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.Property<string>("Subject")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)")
+                        .HasMaxLength(450);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("AuthorizationId");
+
+                    b.HasIndex("ReferenceId")
+                        .IsUnique()
+                        .HasFilter("[ReferenceId] IS NOT NULL");
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictTokens");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.ApplicationUser", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("int");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<bool>("IsAdministrator")
+                        .HasColumnType("bit");
+
+                    b.Property<DateTime?>("LastPasswordChangedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<string>("MemberId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("PasswordExpired")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("PhotoUrl")
+                        .HasColumnType("nvarchar(2048)")
+                        .HasMaxLength(2048);
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Status")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<string>("StoreId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("UserType")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedEmail")
+                        .HasName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasName("UserNameIndex")
+                        .HasFilter("[NormalizedUserName] IS NOT NULL");
+
+                    b.ToTable("AspNetUsers");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.Role", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedName")
+                        .IsUnique()
+                        .HasName("RoleNameIndex")
+                        .HasFilter("[NormalizedName] IS NOT NULL");
+
+                    b.ToTable("AspNetRoles");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserApiKeyEntity", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ApiKey")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<bool>("IsActive")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ApiKey")
+                        .IsUnique()
+                        .HasFilter("[ApiKey] IS NOT NULL");
+
+                    b.ToTable("UserApiKey");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
+                        .WithMany("Authorizations")
+                        .HasForeignKey("ApplicationId");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
+                        .WithMany("Tokens")
+                        .HasForeignKey("ApplicationId");
+
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", "Authorization")
+                        .WithMany("Tokens")
+                        .HasForeignKey("AuthorizationId");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210325092444_LastPasswordChangedDate.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210325092444_LastPasswordChangedDate.cs
new file mode 100644
index 00000000000..065ae2cf45a
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/Migrations/20210325092444_LastPasswordChangedDate.cs
@@ -0,0 +1,23 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace VirtoCommerce.Platform.Security.Migrations
+{
+    public partial class LastPasswordChangedDate : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<DateTime>(
+                name: "LastPasswordChangedDate",
+                table: "AspNetUsers",
+                nullable: true);
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "LastPasswordChangedDate",
+                table: "AspNetUsers");
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
index 2d9f9d52283..2f9dd18a9ab 100644
--- a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
+++ b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
@@ -346,6 +346,9 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                     b.Property<bool>("IsAdministrator")
                         .HasColumnType("bit");
 
+                    b.Property<DateTime?>("LastPasswordChangedDate")
+                        .HasColumnType("datetime2");
+
                     b.Property<bool>("LockoutEnabled")
                         .HasColumnType("bit");
 
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
index 5096761aa46..1ada0ebcf19 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
@@ -45,6 +45,7 @@ protected override void OnModelCreating(ModelBuilder builder)
             builder.Entity<ApplicationUser>().Property(x => x.Id).HasMaxLength(128).ValueGeneratedOnAdd();
             builder.Entity<ApplicationUser>().Property(x => x.StoreId).HasMaxLength(128);
             builder.Entity<ApplicationUser>().Property(x => x.MemberId).HasMaxLength(128);
+
             builder.Entity<Role>().Property(x => x.Id).HasMaxLength(128).ValueGeneratedOnAdd();
             builder.Entity<IdentityUserClaim<string>>().Property(x => x.UserId).HasMaxLength(128);
             builder.Entity<IdentityUserLogin<string>>().Property(x => x.UserId).HasMaxLength(128);
diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index 1ead9ca9be6..430eda40b2c 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -122,6 +122,7 @@ public async Task<ActionResult<UserDetail>> GetCurrentUser()
                 isAdministrator = user.IsAdministrator,
                 UserName = user.UserName,
                 PasswordExpired = user.PasswordExpired,
+                LastPasswordChangedDate = user.LastPasswordChangedDate,
                 Permissions = user.Roles.SelectMany(x => x.Permissions).Select(x => x.Name).Distinct().ToArray()
             };
 
@@ -350,6 +351,21 @@ public async Task<ActionResult<SecurityResult>> Create([FromBody] ApplicationUse
             return Ok(result.ToSecurityResult());
         }
 
+        /// <summary>
+        /// Change password for current user.
+        /// </summary>
+        /// <param name="changePassword">Old and new passwords.</param>
+        /// <returns>Result of password change</returns>
+        [HttpPost]
+        [Route("currentuser/changepassword")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
+        [Authorize]
+        public async Task<ActionResult<SecurityResult>> ChangeCurrentUserPassword([FromBody] ChangePasswordRequest changePassword)
+        {
+            return await ChangePassword(User.Identity.Name, changePassword);
+        }
+
         /// <summary>
         /// Change password
         /// </summary>
@@ -357,7 +373,8 @@ public async Task<ActionResult<SecurityResult>> Create([FromBody] ApplicationUse
         /// <param name="changePassword">Old and new passwords.</param>
         [HttpPost]
         [Route("users/{userName}/changepassword")]
-        [ProducesResponseType(400)]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
         [Authorize(PlatformConstants.Security.Permissions.SecurityUpdate)]
         public async Task<ActionResult<SecurityResult>> ChangePassword([FromRoute] string userName, [FromBody] ChangePasswordRequest changePassword)
         {
@@ -368,7 +385,12 @@ public async Task<ActionResult<SecurityResult>> ChangePassword([FromRoute] strin
             var user = await _userManager.FindByNameAsync(userName);
             if (user == null)
             {
-                return BadRequest(IdentityResult.Failed(new IdentityError { Description = "User not found" }).ToSecurityResult());
+                return BadRequest(IdentityResult.Failed(new IdentityError { Description = "User not found." }).ToSecurityResult());
+            }
+
+            if (changePassword.OldPassword == changePassword.NewPassword)
+            {
+                return BadRequest(new SecurityResult { Errors = new[] { "Choose a different password." } });
             }
 
             var result = await _signInManager.UserManager.ChangePasswordAsync(user, changePassword.OldPassword, changePassword.NewPassword);
@@ -389,6 +411,7 @@ public async Task<ActionResult<SecurityResult>> ChangePassword([FromRoute] strin
         [HttpPost]
         [Route("currentuser/resetpassword")]
         [AllowAnonymous]
+        [Obsolete("use /currentuser/changepassword instead")]
         public async Task<ActionResult<SecurityResult>> ResetCurrentUserPassword([FromBody] ResetPasswordConfirmRequest resetPassword)
         {
             return await ResetPassword(User.Identity.Name, resetPassword);
@@ -547,6 +570,11 @@ public async Task<ActionResult<SecurityResult>> Update([FromBody] ApplicationUse
                 await _userManager.SetEmailAsync(user, user.Email);
             }
 
+            if (user.LastPasswordChangedDate != applicationUser.LastPasswordChangedDate)
+            {
+                user.LastPasswordChangedDate = applicationUser.LastPasswordChangedDate;
+            }
+
             var result = await _userManager.UpdateAsync(user);
 
             return Ok(result.ToSecurityResult());
diff --git a/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs b/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
index 69f8f81ca83..456ca553301 100644
--- a/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
+++ b/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Collections.Generic;
 using VirtoCommerce.Platform.Core.Common;
 
@@ -9,5 +10,6 @@ public class UserDetail : Entity
         public string UserName { get; set; }
         public bool isAdministrator { get; set; }
         public bool PasswordExpired { get; set; }
+        public DateTime? LastPasswordChangedDate { get; set; }
     }
 }
diff --git a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
index fbd2dab5a7a..cdc95e127f5 100644
--- a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
+++ b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
@@ -21,8 +21,10 @@ public class CustomUserManager : AspNetUserManager<ApplicationUser>
         private readonly RoleManager<Role> _roleManager;
         private readonly IEventPublisher _eventPublisher;
         private readonly IUserPasswordHasher _userPasswordHasher;
+        private readonly UserOptionsExtended _userOptionsExtended;
 
         public CustomUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOptions> optionsAccessor, IPasswordHasher<ApplicationUser> passwordHasher, IUserPasswordHasher userPasswordHasher,
+                                 IOptions<UserOptionsExtended> userOptionsExtended,
                                  IEnumerable<IUserValidator<ApplicationUser>> userValidators, IEnumerable<IPasswordValidator<ApplicationUser>> passwordValidators,
                                  ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider services,
                                  ILogger<UserManager<ApplicationUser>> logger, RoleManager<Role> roleManager, IPlatformMemoryCache memoryCache, IEventPublisher eventPublisher)
@@ -32,6 +34,7 @@ public CustomUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOpt
             _roleManager = roleManager;
             _eventPublisher = eventPublisher;
             _userPasswordHasher = userPasswordHasher;
+            _userOptionsExtended = userOptionsExtended.Value;
         }
 
         public override async Task<ApplicationUser> FindByLoginAsync(string loginProvider, string providerKey)
@@ -103,6 +106,7 @@ public override async Task<IdentityResult> ResetPasswordAsync(ApplicationUser us
         {
             //It is important to call base.FindByIdAsync method to avoid of update a cached user.
             var existUser = await base.FindByIdAsync(user.Id);
+            existUser.LastPasswordChangedDate = DateTime.UtcNow;
 
             var result = await base.ResetPasswordAsync(existUser, token, newPassword);
             if (result == IdentityResult.Success)
@@ -118,6 +122,8 @@ public override async Task<IdentityResult> ResetPasswordAsync(ApplicationUser us
 
         public override async Task<IdentityResult> ChangePasswordAsync(ApplicationUser user, string currentPassword, string newPassword)
         {
+            user.LastPasswordChangedDate = DateTime.UtcNow;
+
             var result = await base.ChangePasswordAsync(user, currentPassword, newPassword);
             if (result == IdentityResult.Success)
             {
@@ -290,6 +296,17 @@ protected virtual async Task LoadUserDetailsAsync(ApplicationUser user)
             {
                 throw new ArgumentNullException(nameof(user));
             }
+
+            // check password expiry policy and mark password as expired, if needed
+            var lastPasswordChangeDate = user.LastPasswordChangedDate ?? user.CreatedDate;
+            if (!user.PasswordExpired &&
+                _userOptionsExtended.MaxPasswordAge != null &&
+                _userOptionsExtended.MaxPasswordAge.Value > TimeSpan.Zero &&
+                lastPasswordChangeDate.Add(_userOptionsExtended.MaxPasswordAge.Value) < DateTime.UtcNow)
+            {
+                user.PasswordExpired = true;
+            }
+
             user.Roles = new List<Role>();
             foreach (var roleName in await base.GetRolesAsync(user))
             {
diff --git a/src/VirtoCommerce.Platform.Web/Startup.cs b/src/VirtoCommerce.Platform.Web/Startup.cs
index 930add561e7..56088b187e4 100644
--- a/src/VirtoCommerce.Platform.Web/Startup.cs
+++ b/src/VirtoCommerce.Platform.Web/Startup.cs
@@ -325,6 +325,7 @@ public void ConfigureServices(IServiceCollection services)
                 });
 
             services.Configure<IdentityOptions>(Configuration.GetSection("IdentityOptions"));
+            services.Configure<UserOptionsExtended>(Configuration.GetSection("IdentityOptions:User"));
 
             //always  return 401 instead of 302 for unauthorized  requests
             services.ConfigureApplicationCookie(options =>
diff --git a/src/VirtoCommerce.Platform.Web/appsettings.json b/src/VirtoCommerce.Platform.Web/appsettings.json
index 54e55352886..b2c7b1aa326 100644
--- a/src/VirtoCommerce.Platform.Web/appsettings.json
+++ b/src/VirtoCommerce.Platform.Web/appsettings.json
@@ -98,6 +98,7 @@
             "RequireNonAlphanumeric": false
         },
         "User": {
+            "MaxPasswordAge": "0",
             "RequireUniqueEmail": true
         },
         "Lockout": {
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
index ee860ec848a..56ddc928653 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
@@ -317,14 +317,18 @@
             },
             "account-changePassword": {
                 "labels": {
+                    "title": "Please enter a new password for the '{{userName}}' user",
+                    "force-change-info": "Your password has expired. You must <b>change the password to continue</b> using the manager.",
                     "current-password": "Current password",
                     "new-password": "New password",
-                    "repeat-password": "Repeat password"
+                    "repeat-password": "Repeat new password",
+                    "cancel": "Cancel",
+                    "save": "Change"
                 },
                 "validations": {
                     "current-password": "Required",
                     "new-password": "Old and new passwords are the same!",
-                    "repeat-password": "New passwords doesn't match!"
+                    "repeat-password": "New passwords do not match!"
                 },
                 "placeholders": {
                     "current-password": "Enter current password",
@@ -638,14 +642,6 @@
                     "Years": "Years"
                 }
             },
-            "change-password": {
-                "title": "Please enter a new password for the '{{userName}}' user",
-                "password": "New password:",
-                "confirm": "Repeat new password:",
-                "save": "Change password",
-                "postpone": "Postpone",
-                "force-change-info": "You must change the password to continue using the manager."
-            },
             "loginOnBehalf-list": {
                 "title": "Login as {{name}}",
                 "labels": {
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/includes/_constants.sass b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/includes/_constants.sass
index fd1070a09d6..f0f5280820d 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/includes/_constants.sass
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/includes/_constants.sass
@@ -57,8 +57,8 @@ $auqaBg: #76aeff
 $scrollTrack: #c9d6df
 $scrollThumb: #b4c0c8
 
-$genericErrorColor: #e51400
-$genericWarningColor: #f0a30a
+$genericErrorColor: #FF4A4A
+$genericWarningColor: $orangeBg
 $genericSuccessColor: #008a00
 $genericInfoColor: #43b0e6
 
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_base-modules.sass b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_base-modules.sass
index a48ac044d0e..b770c3f4a30 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_base-modules.sass
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_base-modules.sass
@@ -10,6 +10,13 @@
 .text-notify
   color: $noteNotifyColor
 
+form label.required:after
+  color: #F14E4E
+  content: " *"
+
+form label.label-error
+  color: $genericErrorColor
+
 /* Lists */
 ul,
 ol
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_project-modules.sass b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_project-modules.sass
index 883f7d12105..6248baf570d 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_project-modules.sass
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_project-modules.sass
@@ -75,7 +75,7 @@ $dashboardHeadHeight: 80px
 .log .__info
   color: $baseColor
 .log .__warning
-  color: #f0a30a
+  color: $genericWarningColor
 .log .__debug
   color: #a6a6a6
 .log .__error
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_window-modals.sass b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_window-modals.sass
index 95968e2a6e5..f80359367f2 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_window-modals.sass
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_window-modals.sass
@@ -74,6 +74,8 @@
   line-height: 38px
   position: relative
   z-index: 50
+.window-head.warning
+  background: $genericWarningColor
 .modal-content .modal-header
   height: auto
   line-height: 1
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/dialogs/changePasswordDialog.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/dialogs/changePasswordDialog.tpl.html
index 24ad0dcaba3..7cf9dc27c74 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/dialogs/changePasswordDialog.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/dialogs/changePasswordDialog.tpl.html
@@ -2,27 +2,33 @@
     <div class="window-status" ng-if="loginProgress">
         <div class="progress-bar"></div>
     </div>
-    <header class="window-head">
+    <header class="window-head" ng-class="{'warning': !canCancel}">
         <img class="__logo" ng-src="{{uiCustomization.contrast_logo || '/images/contrast-logo.png'}}" />
-        <span class="window-t">{{ 'platform.blades.change-password.title' | translate: {userName: userName} }}</span>
+        <span class="window-t">{{ 'platform.blades.account-changePassword.labels.title' | translate: {userName: userName} }}</span>
     </header>
     <div class="window-cnt">
         <form class="form" novalidate ng-submit="ok()" name="changePasswordForm">
-            <p class="note" style="white-space: pre-wrap">{{ 'platform.blades.change-password.force-change-info' | translate }}</p>
+            <p translate="platform.blades.account-changePassword.labels.force-change-info"></p>
             <div class="form-group">
-                <label class="form-label">{{ 'platform.blades.change-password.password' | translate }}</label>
-                <va-password-input password-placeholder="{{ 'platform.blades.account-resetPassword.placeholders.new-password' | translate }}"
+                <label class="form-label required">{{ 'platform.blades.account-changePassword.labels.current-password' | translate }}</label>
+                <div class="form-input">
+                    <input name="password" type="password" ng-model="postData.oldPassword" required va-autofill placeholder="{{ 'platform.blades.account-changePassword.placeholders.current-password' | translate }}">
+                </div>
+            </div>
+            <div class="form-group">
+                <label class="form-label required" ng-class="{'label-error': validatedPassword && !postData.newPassword}">{{ 'platform.blades.account-changePassword.labels.new-password' | translate }}</label>
+                <va-password-input password-placeholder="{{ 'platform.blades.account-changePassword.placeholders.new-password' | translate }}"
                                    password-too-weak-message="{{ 'platform.blades.account-resetPassword.validations.password-too-weak' | translate }}"
                                    run-password-validation="validatePasswordAsync(value)"
-                                   new-password="password" />
+                                   new-password="postData.newPassword" />
             </div>
             <div class="form-group">
-                <label class="form-label">{{ 'platform.blades.change-password.confirm' | translate }}</label>
+                <label class="form-label required">{{ 'platform.blades.account-changePassword.labels.repeat-password' | translate }}</label>
                 <div class="form-input">
-                    <input name="confirm" type="password" ng-model="confirm" ng-class="{'error': password != confirm}" required placeholder="{{ 'platform.blades.account-resetPassword.placeholders.repeat-password' | translate }}" ui-validate=" '$value==password' " ui-validate-watch=" 'password' ">
+                    <input name="confirm" type="password" ng-model="confirm" ng-class="{'error': postData.newPassword != confirm}" required placeholder="{{ 'platform.blades.account-changePassword.placeholders.repeat-password' | translate }}" ui-validate=" '$value==postData.newPassword' " ui-validate-watch=" 'postData.newPassword' ">
                 </div>
-                <div class="form-error" ng-if="!changePasswordForm.confirm.$pristine && password != confirm">
-                    <span>{{ 'platform.blades.account-resetPassword.validations.repeat-password' | translate }}</span>
+                <div class="form-error" ng-if="!changePasswordForm.confirm.$pristine && postData.newPassword != confirm">
+                    <span>{{ 'platform.blades.account-changePassword.validations.repeat-password' | translate }}</span>
                 </div>
             </div>
             <div class="form-group">
@@ -32,12 +38,12 @@
             </div>
             <div class="clearfix">
                 <div class="column">
-                    <div class="form-group __right">
-                        <button class="btn" type="button" ng-click="postpone()">
-                            <span>{{ 'platform.blades.change-password.postpone' | translate }}</span>
+                    <div class="__right">
+                        <button class="btn" type="button" ng-click="postpone()" ng-if="canCancel">
+                            <span>{{ 'platform.blades.account-changePassword.labels.cancel' | translate }}</span>
                         </button>
                         <button class="btn" type="submit" ng-disabled="changePasswordForm.$invalid">
-                            <span>{{ 'platform.blades.change-password.save' | translate }}</span>
+                            <span>{{ 'platform.blades.account-changePassword.labels.save' | translate }}</span>
                         </button>
                     </div>
                 </div>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
index 251ea416f45..1c78895ff5a 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
@@ -3,8 +3,8 @@ angular.module('platformWebApp').factory('platformWebApp.accounts', ['$resource'
         search: { method: 'POST' },
         save: { url: 'api/platform/security/users/create', method: 'POST' },
         changepassword: { url: 'api/platform/security/users/:id/changepassword', method: 'POST' },
+        changeCurrentUserPassword: { url: 'api/platform/security/currentuser/changepassword', method: 'POST' },
         resetPassword: { url: 'api/platform/security/users/:id/resetpassword', method: 'POST' },
-        resetCurrentUserPassword: { url: 'api/platform/security/currentuser/resetpassword', method: 'POST' },
         validatePassword: { url: 'api/platform/security/validatepassword', method: 'POST' },
         update: { method: 'PUT' },
         locked: { url: 'api/platform/security/users/:id/locked', method: 'GET' },
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
index 93d0bdb508d..5fdd50fdfe7 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
@@ -122,43 +122,49 @@ angular.module('platformWebApp')
                 ]
             });
 
-        $stateProvider.state('changePasswordDialog',
-            {
-                url: '/changepassword',
-                templateUrl: '$(Platform)/Scripts/app/security/dialogs/changePasswordDialog.tpl.html',
-                params: {
-                    onClose: null
-                },
-                controller: ['$q', '$scope', '$stateParams', 'platformWebApp.accounts', 'platformWebApp.authService', 'platformWebApp.passwordValidationService', function ($q, $scope, $stateParams, accounts, authService, passwordValidationService) {
-                    $scope.userName = authService.userName;
-                    if ($scope.userName) {
-                        accounts.get({ id: $scope.userName }, function (user) {
-                            if (!user || !user.passwordExpired) {
-                                $stateParams.onClose();
-                            }
-                        });
-                    }
+        $stateProvider.state('changePasswordDialog', {
+            url: '/changepassword',
+            templateUrl: '$(Platform)/Scripts/app/security/dialogs/changePasswordDialog.tpl.html',
+            params: {
+                onClose: null
+            },
+            controller: ['$state', '$scope', '$stateParams', 'platformWebApp.accounts', 'platformWebApp.authService', 'platformWebApp.passwordValidationService', function ($state, $scope, $stateParams, accounts, authService, passwordValidationService) {
+                if (!authService.isAuthenticated) {
+                    $state.go('loginDialog');
+                }
 
-                    $scope.validatePasswordAsync = function (value) {
-                        return passwordValidationService.validatePasswordAsync(value);
-                    }
+                $scope.userName = authService.userName;
+                $scope.canCancel = !authService.passwordExpired;
 
-                    $scope.postpone = function () {
-                        $stateParams.onClose();
-                    }
+                $scope.validatePasswordAsync = (value) => {
+                    $scope.validatedPassword = value;
+                    delete $scope.errors;
+                    return passwordValidationService.validatePasswordAsync(value);
+                };
 
-                    $scope.ok = function () {
-                        var postData = {
-                            NewPassword: $scope.password
-                        };
-                        accounts.resetCurrentUserPassword(postData, function (data) {
+                $scope.postpone = () => {
+                    $stateParams.onClose();
+                };
+
+                $scope.ok = () => {
+                    accounts.changeCurrentUserPassword($scope.postData, (result) => {
+                        if (result.succeeded) {
                             $stateParams.onClose();
-                        }, function (response) {
-                            $scope.errors = response.data.errors;
-                        });
-                    }
-                }]
-            });
+                        } else {
+                            showErrors(result);
+                        }
+                    }, (response) => {
+                        showErrors(response.data);
+                    });
+
+                };
+
+                var showErrors = (result) => {
+                    $scope.postData = {};
+                    $scope.errors = result.errors;
+                };
+            }]
+        });
     }])
     .run(['$rootScope', 'platformWebApp.mainMenuService', 'platformWebApp.metaFormsService', 'platformWebApp.widgetService', '$state', 'platformWebApp.authService',
         function ($rootScope, mainMenuService, metaFormsService, widgetService, $state, authService) {
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
new file mode 100644
index 00000000000..97aa25d3e9f
--- /dev/null
+++ b/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
@@ -0,0 +1,57 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity;
+using Moq;
+using VirtoCommerce.Platform.Core.Security;
+using VirtoCommerce.Platform.Tests.Caching;
+using Xunit;
+
+namespace VirtoCommerce.Platform.Tests.Security
+{
+    public class PasswordExpiryTests : MemoryCacheTestsBase
+    {
+        [Theory]
+        [ClassData(typeof(CreateExpiryTestData))]
+        public async Task TestUserPasswordExpiry(DateTime? lastPasswordChangedDate, TimeSpan? maxPasswordAge, bool isPasswordExpired)
+        {
+            //Arrange
+            var user = new ApplicationUser { Id = "id1", LastPasswordChangedDate = lastPasswordChangedDate };
+            var userStoreMock = new Mock<IUserStore<ApplicationUser>>();
+            userStoreMock.Setup(x => x.FindByIdAsync(user.Id, CancellationToken.None)).ReturnsAsync(user);
+
+            var userManager = SecurityMockHelpers.TestCustomUserManager(userStoreMock, new UserOptionsExtended
+            {
+                MaxPasswordAge = maxPasswordAge
+            },
+            GetPlatformMemoryCache());
+
+            //Act
+            user = await userManager.FindByIdAsync(user.Id);
+
+            //Assert
+            Assert.Equal(isPasswordExpired, user.PasswordExpired);
+        }
+
+        #region TestData
+
+        class CreateExpiryTestData : IEnumerable<object[]>
+        {
+            public IEnumerator<object[]> GetEnumerator()
+            {
+                // DateTime? lastPasswordChangedDate, TimeSpan? maxPasswordAge, bool isPasswordExpired
+                yield return new object[] { null, null, false };
+                yield return new object[] { null, TimeSpan.Zero, false };
+                yield return new object[] { null, TimeSpan.FromDays(7), true };
+                yield return new object[] { DateTime.UtcNow.AddDays(-9), null, false };
+                yield return new object[] { DateTime.UtcNow.AddDays(-9), TimeSpan.Zero, false };
+                yield return new object[] { DateTime.UtcNow.AddDays(-9), TimeSpan.FromDays(7), true };
+            }
+
+            IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
+        }
+        #endregion TestData
+    }
+}
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs b/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
index 34a159eff3c..81345f60005 100644
--- a/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
@@ -5,6 +5,7 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Moq;
+using VirtoCommerce.Platform.Caching;
 using VirtoCommerce.Platform.Core.Caching;
 using VirtoCommerce.Platform.Core.Events;
 using VirtoCommerce.Platform.Core.Security;
@@ -14,9 +15,14 @@ namespace VirtoCommerce.Platform.Tests.Security
 {
     public static class SecurityMockHelpers
     {
-        public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock = null, IEventPublisher eventPublisher = null)
+        public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock, IEventPublisher eventPublisher)
         {
-            storeMock = storeMock ?? new Mock<IUserStore<ApplicationUser>>();
+            return TestCustomUserManager(storeMock, null, null, eventPublisher);
+        }
+
+        public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock = null, UserOptionsExtended userOptions = null, PlatformMemoryCache platformMemoryCache = null, IEventPublisher eventPublisher = null)
+        {
+            storeMock ??= new Mock<IUserStore<ApplicationUser>>();
             storeMock.As<IUserRoleStore<ApplicationUser>>()
                 .Setup(x => x.GetRolesAsync(It.IsAny<ApplicationUser>(), CancellationToken.None))
                 .ReturnsAsync(Array.Empty<string>());
@@ -26,10 +32,17 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
             storeMock.Setup(x => x.UpdateAsync(It.IsAny<ApplicationUser>(), CancellationToken.None))
                 .ReturnsAsync(IdentityResult.Success);
 
-            var options = new Mock<IOptions<IdentityOptions>>();
+            var optionsMock = new Mock<IOptions<IdentityOptions>>();
             var idOptions = new IdentityOptions();
             idOptions.Lockout.AllowedForNewUsers = false;
-            options.Setup(o => o.Value).Returns(idOptions);
+            optionsMock.Setup(o => o.Value).Returns(idOptions);
+
+            userOptions ??= new UserOptionsExtended
+            {
+                MaxPasswordAge = new TimeSpan(0)
+            };
+            var userOptionsMock = new Mock<IOptions<UserOptionsExtended>>();
+            userOptionsMock.Setup(o => o.Value).Returns(userOptions);
             var userValidators = new List<IUserValidator<ApplicationUser>>();
             var validator = new Mock<IUserValidator<ApplicationUser>>();
             userValidators.Add(validator.Object);
@@ -48,6 +61,7 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
                 Mock.Of<IOptions<IdentityOptions>>(),
                 passwordHasher.Object,
                 passwordHasher.Object,
+                userOptionsMock.Object,
                 userValidators,
                 pwdValidators,
                 Mock.Of<ILookupNormalizer>(),
@@ -55,7 +69,7 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
                 Mock.Of<IServiceProvider>(),
                 Mock.Of<ILogger<UserManager<ApplicationUser>>>(),
                 roleManagerMock.Object,
-                Mock.Of<IPlatformMemoryCache>(),
+                platformMemoryCache ?? Mock.Of<IPlatformMemoryCache>(),
                 eventPublisher);
 
             validator.Setup(x => x.ValidateAsync(userManager, It.IsAny<ApplicationUser>()))

From 4aadd82325fbd2a63aceb0075c552456c9b56611 Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Tue, 30 Mar 2021 14:00:28 +0300
Subject: [PATCH 44/70] PT-509: Enable password changing for current user
 (#2195)

* PT-507: Enable current user to change his password manually
* Update passwordExpired flag in UI
---
 .../Controllers/Api/SecurityController.cs     |  2 +-
 .../dialogs/changePasswordDialog.tpl.html     |  4 +-
 .../security/login/headerUserProfileWidget.js | 15 +++-
 .../login/headerUserProfileWidget.tpl.html    |  4 +-
 .../wwwroot/js/app/security/security.js       | 83 ++++++++++---------
 5 files changed, 61 insertions(+), 47 deletions(-)

diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index 430eda40b2c..5d95f9f91ef 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -390,7 +390,7 @@ public async Task<ActionResult<SecurityResult>> ChangePassword([FromRoute] strin
 
             if (changePassword.OldPassword == changePassword.NewPassword)
             {
-                return BadRequest(new SecurityResult { Errors = new[] { "Choose a different password." } });
+                return BadRequest(new SecurityResult { Errors = new[] { "You have used this password in the past. Choose another one." } });
             }
 
             var result = await _signInManager.UserManager.ChangePasswordAsync(user, changePassword.OldPassword, changePassword.NewPassword);
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/dialogs/changePasswordDialog.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/dialogs/changePasswordDialog.tpl.html
index 7cf9dc27c74..55174ba15b0 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/dialogs/changePasswordDialog.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/dialogs/changePasswordDialog.tpl.html
@@ -8,7 +8,7 @@
     </header>
     <div class="window-cnt">
         <form class="form" novalidate ng-submit="ok()" name="changePasswordForm">
-            <p translate="platform.blades.account-changePassword.labels.force-change-info"></p>
+            <p ng-if="!canCancel" translate="platform.blades.account-changePassword.labels.force-change-info"></p>
             <div class="form-group">
                 <label class="form-label required">{{ 'platform.blades.account-changePassword.labels.current-password' | translate }}</label>
                 <div class="form-input">
@@ -39,7 +39,7 @@
             <div class="clearfix">
                 <div class="column">
                     <div class="__right">
-                        <button class="btn" type="button" ng-click="postpone()" ng-if="canCancel">
+                        <button class="btn" type="button" ng-click="cancel()" ng-if="canCancel">
                             <span>{{ 'platform.blades.account-changePassword.labels.cancel' | translate }}</span>
                         </button>
                         <button class="btn" type="submit" ng-disabled="changePasswordForm.$invalid">
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/login/headerUserProfileWidget.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/login/headerUserProfileWidget.js
index 30a57aebd31..5ae5b46821e 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/login/headerUserProfileWidget.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/login/headerUserProfileWidget.js
@@ -1,6 +1,6 @@
 angular.module('platformWebApp')
-    .directive('vaHeaderUserProfileWidget', ['$document', '$state', 'platformWebApp.authService',
-        function ($document, $state, authService) {
+    .directive('vaHeaderUserProfileWidget', ['$document', '$state', 'platformWebApp.authService', 'platformWebApp.dialogService',
+        function ($document, $state, authService, dialogService) {
 
             return {
                 restrict: 'E',
@@ -29,11 +29,18 @@ angular.module('platformWebApp')
 
                     scope.logout = function () {
                         authService.logout();
-                    }
+                    };
+
+                    scope.changePassword = () => {
+                        var dialog = {
+                            id: "changePasswordDialog"
+                        };
+                        dialogService.showDialog(dialog, '$(Platform)/Scripts/app/security/dialogs/changePasswordDialog.tpl.html', 'platformWebApp.changePasswordDialog');
+                    };
 
                     scope.manageProfile = function () {
                         $state.go('workspace.userProfile');
-                    }
+                    };
 
                     scope.toggleDropDown = function () {
                         scope.dropDownOpened = !scope.dropDownOpened;
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/login/headerUserProfileWidget.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/login/headerUserProfileWidget.tpl.html
index 13ad0ed252a..55899af928b 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/login/headerUserProfileWidget.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/login/headerUserProfileWidget.tpl.html
@@ -12,8 +12,8 @@
         <span class="account-user__carret"></span>
     </span>
     <div class="dropdown-menu">
-        <a href="#" class="dropdown-menu__item"
-            ng-click="manageProfile()">{{ 'platform.commands.manage-profile' | translate }}</a>
+        <a href="#" class="dropdown-menu__item" ng-click="manageProfile()">{{ 'platform.commands.manage-profile' | translate }}</a>
+        <a href="#" class="dropdown-menu__item" ng-click="changePassword()">{{ 'platform.commands.change-password' | translate }}</a>
         <a href="#" class="dropdown-menu__item" ng-click="logout()">{{ 'platform.commands.sign-out' | translate }}</a>
     </div>
 </div>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
index 5fdd50fdfe7..b9feeb1cf40 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
@@ -120,52 +120,59 @@ angular.module('platformWebApp')
                     bladeNavigationService.showBlade(blade);
                 }
                 ]
+            })
+
+            .state('changePasswordDialog', {
+                url: '/changepassword',
+                templateUrl: '$(Platform)/Scripts/app/security/dialogs/changePasswordDialog.tpl.html',
+                params: {
+                    onClose: null
+                },
+                controller: 'platformWebApp.changePasswordDialog'
             });
+    }])
 
-        $stateProvider.state('changePasswordDialog', {
-            url: '/changepassword',
-            templateUrl: '$(Platform)/Scripts/app/security/dialogs/changePasswordDialog.tpl.html',
-            params: {
-                onClose: null
-            },
-            controller: ['$state', '$scope', '$stateParams', 'platformWebApp.accounts', 'platformWebApp.authService', 'platformWebApp.passwordValidationService', function ($state, $scope, $stateParams, accounts, authService, passwordValidationService) {
-                if (!authService.isAuthenticated) {
-                    $state.go('loginDialog');
-                }
+    .controller('platformWebApp.changePasswordDialog', ['$state', '$scope', '$stateParams', 'platformWebApp.accounts', 'platformWebApp.authService', 'platformWebApp.passwordValidationService', function ($state, $scope, $stateParams, accounts, authService, passwordValidationService) {
+        if (!authService.isAuthenticated) {
+            $state.go('loginDialog');
+        }
 
-                $scope.userName = authService.userName;
-                $scope.canCancel = !authService.passwordExpired;
+        $scope.userName = authService.userName;
+        $scope.canCancel = !authService.passwordExpired;
 
-                $scope.validatePasswordAsync = (value) => {
-                    $scope.validatedPassword = value;
-                    delete $scope.errors;
-                    return passwordValidationService.validatePasswordAsync(value);
-                };
+        $scope.validatePasswordAsync = (value) => {
+            $scope.validatedPassword = value;
+            delete $scope.errors;
+            return passwordValidationService.validatePasswordAsync(value);
+        };
 
-                $scope.postpone = () => {
-                    $stateParams.onClose();
-                };
-
-                $scope.ok = () => {
-                    accounts.changeCurrentUserPassword($scope.postData, (result) => {
-                        if (result.succeeded) {
-                            $stateParams.onClose();
-                        } else {
-                            showErrors(result);
-                        }
-                    }, (response) => {
-                        showErrors(response.data);
-                    });
+        $scope.cancel = () => {
+            $scope.$dismiss('cancel');
+        };
 
-                };
+        $scope.ok = () => {
+            accounts.changeCurrentUserPassword($scope.postData, (result) => {
+                if (result.succeeded) {
+                    authService.passwordExpired = false;
+                    if (angular.isFunction($stateParams.onClose)) {
+                        $stateParams.onClose();
+                    } else {
+                        $scope.$close(true);
+                    }
+                } else {
+                    showErrors(result);
+                }
+            }, (response) => {
+                showErrors(response.data);
+            });
+        };
 
-                var showErrors = (result) => {
-                    $scope.postData = {};
-                    $scope.errors = result.errors;
-                };
-            }]
-        });
+        var showErrors = (result) => {
+            $scope.postData = {};
+            $scope.errors = result.errors;
+        };
     }])
+
     .run(['$rootScope', 'platformWebApp.mainMenuService', 'platformWebApp.metaFormsService', 'platformWebApp.widgetService', '$state', 'platformWebApp.authService',
         function ($rootScope, mainMenuService, metaFormsService, widgetService, $state, authService) {
             //Register module in main menu

From 28db2a9b0bdc463d49731bacff601a6cc18b3b98 Mon Sep 17 00:00:00 2001
From: Tatarincev Eugeney <et@virtoway.com>
Date: Wed, 31 Mar 2021 14:32:47 +0200
Subject: [PATCH 45/70] PT-781: Allow to search users by their roles (#2194)

* Add possibility to search users by their roles

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../Security/ApplicationUser.cs                 |  1 +
 .../Security/Role.cs                            |  2 +-
 .../Security/Search/UserSearchCriteria.cs       |  2 ++
 .../SecurityDbContextModelSnapshot.cs           |  4 ++--
 .../Repositories/SecurityDbContext.cs           | 10 ++++++++++
 .../Services/UserSearchService.cs               | 17 ++++++++++++++++-
 .../Controllers/Api/SecurityController.cs       |  4 +++-
 .../Security/ServiceCollectionExtensions.cs     |  8 +++++++-
 .../js/app/security/resources/accounts.js       |  2 +-
 9 files changed, 43 insertions(+), 7 deletions(-)

diff --git a/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs b/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
index f5ef27ecff7..536e9f711f0 100644
--- a/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
+++ b/src/VirtoCommerce.Platform.Core/Security/ApplicationUser.cs
@@ -25,6 +25,7 @@ public class ApplicationUser : IdentityUser, IEntity, IAuditable, ICloneable
         public virtual string CreatedBy { get; set; }
         public virtual string ModifiedBy { get; set; }
         public virtual IList<Role> Roles { get; set; }
+        public virtual ICollection<IdentityUserRole<string>> UserRoles { get; set; }
 
         /// <summary>
         /// Obsolete. Use LockoutEnd. DateTime in UTC when lockout ends, any time in the past is considered not locked out.
diff --git a/src/VirtoCommerce.Platform.Core/Security/Role.cs b/src/VirtoCommerce.Platform.Core/Security/Role.cs
index 18d11cf03ce..6bee2be73d0 100644
--- a/src/VirtoCommerce.Platform.Core/Security/Role.cs
+++ b/src/VirtoCommerce.Platform.Core/Security/Role.cs
@@ -15,7 +15,7 @@ public Role()
 
         public string Description { get; set; }
         public IList<Permission> Permissions { get; set; }
-                
+        public ICollection<IdentityUserRole<string>> UserRoles { get; set; }
 
         public virtual void Patch(Role target)
         {
diff --git a/src/VirtoCommerce.Platform.Core/Security/Search/UserSearchCriteria.cs b/src/VirtoCommerce.Platform.Core/Security/Search/UserSearchCriteria.cs
index ea6ae81b76c..f80eedf8d9b 100644
--- a/src/VirtoCommerce.Platform.Core/Security/Search/UserSearchCriteria.cs
+++ b/src/VirtoCommerce.Platform.Core/Security/Search/UserSearchCriteria.cs
@@ -9,6 +9,8 @@ public class UserSearchCriteria : SearchCriteriaBase
         public string MemberId { get; set; }
         public IList<string> MemberIds { get; set; }
         public DateTime? ModifiedSinceDate { get; set; }
+        //Search users by their role names
+        public string[] Roles { get; set; }
         //TODO: Update UI pagination to use Skip and Take properties
     }
 }
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
index 2f9dd18a9ab..b57aa1ab35b 100644
--- a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
+++ b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
@@ -529,13 +529,13 @@ protected override void BuildModel(ModelBuilder modelBuilder)
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
                 {
                     b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
-                        .WithMany()
+                        .WithMany("UserRoles")
                         .HasForeignKey("RoleId")
                         .OnDelete(DeleteBehavior.Cascade)
                         .IsRequired();
 
                     b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
-                        .WithMany()
+                        .WithMany("UserRoles")
                         .HasForeignKey("UserId")
                         .OnDelete(DeleteBehavior.Cascade)
                         .IsRequired();
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
index 1ada0ebcf19..5a95f049e6d 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
@@ -28,6 +28,16 @@ protected override void OnModelCreating(ModelBuilder builder)
             builder.Entity<UserApiKeyEntity>().Property(x => x.CreatedBy).HasMaxLength(64);
             builder.Entity<UserApiKeyEntity>().Property(x => x.ModifiedBy).HasMaxLength(64);
 
+            builder.Entity<IdentityUserRole<string>>(userRole =>
+            {
+                userRole.HasOne<Role>()
+                    .WithMany(r => r.UserRoles)
+                    .HasForeignKey(ur => ur.RoleId);
+
+                userRole.HasOne<ApplicationUser>()
+                    .WithMany(r => r.UserRoles)
+                    .HasForeignKey(ur => ur.UserId);
+            });
 
             // Customize the ASP.NET Identity model and override the defaults if needed.
             // For example, you can rename the ASP.NET Identity table names and more.
diff --git a/src/VirtoCommerce.Platform.Security/Services/UserSearchService.cs b/src/VirtoCommerce.Platform.Security/Services/UserSearchService.cs
index 17a5f9b846c..22647c9b186 100644
--- a/src/VirtoCommerce.Platform.Security/Services/UserSearchService.cs
+++ b/src/VirtoCommerce.Platform.Security/Services/UserSearchService.cs
@@ -12,10 +12,12 @@ namespace VirtoCommerce.Platform.Security.Services
     public class UserSearchService : IUserSearchService
     {
         private readonly Func<UserManager<ApplicationUser>> _userManagerFactory;
+        private readonly Func<RoleManager<Role>> _roleManagerFactory;
 
-        public UserSearchService(Func<UserManager<ApplicationUser>> userManager)
+        public UserSearchService(Func<UserManager<ApplicationUser>> userManager, Func<RoleManager<Role>> roleManagerFactory)
         {
             _userManagerFactory = userManager;
+            _roleManagerFactory = roleManagerFactory;
         }
 
         public async Task<UserSearchResult> SearchUsersAsync(UserSearchCriteria criteria)
@@ -53,6 +55,19 @@ public async Task<UserSearchResult> SearchUsersAsync(UserSearchCriteria criteria
                     query = query.Where(x => x.ModifiedDate > criteria.ModifiedSinceDate);
                 }
 
+                if (!criteria.Roles.IsNullOrEmpty())
+                {
+                    var roleManager = _roleManagerFactory();
+                    if (!roleManager.SupportsQueryableRoles)
+                    {
+                        throw new NotSupportedException();
+                    }
+                    var rolesIds = await roleManager.Roles.Where(x => criteria.Roles.Contains(x.Name)).Select(x => x.Id).Distinct().ToArrayAsync();
+
+                    query = query.Where(x => x.UserRoles.Any(r => rolesIds.Contains(r.RoleId)));
+
+                }
+
                 result.TotalCount = await query.CountAsync();
 
                 var sortInfos = criteria.SortInfos;
diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index 5d95f9f91ef..efb6d320e69 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -261,12 +261,14 @@ await _roleManager.RoleExistsAsync(role.Name) :
             return Ok(result.ToSecurityResult());
         }
 
+
         /// <summary>
         /// SearchAsync users by keyword
         /// </summary>
         /// <param name="criteria">Search criteria.</param>
         [HttpPost]
-        [Route("users")]
+        [Route("users/search")]
+        [Route("users")] //PT-789: Obsolete, remove later left only for backward compatibility with V2
         [Authorize(PlatformConstants.Security.Permissions.SecurityQuery)]
         public async Task<ActionResult<UserSearchResult>> SearchUsers([FromBody] UserSearchCriteria criteria)
         {
diff --git a/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs b/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
index b3bc0cc1eb2..9f18f7b8e31 100644
--- a/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
+++ b/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
@@ -26,11 +26,17 @@ public static IServiceCollection AddSecurityServices(this IServiceCollection ser
             services.AddSingleton<IPermissionsRegistrar, DefaultPermissionProvider>();
             services.AddScoped<IRoleSearchService, RoleSearchService>();
             //Register as singleton because this abstraction can be used as dependency in singleton services
-            services.AddSingleton<IUserSearchService>(provider => new UserSearchService(provider.CreateScope().ServiceProvider.GetService<Func<UserManager<ApplicationUser>>>()));
+            services.AddSingleton<IUserSearchService>(provider =>
+            {
+                var scope = provider.CreateScope();
+                return new UserSearchService(scope.ServiceProvider.GetService<Func<UserManager<ApplicationUser>>>(),
+                                             scope.ServiceProvider.GetService<Func<RoleManager<Role>>>());
+            });
 
             //Identity dependencies override
             services.TryAddScoped<RoleManager<Role>, CustomRoleManager>();
             services.TryAddScoped<UserManager<ApplicationUser>, CustomUserManager>();
+            services.AddSingleton<Func<RoleManager<Role>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<RoleManager<Role>>());
             services.AddSingleton<Func<UserManager<ApplicationUser>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<UserManager<ApplicationUser>>());
             services.AddSingleton<Func<SignInManager<ApplicationUser>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<SignInManager<ApplicationUser>>());
             services.AddSingleton<IUserPasswordHasher, DefaultUserPasswordHasher>();
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
index 1c78895ff5a..7b65dc89c7d 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
@@ -1,6 +1,6 @@
 angular.module('platformWebApp').factory('platformWebApp.accounts', ['$resource', function ($resource) {
     return $resource('api/platform/security/users/:id', { id: '@Id' }, {
-        search: { method: 'POST' },
+        search: { url: 'api/platform/security/users/search', method:'POST' },
         save: { url: 'api/platform/security/users/create', method: 'POST' },
         changepassword: { url: 'api/platform/security/users/:id/changepassword', method: 'POST' },
         changeCurrentUserPassword: { url: 'api/platform/security/currentuser/changepassword', method: 'POST' },

From 3220705a940891e3b29d4ba07062105bcc7e8798 Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Wed, 31 Mar 2021 23:15:33 +0300
Subject: [PATCH 46/70] PT-519: Add password expiry warning to UI (#2197)

* PT-519: Add password expiry warning to UI
* PT-519: Refactor password expiry calculation, add unit test (#2198)
---
 .../Controllers/Api/SecurityController.cs     |  8 +++-
 .../Model/Security/UserDetail.cs              |  3 +-
 .../Security/PasswordExpiryHelper.cs          | 29 ++++++++++++
 .../en.VirtoCommerce.Platform.json            |  5 ++
 .../css/themes/main/sass/modules/_header.sass | 17 +++++++
 .../wwwroot/images/header/warning.svg         |  4 ++
 .../js/app/navigation/header/header.tpl.html  |  5 +-
 .../directives/headerPasswordWidget.js        | 30 ++++++++++++
 .../directives/headerPasswordWidget.tpl.html  | 10 ++++
 .../wwwroot/js/app/security/security.js       |  5 +-
 .../Security/PasswordExpiryTests.cs           | 47 +++++++++++++++++++
 11 files changed, 156 insertions(+), 7 deletions(-)
 create mode 100644 src/VirtoCommerce.Platform.Web/Security/PasswordExpiryHelper.cs
 create mode 100644 src/VirtoCommerce.Platform.Web/wwwroot/images/header/warning.svg
 create mode 100644 src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/headerPasswordWidget.js
 create mode 100644 src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/headerPasswordWidget.tpl.html

diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index efb6d320e69..c6c91b7e778 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -20,6 +20,7 @@
 using VirtoCommerce.Platform.Core.Security.Events;
 using VirtoCommerce.Platform.Core.Security.Search;
 using VirtoCommerce.Platform.Web.Model.Security;
+using VirtoCommerce.Platform.Web.Security;
 using PlatformPermissions = VirtoCommerce.Platform.Core.PlatformConstants.Security.Permissions;
 using SignInResult = Microsoft.AspNetCore.Identity.SignInResult;
 
@@ -32,6 +33,7 @@ public class SecurityController : Controller
         private readonly UserManager<ApplicationUser> _userManager;
         private readonly RoleManager<Role> _roleManager;
         private readonly Core.Security.AuthorizationOptions _securityOptions;
+        private readonly UserOptionsExtended _userOptionsExtended;
         private readonly IPermissionsRegistrar _permissionsProvider;
         private readonly IUserSearchService _userSearchService;
         private readonly IRoleSearchService _roleSearchService;
@@ -42,12 +44,13 @@ public class SecurityController : Controller
 
         public SecurityController(SignInManager<ApplicationUser> signInManager, UserManager<ApplicationUser> userManager, RoleManager<Role> roleManager,
                 IPermissionsRegistrar permissionsProvider, IUserSearchService userSearchService, IRoleSearchService roleSearchService,
-                IOptions<Core.Security.AuthorizationOptions> securityOptions, IPasswordCheckService passwordCheckService, IEmailSender emailSender,
+                IOptions<Core.Security.AuthorizationOptions> securityOptions, IOptions<UserOptionsExtended> userOptionsExtended, IPasswordCheckService passwordCheckService, IEmailSender emailSender,
                 IEventPublisher eventPublisher, IUserApiKeyService userApiKeyService)
         {
             _signInManager = signInManager;
             _userManager = userManager;
             _securityOptions = securityOptions.Value;
+            _userOptionsExtended = userOptionsExtended.Value;
             _passwordCheckService = passwordCheckService;
             _permissionsProvider = permissionsProvider;
             _roleManager = roleManager;
@@ -116,13 +119,14 @@ public async Task<ActionResult<UserDetail>> GetCurrentUser()
             {
                 return NotFound();
             }
+
             var result = new UserDetail
             {
                 Id = user.Id,
                 isAdministrator = user.IsAdministrator,
                 UserName = user.UserName,
                 PasswordExpired = user.PasswordExpired,
-                LastPasswordChangedDate = user.LastPasswordChangedDate,
+                DaysTillPasswordExpiry = PasswordExpiryHelper.ContDaysTillPasswordExpiry(user, _userOptionsExtended),
                 Permissions = user.Roles.SelectMany(x => x.Permissions).Select(x => x.Name).Distinct().ToArray()
             };
 
diff --git a/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs b/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
index 456ca553301..7ad4b3efb51 100644
--- a/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
+++ b/src/VirtoCommerce.Platform.Web/Model/Security/UserDetail.cs
@@ -1,4 +1,3 @@
-using System;
 using System.Collections.Generic;
 using VirtoCommerce.Platform.Core.Common;
 
@@ -10,6 +9,6 @@ public class UserDetail : Entity
         public string UserName { get; set; }
         public bool isAdministrator { get; set; }
         public bool PasswordExpired { get; set; }
-        public DateTime? LastPasswordChangedDate { get; set; }
+        public int DaysTillPasswordExpiry { get; set; }
     }
 }
diff --git a/src/VirtoCommerce.Platform.Web/Security/PasswordExpiryHelper.cs b/src/VirtoCommerce.Platform.Web/Security/PasswordExpiryHelper.cs
new file mode 100644
index 00000000000..ef2100417e1
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Web/Security/PasswordExpiryHelper.cs
@@ -0,0 +1,29 @@
+using System;
+using VirtoCommerce.Platform.Core.Security;
+
+namespace VirtoCommerce.Platform.Web.Security
+{
+    public static class PasswordExpiryHelper
+    {
+        public static int ContDaysTillPasswordExpiry(ApplicationUser user, UserOptionsExtended userOptions)
+        {
+            var result = -1; // not a valid expiry days number
+
+            if (!user.PasswordExpired &&
+                userOptions.RemindPasswordExpiryInDays > 0 &&
+                userOptions.MaxPasswordAge != null &&
+                userOptions.MaxPasswordAge.Value > TimeSpan.Zero)
+            {
+                var lastPasswordChangeDate = user.LastPasswordChangedDate ?? user.CreatedDate;
+                var timeTillExpiry = lastPasswordChangeDate.Add(userOptions.MaxPasswordAge.Value) - DateTime.UtcNow;
+                if (timeTillExpiry > TimeSpan.Zero &&
+                    timeTillExpiry < TimeSpan.FromDays(userOptions.RemindPasswordExpiryInDays))
+                {
+                    result = timeTillExpiry.Days;
+                }
+            }
+
+            return result;
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
index 56ddc928653..3f5130add78 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
@@ -679,6 +679,11 @@
                 "renew": "Renew",
                 "expiration-date": "Expiration Date"
             },
+            "password-expiry": {
+                "expire-days": "To protect your account you will need to change your password <b>in {{count}} days.</b> ",
+                "expire-today": "To protect your account you will need to change your password <b>today.</b> ",
+                "change-link": "Change now"
+            },
             "modulesAutoInstallation": {
                 "labels": {
                     "module-auto-installation": "Modules auto installation",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_header.sass b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_header.sass
index 38a71e26f74..217db9e2759 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_header.sass
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/css/themes/main/sass/modules/_header.sass
@@ -17,6 +17,11 @@
       $width: getBladeContentSize($bladeSizeName)
       min-width: $width
       width: $width
+  &__info2
+    color: $whiteColor
+    @include blaseSizes()
+      min-width: 340px
+      width: 340px
   &__nav
     display: flex
     margin-left: auto
@@ -41,6 +46,8 @@
       width: 20px
       &.__animated
         animation: bell ease-in-out 1s .5s
+      &--warning
+        background-image: url('/images/header/warning.svg')
       &--settings
         background-image: url('/images/header/settings.svg')
       &--help
@@ -64,6 +71,16 @@
     &.active
       cursor: pointer
 
+  // Password expiry warning
+  .password-expiry
+    align-items: center
+    display: flex
+    height: 100%
+    &__text
+      white-space: normal;
+      font-size: 12px
+      margin-right: 20px
+
   // Account user
   .account-user
     align-items: center
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/images/header/warning.svg b/src/VirtoCommerce.Platform.Web/wwwroot/images/header/warning.svg
new file mode 100644
index 00000000000..fac3e75c97d
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/images/header/warning.svg
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg width="24" height="21" viewBox="0 0 24 21" fill="none" xmlns="http://www.w3.org/2000/svg">
+    <path d="M22.9493 18.0474C23.6931 19.3597 22.7595 21 21.2739 21H1.9364C0.447983 21 -0.481325 19.3571 0.261009 18.0474L9.92989 0.98376C10.674 -0.329109 12.5378 -0.32673 13.2807 0.98376L22.9493 18.0474ZM11.6053 14.5195C10.5816 14.5195 9.75166 15.3642 9.75166 16.4062C9.75166 17.4483 10.5816 18.293 11.6053 18.293C12.629 18.293 13.4589 17.4483 13.4589 16.4062C13.4589 15.3642 12.629 14.5195 11.6053 14.5195ZM9.84543 7.73776L10.1443 13.3159C10.1583 13.5769 10.3704 13.7812 10.6272 13.7812H12.5834C12.8402 13.7812 13.0522 13.5769 13.0662 13.3159L13.3651 7.73776C13.3802 7.45582 13.1597 7.21875 12.8823 7.21875H10.3282C10.0508 7.21875 9.83032 7.45582 9.84543 7.73776Z" fill="white"/>
+</svg>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/navigation/header/header.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/navigation/header/header.tpl.html
index f4c7f93da01..439a794d60a 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/navigation/header/header.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/navigation/header/header.tpl.html
@@ -1,13 +1,14 @@
 <header class="header">
     <va-header-license-widget></va-header-license-widget>
+    <va-header-password-widget></va-header-password-widget>
 
     <div class="header__nav">
         <div class="header__nav-item" va-tooltip tooltip="{{'platform.menu.settings' | translate}}"
-            tooltip-placement="bottom" tooltip-animation="false" tooltip-popup-delay="{{tooltipPopupDelay}}">
+             tooltip-placement="bottom" tooltip-animation="false" tooltip-popup-delay="{{tooltipPopupDelay}}">
             <span class="header__nav-ico header__nav-ico--settings" ng-click="manageSettings()"></span>
         </div>
         <div class="header__nav-item" va-tooltip tooltip="{{'platform.menu.help' | translate}}"
-            tooltip-placement="bottom" tooltip-animation="false" tooltip-popup-delay="{{tooltipPopupDelay}}">
+             tooltip-placement="bottom" tooltip-animation="false" tooltip-popup-delay="{{tooltipPopupDelay}}">
             <a class="header__nav-ico header__nav-ico--help" href="https://virtocommerce.com/docs" target="_blank"></a>
         </div>
         <va-header-notification-widget></va-header-notification-widget>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/headerPasswordWidget.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/headerPasswordWidget.js
new file mode 100644
index 00000000000..1d3e0147114
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/headerPasswordWidget.js
@@ -0,0 +1,30 @@
+angular.module('platformWebApp').directive('vaHeaderPasswordWidget', ['$rootScope', 'platformWebApp.authService', 'platformWebApp.dialogService',
+    function ($rootScope, authService, dialogService) {
+        return {
+            restrict: 'E',
+            replace: true,
+            transclude: true,
+            templateUrl: '$(Platform)/Scripts/app/security/directives/headerPasswordWidget.tpl.html',
+            link: function (scope) {
+                scope.daysTillPasswordExpiry = authService.daysTillPasswordExpiry;
+
+                $rootScope.$on('userPasswordChanged', function (event, authContext) {
+                    if (authContext.isAuthenticated) {
+                        scope.daysTillPasswordExpiry = authService.daysTillPasswordExpiry;
+                    }
+                });
+
+                scope.changePassword = () => {
+                    var dialog = {
+                        id: "changePasswordDialog",
+                        callback: (confirm) => {
+                            if (confirm) {
+                                scope.daysTillPasswordExpiry = authService.daysTillPasswordExpiry = -1;
+                            }
+                        }
+                    };
+                    dialogService.showDialog(dialog, '$(Platform)/Scripts/app/security/dialogs/changePasswordDialog.tpl.html', 'platformWebApp.changePasswordDialog');
+                };
+            }
+        }
+    }]);
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/headerPasswordWidget.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/headerPasswordWidget.tpl.html
new file mode 100644
index 00000000000..113292dbbae
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/headerPasswordWidget.tpl.html
@@ -0,0 +1,10 @@
+<div ng-if="daysTillPasswordExpiry >= 0" class="header__info2">
+    <div class="password-expiry">
+        <span class="header__nav-ico header__nav-ico--warning"></span>
+        <div class="password-expiry__text">
+            <span ng-if="daysTillPasswordExpiry" translate="platform.templates.password-expiry.expire-days" translate-values="{count:daysTillPasswordExpiry}"></span>
+            <span ng-if="!daysTillPasswordExpiry" translate="platform.templates.password-expiry.expire-today"></span>
+            <a href="" ng-click="changePassword()" style="font-size: 12px">{{'platform.templates.password-expiry.change-link' | translate }}</a>
+        </div>
+    </div>
+</div>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
index b9feeb1cf40..efc067c98ab 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
@@ -132,7 +132,7 @@ angular.module('platformWebApp')
             });
     }])
 
-    .controller('platformWebApp.changePasswordDialog', ['$state', '$scope', '$stateParams', 'platformWebApp.accounts', 'platformWebApp.authService', 'platformWebApp.passwordValidationService', function ($state, $scope, $stateParams, accounts, authService, passwordValidationService) {
+    .controller('platformWebApp.changePasswordDialog', ['$rootScope', '$state', '$scope', '$stateParams', 'platformWebApp.accounts', 'platformWebApp.authService', 'platformWebApp.passwordValidationService', function ($rootScope, $state, $scope, $stateParams, accounts, authService, passwordValidationService) {
         if (!authService.isAuthenticated) {
             $state.go('loginDialog');
         }
@@ -154,6 +154,9 @@ angular.module('platformWebApp')
             accounts.changeCurrentUserPassword($scope.postData, (result) => {
                 if (result.succeeded) {
                     authService.passwordExpired = false;
+                    authService.daysTillPasswordExpiry = -1;
+                    $rootScope.$emit('userPasswordChanged', authService);
+
                     if (angular.isFunction($stateParams.onClose)) {
                         $stateParams.onClose();
                     } else {
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
index 97aa25d3e9f..4c6b7306f91 100644
--- a/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
@@ -7,6 +7,7 @@
 using Moq;
 using VirtoCommerce.Platform.Core.Security;
 using VirtoCommerce.Platform.Tests.Caching;
+using VirtoCommerce.Platform.Web.Security;
 using Xunit;
 
 namespace VirtoCommerce.Platform.Tests.Security
@@ -35,6 +36,31 @@ public async Task TestUserPasswordExpiry(DateTime? lastPasswordChangedDate, Time
             Assert.Equal(isPasswordExpired, user.PasswordExpired);
         }
 
+        [Theory]
+        [ClassData(typeof(CreateExpiryTestDataCalculator))]
+        public void TestPasswordExpiryCalculator(bool passwordExpired, int remindPasswordExpiryInDays, TimeSpan? maxPasswordAge, int expectedDays)
+        {
+            //Arrange
+            var user = new ApplicationUser
+            {
+                LastPasswordChangedDate = DateTime.UtcNow.AddDays(-20),
+                PasswordExpired = passwordExpired
+            };
+
+            var userOptionsExtended = new UserOptionsExtended
+            {
+                RemindPasswordExpiryInDays = remindPasswordExpiryInDays,
+                MaxPasswordAge = maxPasswordAge
+            };
+
+            //Act
+            var daysTillPasswordExpiry = PasswordExpiryHelper.ContDaysTillPasswordExpiry(user, userOptionsExtended);
+
+
+            //Assert
+            Assert.Equal(expectedDays, daysTillPasswordExpiry);
+        }
+
         #region TestData
 
         class CreateExpiryTestData : IEnumerable<object[]>
@@ -52,6 +78,27 @@ public IEnumerator<object[]> GetEnumerator()
 
             IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
         }
+
+        class CreateExpiryTestDataCalculator : IEnumerable<object[]>
+        {
+            public IEnumerator<object[]> GetEnumerator()
+            {
+                // The password was changed 20 days ago. Other params:
+                // bool passwordExpired, int remindPasswordExpiryInDays, TimeSpan? maxPasswordAge, int expectedDays
+                yield return new object[] { false, 0, null, -1 };
+                yield return new object[] { false, 0, TimeSpan.Zero, -1 };
+                yield return new object[] { false, 0, TimeSpan.FromDays(25), -1 };
+                yield return new object[] { false, 7, null, -1 };
+                yield return new object[] { false, 7, TimeSpan.Zero, -1 };
+                yield return new object[] { false, 7, new TimeSpan(20, 0, 0, 5), 0 };
+                yield return new object[] { false, 7, TimeSpan.FromDays(21), 0 };
+                yield return new object[] { false, 7, TimeSpan.FromDays(25), 4 };
+                yield return new object[] { false, 7, TimeSpan.FromDays(28), -1 };
+                yield return new object[] { true, 7, TimeSpan.FromDays(25), -1 };
+            }
+
+            IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
+        }
         #endregion TestData
     }
 }

From ba46fd8f023eca1fa07b14915173a404bd77cd06 Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Thu, 1 Apr 2021 10:32:53 +0300
Subject: [PATCH 47/70] PT-812: Prevent working with expired password (#2199)

---
 .../wwwroot/js/app/security/security.js               | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
index efc067c98ab..317e4c4e49c 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/security.js
@@ -176,8 +176,8 @@ angular.module('platformWebApp')
         };
     }])
 
-    .run(['$rootScope', 'platformWebApp.mainMenuService', 'platformWebApp.metaFormsService', 'platformWebApp.widgetService', '$state', 'platformWebApp.authService',
-        function ($rootScope, mainMenuService, metaFormsService, widgetService, $state, authService) {
+    .run(['$transitions', 'platformWebApp.mainMenuService', 'platformWebApp.metaFormsService', 'platformWebApp.widgetService', '$state', 'platformWebApp.authService',
+        function ($transitions, mainMenuService, metaFormsService, widgetService, $state, authService) {
             //Register module in main menu
             var menuItem = {
                 path: 'configuration/security',
@@ -238,4 +238,11 @@ angular.module('platformWebApp')
                 controller: 'platformWebApp.accountApiWidgetController',
                 template: '$(Platform)/Scripts/app/security/widgets/accountApiWidget.tpl.html',
             }, 'accountDetail');
+
+            // Prevent transition to workspace if password expired
+            $transitions.onBefore({ to: 'workspace.**' }, function (transition) {
+                if (authService.isAuthenticated && authService.passwordExpired) {
+                    return transition.router.stateService.target('changePasswordDialog');
+                }
+            });
         }]);

From 8e537c121a1e317ee5d76f371207993ca81f74b7 Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Thu, 1 Apr 2021 15:05:29 +0300
Subject: [PATCH 48/70] PT-504: Update Password checker to match
 AspNetCore.Identity options (#2201)

---
 .../Security/PasswordValidationResult.cs      | 10 ++++++++++
 .../Services/PasswordCheckService.cs          | 20 +++++++++++++++----
 .../en.VirtoCommerce.Platform.json            |  1 +
 .../security/blades/account-resetPassword.js  |  1 +
 .../services/passwordValidationService.js     |  1 +
 .../Security/PasswordCheckServiceTests.cs     |  1 +
 6 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs b/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
index abb5a26c918..690322489e7 100644
--- a/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
+++ b/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
@@ -20,6 +20,16 @@ public class PasswordValidationResult
         /// </summary>
         public bool PasswordViolatesMinLength { get; set; }
 
+        /// <summary>
+        /// Minimal unique chars count.
+        /// </summary>
+        public int MinUniqueCharsCount { get; set; }
+
+        /// <summary>
+        /// Indicates that password comprised of less than minimum number of unique chars.
+        /// </summary>
+        public bool PasswordViolatesMinUniqueCharsCount { get; set; }
+
         /// <summary>
         /// Indicates that entered password lacks one or more lower-case letters.
         /// </summary>
diff --git a/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs b/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
index 5e74ce58dc2..8a74609dfa6 100644
--- a/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
+++ b/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
@@ -1,4 +1,5 @@
 using System.Linq;
+using System.Text.RegularExpressions;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Identity;
 using VirtoCommerce.Platform.Core.Security;
@@ -10,8 +11,6 @@ namespace VirtoCommerce.Platform.Security.Services
     /// </summary>
     public class PasswordCheckService : IPasswordCheckService
     {
-        protected char[] SpecialCharacters { get; } = { '!', '@', '#', '$', '%', '^', '&', '*', '?', '_', '~', '-', '£', '(', ')', '.', ',' };
-
         protected IdentityOptions Options { get; }
 
         /// <summary>
@@ -29,7 +28,8 @@ public virtual Task<PasswordValidationResult> ValidatePasswordAsync(string passw
             var result = new PasswordValidationResult
             {
                 PasswordIsValid = true,
-                MinPasswordLength = Options.Password.RequiredLength
+                MinPasswordLength = Options.Password.RequiredLength,
+                MinUniqueCharsCount = Options.Password.RequiredUniqueChars
             };
 
             if (!HasSufficientLength(password))
@@ -38,6 +38,12 @@ public virtual Task<PasswordValidationResult> ValidatePasswordAsync(string passw
                 result.PasswordViolatesMinLength = true;
             }
 
+            if (!HasSufficientUniqueChars(password))
+            {
+                result.PasswordIsValid = false;
+                result.PasswordViolatesMinUniqueCharsCount = true;
+            }
+
             if (Options.Password.RequireUppercase && !HasUpperCaseLetter(password))
             {
                 result.PasswordIsValid = false;
@@ -71,6 +77,12 @@ protected virtual bool HasSufficientLength(string password)
                    && password.Length >= Options.Password.RequiredLength;
         }
 
+        private bool HasSufficientUniqueChars(string password)
+        {
+            return !string.IsNullOrEmpty(password)
+                   && password.Distinct().Count() >= Options.Password.RequiredUniqueChars;
+        }
+
         protected virtual bool HasUpperCaseLetter(string password)
         {
             return !string.IsNullOrWhiteSpace(password)
@@ -92,7 +104,7 @@ protected virtual bool HasDigit(string password)
         protected virtual bool HasSpecialCharacter(string password)
         {
             return !string.IsNullOrWhiteSpace(password)
-                   && password.IndexOfAny(SpecialCharacters) != -1;
+                   && !Regex.IsMatch(password, "^[a-zA-Z0-9]+$");
         }
     }
 }
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
index 3f5130add78..8855e68b6be 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
@@ -348,6 +348,7 @@
                     "invalid-token": "Reset password token is invalid or expired",
                     "password-too-weak": "New password does not comply one or more password security policies:",
                     "passwordViolatesMinLength": "Passwords must be {{minPasswordLength}} or more characters long",
+                    "passwordViolatesMinUniqueCharsCount": "Passwords must use at least {{minUniqueCharsCount}} different characters",
                     "passwordMustHaveLowerCaseLetters": "Passwords must have at least one lowercase ('a'-'z')",
                     "passwordMustHaveUpperCaseLetters": "Passwords must have at least one uppercase ('A'-'Z')",
                     "passwordMustHaveDigits": "Passwords must have at least one digit ('0'-'9')",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
index e82ca95940a..1186aba6e25 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
@@ -8,6 +8,7 @@ angular.module('platformWebApp')
                 forcePasswordChange: true,
                 passwordIsValid: true,
                 minPasswordLength: 0,
+                minUniqueCharsCount: 0,
                 errors: []
             };
 
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
index aca5fc16bdf..e366d690d32 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
@@ -10,6 +10,7 @@ angular
                     var result = {
                         passwordIsValid: response.passwordIsValid,
                         minPasswordLength: response.minPasswordLength,
+                        minUniqueCharsCount: response.minUniqueCharsCount,
                         errors: []
                     };
 
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs
index dd6287018e9..d7283ce9993 100644
--- a/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs
@@ -19,6 +19,7 @@ public class PasswordCheckServiceTests
         [InlineData("LongPassword", true, true, false, false, 12, true, false, false, false, false, false)]
         [InlineData("P455WithD1git5", true, true, true, false, 8, true, false, false, false, false, false)]
         [InlineData("$ecur3P@Ssw0rd", true, true, true, true, 8, true, false, false, false, false, false)]
+        [InlineData("12ä45", false, false, false, true, 5, true, false, false, false, false, false)]
         // Violation of minimal length
         [InlineData("letmein", false, false, false, false, 8, false, true, false, false, false, false)]
         [InlineData("123", false, false, false, false, 5, false, true, false, false, false, false)]

From a84f2a90bff1e8e992714aae71a1760f294ec3f5 Mon Sep 17 00:00:00 2001
From: Andrei Kolchanov <akak1977@users.noreply.github.com>
Date: Thu, 1 Apr 2021 17:22:12 +0500
Subject: [PATCH 49/70] PT-642: Exclude all ignored files and *module files not
 related to compressing module, regardless of module dependencies (#2200)

---
 build/Build.cs | 8 +++++---
 module.ignore  | 2 ++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/build/Build.cs b/build/Build.cs
index bc97346e3f5..c546746e7b5 100644
--- a/build/Build.cs
+++ b/build/Build.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Text.RegularExpressions;
 using System.IO;
 using System.Linq;
 using System.Net.Http;
@@ -575,9 +576,10 @@ public void IncrementVersionPatch()
              ignoredFiles = ignoredFiles.Select(x => x.Trim()).Distinct().ToArray();
 
              DeleteFile(ZipFilePath);
-             //TODO: Exclude all dependencies of dependent modules
-             CompressionTasks.CompressZip(ModuleOutputDirectory, ZipFilePath, (x) => !ignoredFiles.Contains(x.Name, StringComparer.OrdinalIgnoreCase)
-                                                                                     && !(ModuleManifest.Dependencies ?? Array.Empty<ManifestDependency>()).Any(md => x.Name.StartsWith($"{md.Id}Module", StringComparison.OrdinalIgnoreCase)));
+             //TODO: Exclude all ignored files and *module files not related to compressed module
+             var moduleRegex = new Regex(@".+Module\..*", RegexOptions.IgnoreCase);
+             CompressionTasks.CompressZip(ModuleOutputDirectory, ZipFilePath, (x) => (!ignoredFiles.Contains(x.Name, StringComparer.OrdinalIgnoreCase) && !moduleRegex.IsMatch(x.Name))
+                                                                                     || x.Name.StartsWith($"{ModuleManifest.Id}Module.", StringComparison.OrdinalIgnoreCase));
          }
          else
          {
diff --git a/module.ignore b/module.ignore
index 10663b9305b..d2e3ff7af37 100644
--- a/module.ignore
+++ b/module.ignore
@@ -8,6 +8,7 @@ EntityFrameworkCore.Triggers.dll
 FluentValidation.dll
 Hangfire.AspNetCore.dll
 Hangfire.Core.dll
+Hangfire.Core.resources.dll
 Hangfire.MemoryStorage.dll
 Hangfire.SqlServer.dll
 MessagePack.dll
@@ -126,6 +127,7 @@ System.IO.Abstractions.dll
 System.IO.FileSystem.AccessControl.dll
 System.IO.Pipelines.dll
 System.Runtime.Caching.dll
+System.Runtime.CompilerServices.Unsafe.dll
 System.Security.AccessControl.dll
 System.Security.Cryptography.ProtectedData.dll
 System.Security.Principal.Windows.dll

From 77e190e67e0087f1ce5a3586cde4abe669a39dd1 Mon Sep 17 00:00:00 2001
From: Filip Kuksov <vectorfield4@gmail.com>
Date: Thu, 1 Apr 2021 17:02:44 +0200
Subject: [PATCH 50/70] 3.53.0

---
 Directory.Build.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 6b4a80602e3..6eda9aa0aa1 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -9,7 +9,7 @@
     </PropertyGroup>
 
     <PropertyGroup>
-        <VersionPrefix>3.52.0</VersionPrefix>
+        <VersionPrefix>3.53.0</VersionPrefix>
         <VersionSuffix></VersionSuffix>
         <VersionSuffix Condition=" '$(VersionSuffix)' != '' AND '$(BuildNumber)' != '' ">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
         <NoWarn>$(NoWarn);S3875</NoWarn>

From cffeeacc1fc5b788ccc3d72fcfce54a1ee83a981 Mon Sep 17 00:00:00 2001
From: Maksim Kopnov <44946644+mvktsk@users.noreply.github.com>
Date: Thu, 1 Apr 2021 22:11:40 +0700
Subject: [PATCH 51/70] Delete owasp.yml

---
 .github/workflows/owasp.yml | 41 -------------------------------------
 1 file changed, 41 deletions(-)
 delete mode 100644 .github/workflows/owasp.yml

diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml
deleted file mode 100644
index d7d09455a56..00000000000
--- a/.github/workflows/owasp.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-name: OWASP ZAP
-on:
-  push:
-    paths-ignore:
-      - '.github/**'
-      - 'docs/**'
-      - 'build/**'
-      - 'README.md'
-      - 'LICENSE'
-    branches: [ dev ]
-  workflow_dispatch:
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-
-    steps:
-
-      - name: Docker Login
-        uses: azure/docker-login@v1
-        with:
-          login-server: docker.pkg.github.com
-          username: $GITHUB_ACTOR
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Docker Env
-        uses: VirtoCommerce/vc-github-actions/docker-env@master
-        with:
-          githubUser: ${{ env.GITHUB_ACTOR }}
-          githubToken: ${{ env.GITHUB_TOKEN }}
-          platformImage: docker.pkg.github.com/virtocommerce/vc-platform/platform
-          storefrontImage: docker.pkg.github.com/virtocommerce/vc-storefront/storefront
-          validateSwagger: 'false'
-
-      - name: OWASP ZAP Full Scan
-        uses: zaproxy/action-baseline@v0.4.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          docker_name: 'owasp/zap2docker-stable'
-          target: 'http://localhost:8090'
-          cmd_options: '-a -d'

From 8b72090a5419fc3b4d8f92980e56dd8f214f9c19 Mon Sep 17 00:00:00 2001
From: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
Date: Fri, 2 Apr 2021 12:38:37 +0200
Subject: [PATCH 52/70] Update PasswordCheckService.cs (#2202)

Change private to protected virtual
---
 .../Services/PasswordCheckService.cs                            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs b/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
index 8a74609dfa6..3ca83e78f73 100644
--- a/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
+++ b/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
@@ -77,7 +77,7 @@ protected virtual bool HasSufficientLength(string password)
                    && password.Length >= Options.Password.RequiredLength;
         }
 
-        private bool HasSufficientUniqueChars(string password)
+        protected virtual bool HasSufficientUniqueChars(string password)
         {
             return !string.IsNullOrEmpty(password)
                    && password.Distinct().Count() >= Options.Password.RequiredUniqueChars;

From 46467b620972feb73e63edb1140c41ae9ba45b3a Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Sat, 3 Apr 2021 10:12:44 +0300
Subject: [PATCH 53/70] PT-502: Add new configuration settings to docs (#2203)

---
 docs/user-guide/configuration-settings.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/user-guide/configuration-settings.md b/docs/user-guide/configuration-settings.md
index 73881bc5604..5992e0b1165 100644
--- a/docs/user-guide/configuration-settings.md
+++ b/docs/user-guide/configuration-settings.md
@@ -23,6 +23,8 @@ The configuration keys are hierarchical. This structure is most convenient to ma
 |  | FileSystem | E.g., <br> "FileSystem": {<br> "RootPath": "~/assets",<br>"PublicUrl": "http://localhost:10645/assets/"<br>} | File system based assets provider configuration. Used, if `"Provider": "FileSystem"`
 |  | AzureBlobStorage | E.g., <br> "AzureBlobStorage": {<br> "ConnectionString": "",<br>"CdnUrl": ""<br>}  | Azure Blob Storage based assets provider configuration. Used, if `"Provider": "AzureBlobStorage"`
 | IdentityOptions | | | Options to configure the ASP&#46;NET Core Identity system. Check [Configure ASP.NET Core Identity](https://github.com/dotnet/AspNetCore.Docs/blob/master/aspnetcore/security/authentication/identity-configuration.md#configure-aspnet-core-identity) for details.
+|  | User.MaxPasswordAge | "MaxPasswordAge": "0" | TimeSpan defining max. user password age until the password expires. The user is forced to change the expired password on login to Platform Manager UI.<br>Value of "0" or not defined - password expiration is disabled.
+|  | User.RemindPasswordExpiryInDays | "RemindPasswordExpiryInDays": 7  | Number of days to start showing password expiry warning in Platform Manager UI. Used, if password expiration is enabled. 
 | ExternalModules | | | Configure external source to install modules.
 |  | IncludePrerelease | `false` | Show module versions marked as *Prerelease* if value is `true`.
 |  | ModulesManifestUrl | E.g., `"https://raw.githubusercontent.com/VirtoCommerce/vc-modules/master/modules_v3.json"` | Url to *.json* file containing modules' manifests.

From a990fc682cf3588294f0058c83211b1530b9984a Mon Sep 17 00:00:00 2001
From: Oleg Zhuk <zhukoo@gmail.com>
Date: Mon, 5 Apr 2021 13:29:26 +0200
Subject: [PATCH 54/70] Fix eventHandlerRegistrar code (#2196)

Co-authored-by: Andrei Kolchanov <akak1977@users.noreply.github.com>
---
 docs/fundamentals/extensibility/extending-using-events.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/fundamentals/extensibility/extending-using-events.md b/docs/fundamentals/extensibility/extending-using-events.md
index fe93b6e583a..715bf668cd4 100644
--- a/docs/fundamentals/extensibility/extending-using-events.md
+++ b/docs/fundamentals/extensibility/extending-using-events.md
@@ -38,8 +38,8 @@ void  Initialize(IServiceCollection serviceCollection)
 void PostInitialize(IApplicationBuilder appBuilder)
 {
   ...
-var eventHandlerRegistrar = appBuilder.ServiceCollection.Resolve<IHandlerRegistrar>();
-eventHandlerRegistrar.RegisterHandler<CustomDomainEvent>(async (message, token) => await _container.Resolve<CustomDomainEventHandler>().Handle(message));
+var eventHandlerRegistrar = appBuilder.ApplicationServices.GetService<IHandlerRegistrar>();
+eventHandlerRegistrar.RegisterHandler<CustomDomainEvent>((message, token) => appBuilder.ApplicationServices.GetService<CustomDomainEventHandler>().Handle(message));
   ...
 }
 ```

From d5913cdc6db23d3fbed6fe6f9f97b91aca9fc2e8 Mon Sep 17 00:00:00 2001
From: Alexandr Morogov <42555001+krankenbro@users.noreply.github.com>
Date: Tue, 6 Apr 2021 11:48:14 +0200
Subject: [PATCH 55/70] VCI-36: vc-build 1.5.2 (#2204)

* VCI-32: Fix sources branch for github release

* VCI-32: Update changelog

* VCI-32: Update props file

* Repair localizations compress

Co-authored-by: Andrei Kolchanov <akak1977@gmail.com>
Co-authored-by: Andrei Kolchanov <akak1977@users.noreply.github.com>
---
 build/Build.cs              | 45 +++++++++++++++++++++++++------------
 build/CHANGELOG.md          |  8 +++++++
 build/Directory.Build.props |  2 +-
 3 files changed, 40 insertions(+), 15 deletions(-)

diff --git a/build/Build.cs b/build/Build.cs
index c546746e7b5..d221891839a 100644
--- a/build/Build.cs
+++ b/build/Build.cs
@@ -1,12 +1,12 @@
 using System;
 using System.Collections.Generic;
-using System.Text.RegularExpressions;
 using System.IO;
 using System.Linq;
 using System.Net.Http;
 using System.Reflection;
 using System.Text;
 using System.Text.Json;
+using System.Text.RegularExpressions;
 using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Serialization;
@@ -288,7 +288,7 @@ public void CustomDotnetLogger(OutputType type, string text)
         .Requires(() => ApiKey)
         .Executes(() =>
         {
-            var packages = ArtifactsDirectory.GlobFiles("*.nupkg");
+            var packages = ArtifactsDirectory.GlobFiles("*.nupkg", "*.snupkg").OrderBy(p => p.ToString());
 
             DotNetLogger = CustomDotnetLogger;
 
@@ -299,7 +299,7 @@ public void CustomDotnetLogger(OutputType type, string text)
                     .CombineWith(
                         packages, (cs, v) => cs
                             .SetTargetPath(v)),
-                degreeOfParallelism: 5,
+                degreeOfParallelism: 1,
                 completeOnFailure: true);
         });
 
@@ -577,9 +577,10 @@ public void IncrementVersionPatch()
 
              DeleteFile(ZipFilePath);
              //TODO: Exclude all ignored files and *module files not related to compressed module
-             var moduleRegex = new Regex(@".+Module\..*", RegexOptions.IgnoreCase);
-             CompressionTasks.CompressZip(ModuleOutputDirectory, ZipFilePath, (x) => (!ignoredFiles.Contains(x.Name, StringComparer.OrdinalIgnoreCase) && !moduleRegex.IsMatch(x.Name))
-                                                                                     || x.Name.StartsWith($"{ModuleManifest.Id}Module.", StringComparison.OrdinalIgnoreCase));
+             var ignoreModulesFilesRegex = new Regex(@".+Module\..*", RegexOptions.IgnoreCase);
+             var includeModuleFilesRegex = new Regex(@$".*{ModuleManifest.Id}Module\..*", RegexOptions.IgnoreCase);
+             CompressionTasks.CompressZip(ModuleOutputDirectory, ZipFilePath, (x) => (!ignoredFiles.Contains(x.Name, StringComparer.OrdinalIgnoreCase) && !ignoreModulesFilesRegex.IsMatch(x.Name))
+                                                                                     || includeModuleFilesRegex.IsMatch(x.Name));
          }
          else
          {
@@ -703,23 +704,38 @@ public void IncrementVersionPatch()
         {
             var responseContent = await SendSwaggerSchemaToValidator(httpClient, SwaggerSchemaPath, SwaggerValidatorUri);
             var jsonObj = JObject.Parse(responseContent);
-            foreach (var msg in jsonObj["schemaValidationMessages"])
+            JToken validationMessages;
+            if (jsonObj.TryGetValue("schemaValidationMessages", out validationMessages))
+            {
+                foreach (var msg in validationMessages)
+                {
+                    Logger.Normal(msg);
+                }
+            
+                if (validationMessages.Where(t => (string)t["level"] == "error").Any())
+                    ControlFlow.Fail("Schema Validation Messages contains error");
+            }
+            else
             {
-                Logger.Normal(msg);
+                Logger.Warn("There is no validation messages from validator");
             }
-            if (jsonObj["schemaValidationMessages"].Where(t => (string)t["level"] == "error").Any())
-                ControlFlow.Fail("Schema Validation Messages contains error");
         });
 
     private async Task<string> SendSwaggerSchemaToValidator(HttpClient httpClient, string schemaPath, string validatorUri)
     {
-        var swaggerScheme = File.ReadAllText(schemaPath);
-        var requestContent = new StringContent(swaggerScheme, Encoding.UTF8, "application/json");
+        var swaggerSchema = File.ReadAllText(schemaPath);
+        Logger.Normal($"Swagger schema length: {swaggerSchema.Length}");
+        var requestContent = new StringContent(swaggerSchema, Encoding.UTF8, "application/json");
+        Logger.Normal("Request content created");
         var request = new HttpRequestMessage(HttpMethod.Post, validatorUri);
+        Logger.Normal("Request created");
         request.Headers.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
         request.Content = requestContent;
         var response = await httpClient.SendAsync(request);
-        return await response.Content.ReadAsStringAsync();
+        response.EnsureSuccessStatusCode();
+        var result = await response.Content?.ReadAsStringAsync();
+        Logger.Normal($"Response from Validator: {result}");
+        return result;
     }
 
     Target SonarQubeStart => _ => _
@@ -848,7 +864,8 @@ async Task PublishRelease(string owner, string repo, string token, string tag, s
             Name = tag,
             Prerelease = prerelease,
             Draft = false,
-            Body = description
+            Body = description,
+            TargetCommitish = GitTasks.GitCurrentBranch()
         };
         var release = await githubClient.Repository.Release.Create(owner, repo, newRelease);
         using (var artifactStream = File.OpenRead(artifactPath))
diff --git a/build/CHANGELOG.md b/build/CHANGELOG.md
index e3b1c97d3d4..7efec9795a8 100644
--- a/build/CHANGELOG.md
+++ b/build/CHANGELOG.md
@@ -3,6 +3,14 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [1.5.2] - 2021-04-05
+### Added
+- Publication of package symbols
+### Fixed
+- Decreased the degree of parallelism on symbols publication
+- Fixed typos
+- Branch of sources for github release
+
 ## [1.5.1] - 2021-01-25
 ### Fixed
 - Typo in name of target IncrementPatch
diff --git a/build/Directory.Build.props b/build/Directory.Build.props
index 8f4c3e41ea3..589c2b84009 100644
--- a/build/Directory.Build.props
+++ b/build/Directory.Build.props
@@ -6,7 +6,7 @@
     <Copyright>Copyright © VirtoCommerce 2011-2020</Copyright>
   </PropertyGroup>
   <PropertyGroup>
-    <VersionPrefix>1.5.1</VersionPrefix>
+    <VersionPrefix>1.5.2</VersionPrefix>
     <VersionSuffix></VersionSuffix>
   </PropertyGroup>
 

From 6694b0d0b12b9572d8928a332cded94b964eba2d Mon Sep 17 00:00:00 2001
From: Alexandr Morogov <42555001+krankenbro@users.noreply.github.com>
Date: Wed, 7 Apr 2021 10:01:06 +0200
Subject: [PATCH 56/70] PT-422: Add validation to integer type (#2205)

Co-authored-by: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
---
 .../js/common/directives/smartFloat.js        | 25 +++----------------
 1 file changed, 3 insertions(+), 22 deletions(-)

diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/smartFloat.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/smartFloat.js
index ade7cddb0e8..42765bb5d6c 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/smartFloat.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/common/directives/smartFloat.js
@@ -4,6 +4,8 @@ angular.module('platformWebApp')
     // TODO: Replace with tested localized version (see below)
     .directive('smartFloat', ['$filter', '$compile', function ($filter, $compile) {
         var INTEGER_REGEXP = /^\-?\d+$/; //Integer number
+        var INTEGER_MAX_VALUE = 2147483647;
+        var INTEGER_MIN_VALUE = -2147483648;
         var FLOAT_REGEXP_1 = /^[-+]?\$?\d+.(\d{3})*(,\d*)$/; //Numbers like: 1.123,56
         var FLOAT_REGEXP_2 = /^[-+]?\$?\d+,(\d{3})*(.\d*)$/; //Numbers like: 1,123.56
         var FLOAT_REGEXP_3 = /^[-+]?\$?\d+(.\d*)?$/; //Numbers like: 1123.56
@@ -48,7 +50,7 @@ angular.module('platformWebApp')
                 }
                 else {
                     ctrl.$parsers.unshift(function (viewValue) {
-                        if (INTEGER_REGEXP.test(viewValue)) {
+                        if (INTEGER_REGEXP.test(viewValue) && viewValue >= INTEGER_MIN_VALUE && viewValue <= INTEGER_MAX_VALUE) {
                             ctrl.$setValidity('integer', true);
                             return viewValue;
                         }
@@ -62,24 +64,3 @@ angular.module('platformWebApp')
             }
         };
     }]);
-// Custom directive to support localized integer and float number parsing & validation
-//.directive('smartFloat', ['platformWebApp.numberFormat', function (numberFormat) {
-//    return {
-//        restrict: 'A',
-//        require: 'ngModel',
-//        link: function (scope, elem, attrs, ctrl) {
-//            ctrl.$parsers.unshift(function(viewValue) {
-//                return numberFormat.validate(viewValue, attrs.numType, attrs.minExclusive, attrs.min, attrs.maxExclusive, attrs.max, attrs.fraction, ctrl.$setValidity);
-//            });
-
-//            ctrl.$formatters.unshift(function (modelValue) {
-//                return numberFormat.format(modelValue, attrs.numType, attrs.minExclusive, attrs.min, attrs.maxExclusive, attrs.max, attrs.fraction);
-//            });
-
-//            scope.$on('$localeChangeSuccess', function () {
-//                ctrl.$viewValue = ctrl.$formatters.reduceRight((prev, fn) => fn(prev), ctrl.$modelValue);
-//                ctrl.$render();
-//            });
-//        }
-//    };
-//}]);

From 513de009312d9b77980abd37ef4d774a1082a6a9 Mon Sep 17 00:00:00 2001
From: Alexandr Morogov <42555001+krankenbro@users.noreply.github.com>
Date: Fri, 9 Apr 2021 10:37:07 +0200
Subject: [PATCH 57/70] PT-954: Add integer validation for multivalue (#2206)

---
 .../wwwroot/js/i18n/decorators.js                      | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/i18n/decorators.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/i18n/decorators.js
index 442775ef3c3..7cf6d5ff119 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/i18n/decorators.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/i18n/decorators.js
@@ -28,6 +28,8 @@ angular.module('platformWebApp')
         // Add support for tag type 'number'
         $provide.decorator('tagsInputDirective', ['$delegate', 'platformWebApp.numberFormat', 'tiUtil', function ($delegate, numberFormat, tiUtil) {
             var directive = $delegate[0];
+            var INTEGER_MAX_VALUE = 2147483647;
+            var INTEGER_MIN_VALUE = -2147483648;
             directive.compile = function () {
                 return function (scope, element, attrs) {
                     /* Copy-paste, because there is no extension point */
@@ -49,11 +51,17 @@ angular.module('platformWebApp')
                         // Validate tag
                         var isNumber = angular.isDefined(attrs.tagsNumber);
                         var value = undefined;
+                        var isValidInteger = true;
                         if (isNumber) {
                             value = numberFormat.validate(tagText, attrs.numType, attrs.min, attrs.max, attrs.fraction);
                             if (angular.isDefined(value)) {
                                 setTagValue(tag, value);
                             }
+                            if (attrs.numType === "integer") {
+                                if (value > INTEGER_MAX_VALUE || value < INTEGER_MIN_VALUE) {
+                                    isValidInteger = false;
+                                }
+                            }
                         }
                         return tagText &&
                             tagText.length >= options.minLength &&
@@ -61,7 +69,7 @@ angular.module('platformWebApp')
                             options.allowedTagsPattern.test(tagText) &&
                             !tiUtil.findInObjectArray(scope.tagList.items, tag, options.keyProperty || options.displayProperty) &&
                             (!isNumber || angular.isDefined(value)) &&
-                            onTagAdding({ $tag: tag });
+                            onTagAdding({ $tag: tag }) && isValidInteger;
                     };
 
                     scope.tagList.add = function (tag) {

From 8facc158be3962cced76136c2f6f39ec5954684c Mon Sep 17 00:00:00 2001
From: Alexandr Morogov <42555001+krankenbro@users.noreply.github.com>
Date: Fri, 9 Apr 2021 14:34:58 +0200
Subject: [PATCH 58/70] PT-960: Add InitPlatform target (#2208)

* PT-959: Add new InitPlatform target

* PT-960: Refactoring

* PT-960: Remove DisableModulesFolderProbing method
---
 build/CHANGELOG.md                        |  4 +++
 build/Directory.Build.props               |  2 +-
 build/PlatformTools/Build.InitPlatform.cs | 43 +++++++++++++++++++++++
 build/_build.csproj                       |  6 ++--
 4 files changed, 52 insertions(+), 3 deletions(-)
 create mode 100644 build/PlatformTools/Build.InitPlatform.cs

diff --git a/build/CHANGELOG.md b/build/CHANGELOG.md
index 7efec9795a8..01760bf9348 100644
--- a/build/CHANGELOG.md
+++ b/build/CHANGELOG.md
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [1.6.0] - 2021-04-09
+### Added
+- InitPlatform target
+
 ## [1.5.2] - 2021-04-05
 ### Added
 - Publication of package symbols
diff --git a/build/Directory.Build.props b/build/Directory.Build.props
index 589c2b84009..cbe75cc4b00 100644
--- a/build/Directory.Build.props
+++ b/build/Directory.Build.props
@@ -6,7 +6,7 @@
     <Copyright>Copyright © VirtoCommerce 2011-2020</Copyright>
   </PropertyGroup>
   <PropertyGroup>
-    <VersionPrefix>1.5.2</VersionPrefix>
+    <VersionPrefix>1.6.0</VersionPrefix>
     <VersionSuffix></VersionSuffix>
   </PropertyGroup>
 
diff --git a/build/PlatformTools/Build.InitPlatform.cs b/build/PlatformTools/Build.InitPlatform.cs
new file mode 100644
index 00000000000..d0b0bcbb8db
--- /dev/null
+++ b/build/PlatformTools/Build.InitPlatform.cs
@@ -0,0 +1,43 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using Nuke.Common;
+using VirtoCommerce.Platform.Core.Modularity;
+using VirtoCommerce.Platform.Modules;
+using Microsoft.Extensions;
+using System.IO;
+using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
+using Nuke.Common.IO;
+using Newtonsoft.Json.Linq;
+using Microsoft.Extensions.Configuration;
+
+partial class Build: NukeBuild
+{
+    [Parameter("Modules discovery path")] public static string DiscoveryPath;
+    [Parameter("Probing path")] public static string ProbingPath = RootDirectory / "app_data" / "modules";
+    [Parameter("appsettings.json path")] public static string AppsettingsPath = RootDirectory / "appsettings.json";
+
+    Target InitPlatform => _ => _
+    .Executes(() =>
+    {
+        var builder = new ConfigurationBuilder().SetBasePath(RootDirectory).AddJsonFile(AppsettingsPath);
+        IConfiguration configuration = builder.Build();
+        var moduleCatalogOptions = new LocalStorageModuleCatalogOptions()
+        {
+            DiscoveryPath = string.IsNullOrEmpty(DiscoveryPath) ? GetModulesDiscoveryPath(configuration) : DiscoveryPath,
+            ProbingPath = ProbingPath
+        };
+        var options = Microsoft.Extensions.Options.Options.Create<LocalStorageModuleCatalogOptions>(moduleCatalogOptions);
+        var logger = new LoggerFactory().CreateLogger<LocalStorageModuleCatalog>();
+        var moduleCatalog = new LocalStorageModuleCatalog(options, logger);
+        moduleCatalog.Load();
+    });
+
+    private string GetModulesDiscoveryPath(IConfiguration configuration)
+    {
+        var virtoSection = configuration.GetSection("VirtoCommerce");
+        var result = virtoSection.GetValue<string>("DiscoveryPath", "./modules");
+        return result;
+    }
+}
diff --git a/build/_build.csproj b/build/_build.csproj
index a00a82ee68a..a053254b648 100644
--- a/build/_build.csproj
+++ b/build/_build.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
     <PropertyGroup>
         <PackageId>VirtoCommerce.GlobalTool</PackageId>
         <OutputType>Exe</OutputType>
@@ -20,10 +20,11 @@
     </PropertyGroup>
 
     <ItemGroup>
+        <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.14" />
         <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
         <PackageReference Include="Octokit" Version="0.48.0" />
         <PackageReference Include="System.Data.SqlClient" Version="4.8.2" />
-        <PackageReference Include="Virtocommerce.Platform.Core" Version="3.21.0" />
+        <PackageReference Include="Virtocommerce.Platform.Core" Version="3.52.0" />
         <PackageReference Include="Nuke.Common" Version="0.25.0" />
     </ItemGroup>
 
@@ -34,6 +35,7 @@
         <PackageReference Include="Swashbuckle.AspNetCore.Cli" Version="5.6.3">
             <ExcludeAssets>all</ExcludeAssets>
         </PackageReference>
+        <PackageReference Include="VirtoCommerce.Platform.Modules" Version="3.52.0" />
     </ItemGroup>
 
     <ItemGroup>

From 10408f9c7831af6463f31b5d78bd9ef7cc409809 Mon Sep 17 00:00:00 2001
From: vc-ci <ci@virtocommerce.com>
Date: Fri, 9 Apr 2021 13:28:24 +0000
Subject: [PATCH 59/70] Updating Github Action workflows.

---
 .github/workflows/e2e.yml | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 47400763a4a..9ddf1bafccb 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -2,11 +2,6 @@ name: Platform E2E
 
 on:
   workflow_dispatch:
-    inputs:
-      testSuite:
-        description: "Test Suite"
-        required: false
-        default: "Test Suites/Platform_start"
 
   pull_request:
     paths-ignore:
@@ -25,7 +20,6 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.REPO_TOKEN }}
       NUGET_KEY: ${{ secrets.NUGET_KEY }}
       BLOB_SAS: ${{ secrets.BLOB_TOKEN }}
-      DEFAULT_TEST_SUITE: "Test Suites/Platform_start"
 
     steps:
     - uses: actions/checkout@v2
@@ -85,7 +79,7 @@ jobs:
       with:
         version: '7.5.5'
         projectPath: '${{ github.workspace }}/vc-quality-gate-katalon/platform_storefront.prj'
-        args: '-noSplash -retry=0 -testSuitePath="${{ github.event.inputs.testSuite || env.DEFAULT_TEST_SUITE }}" -browserType="Chrome" -apiKey= ${{ secrets.KATALON_API_KEY }} -g_urlBack="http://localhost:8090" -g_urlFront="http://localhost:8080" -executionProfile="default"'
+        args: '-noSplash -retry=0 -testSuiteCollectionPath="Test Suites/Modules/Platform_collection" -browserType="Chrome" -apiKey= ${{ secrets.KATALON_API_KEY }} -g_urlBack="http://localhost:8090" -g_urlFront="http://localhost:8080" -executionProfile="default"'
 
     - name: 'Katalon Reports'
       if: always()

From 982898301d5f26a1a68986fcbe6c9a83d15fd0cc Mon Sep 17 00:00:00 2001
From: Egidijus Mazeika <em@virtoway.com>
Date: Sun, 11 Apr 2021 22:27:34 +0300
Subject: [PATCH 60/70] PT-85: Set up user password repeat generation policy

---
 docs/user-guide/configuration-settings.md     |   1 +
 .../Security/IPasswordCheckService.cs         |  17 -
 .../Security/PasswordOptionsExtended.cs       |   7 +
 .../Security/PasswordValidationResult.cs      |  53 --
 .../CustomIdentityError.cs                    |  12 +
 .../CustomIdentityErrorDescriber.cs           |  38 ++
 .../CustomPasswordValidator.cs                |  48 ++
 ...9102639_AddUserPasswordHistory.Designer.cs | 619 ++++++++++++++++++
 .../20210409102639_AddUserPasswordHistory.cs  |  45 ++
 .../SecurityDbContextModelSnapshot.cs         |  44 ++
 .../Migrations/add-migrations-command.txt     |   5 +-
 .../Model/UserPasswordHistoryEntity.cs        |  14 +
 .../Repositories/ISecurityRepository.cs       |   7 +-
 .../Repositories/SecurityDbContext.cs         |   9 +
 .../Repositories/SecurityRepository.cs        |  23 +-
 .../Services/PasswordCheckService.cs          | 110 ----
 .../Controllers/Api/SecurityController.cs     |  40 +-
 .../Security/CustomUserManager.cs             |  48 +-
 .../Security/ServiceCollectionExtensions.cs   |   3 +
 src/VirtoCommerce.Platform.Web/Startup.cs     |   4 +-
 .../de.VirtoCommerce.Platform.json            |  10 +-
 .../en.VirtoCommerce.Platform.json            |  13 +-
 .../ru.VirtoCommerce.Platform.json            |  10 +-
 .../security/blades/account-resetPassword.js  |  14 +-
 .../app/security/directives/password-input.js |   4 +-
 .../directives/password-input.tpl.html        |   4 +-
 .../js/app/security/resources/accounts.js     |   3 +-
 .../services/passwordValidationService.js     |  61 +-
 .../wizards/newAccount/new-account-wizard.js  |   4 +-
 .../Security/CustomPasswordValidatorTests.cs  | 167 +++++
 .../Security/PasswordCheckServiceTests.cs     | 113 ----
 .../Security/PasswordExpiryTests.cs           |  11 +-
 .../Security/SecurityMockHelpers.cs           |  49 +-
 33 files changed, 1221 insertions(+), 389 deletions(-)
 delete mode 100644 src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs
 create mode 100644 src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs
 delete mode 100644 src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/CustomIdentityError.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs
 delete mode 100644 src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
 create mode 100644 tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs
 delete mode 100644 tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs

diff --git a/docs/user-guide/configuration-settings.md b/docs/user-guide/configuration-settings.md
index 5992e0b1165..c92f5963bf4 100644
--- a/docs/user-guide/configuration-settings.md
+++ b/docs/user-guide/configuration-settings.md
@@ -23,6 +23,7 @@ The configuration keys are hierarchical. This structure is most convenient to ma
 |  | FileSystem | E.g., <br> "FileSystem": {<br> "RootPath": "~/assets",<br>"PublicUrl": "http://localhost:10645/assets/"<br>} | File system based assets provider configuration. Used, if `"Provider": "FileSystem"`
 |  | AzureBlobStorage | E.g., <br> "AzureBlobStorage": {<br> "ConnectionString": "",<br>"CdnUrl": ""<br>}  | Azure Blob Storage based assets provider configuration. Used, if `"Provider": "AzureBlobStorage"`
 | IdentityOptions | | | Options to configure the ASP&#46;NET Core Identity system. Check [Configure ASP.NET Core Identity](https://github.com/dotnet/AspNetCore.Docs/blob/master/aspnetcore/security/authentication/identity-configuration.md#configure-aspnet-core-identity) for details.
+|  | Password.PasswordHistory | E.g., <br>"PasswordHistory": 4 | The number of recent user's passwords to check during the password validation. Old password can't be reused for this number of cycles.<br>Value of "0" or not defined - password history is disabled.
 |  | User.MaxPasswordAge | "MaxPasswordAge": "0" | TimeSpan defining max. user password age until the password expires. The user is forced to change the expired password on login to Platform Manager UI.<br>Value of "0" or not defined - password expiration is disabled.
 |  | User.RemindPasswordExpiryInDays | "RemindPasswordExpiryInDays": 7  | Number of days to start showing password expiry warning in Platform Manager UI. Used, if password expiration is enabled. 
 | ExternalModules | | | Configure external source to install modules.
diff --git a/src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs b/src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs
deleted file mode 100644
index e1bf36ebb5e..00000000000
--- a/src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs
+++ /dev/null
@@ -1,17 +0,0 @@
-using System.Threading.Tasks;
-
-namespace VirtoCommerce.Platform.Core.Security
-{
-    /// <summary>
-    /// Service for checking password against password security policies.
-    /// </summary>
-    public interface IPasswordCheckService
-    {
-        /// <summary>
-        /// Runs password validation.
-        /// </summary>
-        /// <param name="password">String with password to validate.</param>
-        /// <returns>Password validation result.</returns>
-        Task<PasswordValidationResult> ValidatePasswordAsync(string password);
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs b/src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs
new file mode 100644
index 00000000000..1660b20248b
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs
@@ -0,0 +1,7 @@
+namespace VirtoCommerce.Platform.Core.Security
+{
+    public class PasswordOptionsExtended
+    {
+        public int? PasswordHistory { get; set; }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs b/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
deleted file mode 100644
index 690322489e7..00000000000
--- a/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
+++ /dev/null
@@ -1,53 +0,0 @@
-namespace VirtoCommerce.Platform.Core.Security
-{
-    /// <summary>
-    /// Result of password security validation.
-    /// </summary>
-    public class PasswordValidationResult
-    {
-        /// <summary>
-        /// Indicates overall password validation status.
-        /// </summary>
-        public bool PasswordIsValid { get; set; }
-
-        /// <summary>
-        /// Minimal password length required to pass the validation.
-        /// </summary>
-        public int MinPasswordLength { get; set; }
-
-        /// <summary>
-        /// Indicates that password length is less than minimal password length.
-        /// </summary>
-        public bool PasswordViolatesMinLength { get; set; }
-
-        /// <summary>
-        /// Minimal unique chars count.
-        /// </summary>
-        public int MinUniqueCharsCount { get; set; }
-
-        /// <summary>
-        /// Indicates that password comprised of less than minimum number of unique chars.
-        /// </summary>
-        public bool PasswordViolatesMinUniqueCharsCount { get; set; }
-
-        /// <summary>
-        /// Indicates that entered password lacks one or more lower-case letters.
-        /// </summary>
-        public bool PasswordMustHaveLowerCaseLetters { get; set; }
-
-        /// <summary>
-        /// Indicates that entered password lacks one or more upper-case letters.
-        /// </summary>
-        public bool PasswordMustHaveUpperCaseLetters { get; set; }
-
-        /// <summary>
-        /// Indicates that entered password lacks one or more digits.
-        /// </summary>
-        public bool PasswordMustHaveDigits { get; set; }
-
-        /// <summary>
-        /// Indicates that entered password lacks one or more non-alphanumerical characters.
-        /// </summary>
-        public bool PasswordMustHaveSpecialCharacters { get; set; }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Security/CustomIdentityError.cs b/src/VirtoCommerce.Platform.Security/CustomIdentityError.cs
new file mode 100644
index 00000000000..74895c6c947
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/CustomIdentityError.cs
@@ -0,0 +1,12 @@
+using Microsoft.AspNetCore.Identity;
+
+namespace VirtoCommerce.Platform.Security
+{
+    public class CustomIdentityError : IdentityError
+    {
+        /// <summary>
+        /// Auxiliary error parameter: E.g., RequiredLength, etc.
+        /// </summary>
+        public int ErrorParameter { get; set; }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs b/src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs
new file mode 100644
index 00000000000..466efd95eb6
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs
@@ -0,0 +1,38 @@
+using Microsoft.AspNetCore.Identity;
+
+namespace VirtoCommerce.Platform.Security
+{
+    /// <summary>
+    /// Overriding https://github.com/dotnet/aspnetcore/blob/release/3.1/src/Identity/Extensions.Core/src/IdentityErrorDescriber.cs
+    /// </summary>
+    public class CustomIdentityErrorDescriber : IdentityErrorDescriber
+    {
+        /// <summary>
+        /// Returns an <see cref="IdentityError"/> indicating a password of the specified <paramref name="length"/> does not meet the minimum length requirements.
+        /// </summary>
+        /// <param name="length">The length that is not long enough.</param>
+        /// <returns>An <see cref="IdentityError"/> indicating a password of the specified <paramref name="length"/> does not meet the minimum length requirements.</returns>
+        public override IdentityError PasswordTooShort(int length)
+        {
+            return new CustomIdentityError
+            {
+                Code = nameof(PasswordTooShort),
+                ErrorParameter = length
+            };
+        }
+
+        /// <summary>
+        /// Returns an <see cref="IdentityError"/> indicating a password does not meet the minimum number <paramref name="uniqueChars"/> of unique chars.
+        /// </summary>
+        /// <param name="uniqueChars">The number of different chars that must be used.</param>
+        /// <returns>An <see cref="IdentityError"/> indicating a password does not meet the minimum number <paramref name="uniqueChars"/> of unique chars.</returns>
+        public override IdentityError PasswordRequiresUniqueChars(int uniqueChars)
+        {
+            return new CustomIdentityError
+            {
+                Code = nameof(PasswordRequiresUniqueChars),
+                ErrorParameter = uniqueChars
+            };
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs b/src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs
new file mode 100644
index 00000000000..977d512d0a2
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs
@@ -0,0 +1,48 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity;
+using VirtoCommerce.Platform.Core.Security;
+using VirtoCommerce.Platform.Security.Repositories;
+
+namespace VirtoCommerce.Platform.Security
+{
+    /// <summary>
+    /// Overriding https://github.com/dotnet/aspnetcore/blob/release/3.1/src/Identity/Extensions.Core/src/PasswordValidator.cs
+    /// </summary>
+    public class CustomPasswordValidator : PasswordValidator<ApplicationUser>
+    {
+        public const string RecentPasswordUsed = "RecentPasswordUsed";
+
+        protected readonly Func<ISecurityRepository> _repositoryFactory;
+        protected readonly IPasswordHasher<ApplicationUser> _passwordHasher;
+
+        public CustomPasswordValidator(IdentityErrorDescriber errors, Func<ISecurityRepository> repositoryFactory, IPasswordHasher<ApplicationUser> passwordHasher)
+            : base(errors)
+
+        {
+            _repositoryFactory = repositoryFactory;
+            _passwordHasher = passwordHasher;
+        }
+
+        public override async Task<IdentityResult> ValidateAsync(UserManager<ApplicationUser> manager, ApplicationUser user, string password)
+        {
+            var result = await base.ValidateAsync(manager, user, password);
+
+            if (result.Succeeded)
+            {
+                using var repository = _repositoryFactory();
+                var userPasswords = await repository.GetUserPasswordsHistoryAsync(user?.Id);
+
+                if (userPasswords.Any(x => _passwordHasher.VerifyHashedPassword(user, x.PasswordHash, password) != PasswordVerificationResult.Failed))
+                {
+                    result = IdentityResult.Failed(new IdentityError
+                    {
+                        Code = RecentPasswordUsed
+                    });
+                }
+            }
+            return result;
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs
new file mode 100644
index 00000000000..dfdd51cb2a9
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs
@@ -0,0 +1,619 @@
+// <auto-generated />
+using System;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Metadata;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using VirtoCommerce.Platform.Security.Repositories;
+
+namespace VirtoCommerce.Platform.Security.Migrations
+{
+    [DbContext(typeof(SecurityDbContext))]
+    [Migration("20210409102639_AddUserPasswordHistory")]
+    partial class AddUserPasswordHistory
+    {
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "3.1.8")
+                .HasAnnotation("Relational:MaxIdentifierLength", 128)
+                .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("RoleId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetRoleClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderKey")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserLogins");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("RoleId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetUserRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("AspNetUserTokens");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(100)")
+                        .HasMaxLength(100);
+
+                    b.Property<string>("ClientSecret")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("ConsentType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Permissions")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("PostLogoutRedirectUris")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("RedirectUris")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ClientId")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictApplications");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Scopes")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Status")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.Property<string>("Subject")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)")
+                        .HasMaxLength(450);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictAuthorizations");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictScope", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("Description")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Resources")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Name")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictScopes");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("AuthorizationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<DateTimeOffset?>("CreationDate")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<DateTimeOffset?>("ExpirationDate")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<string>("Payload")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ReferenceId")
+                        .HasColumnType("nvarchar(100)")
+                        .HasMaxLength(100);
+
+                    b.Property<string>("Status")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.Property<string>("Subject")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)")
+                        .HasMaxLength(450);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("AuthorizationId");
+
+                    b.HasIndex("ReferenceId")
+                        .IsUnique()
+                        .HasFilter("[ReferenceId] IS NOT NULL");
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictTokens");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.ApplicationUser", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("int");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<bool>("IsAdministrator")
+                        .HasColumnType("bit");
+
+                    b.Property<DateTime?>("LastPasswordChangedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<string>("MemberId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("PasswordExpired")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("PhotoUrl")
+                        .HasColumnType("nvarchar(2048)")
+                        .HasMaxLength(2048);
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Status")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<string>("StoreId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("UserType")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedEmail")
+                        .HasName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasName("UserNameIndex")
+                        .HasFilter("[NormalizedUserName] IS NOT NULL");
+
+                    b.ToTable("AspNetUsers");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.Role", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedName")
+                        .IsUnique()
+                        .HasName("RoleNameIndex")
+                        .HasFilter("[NormalizedName] IS NOT NULL");
+
+                    b.ToTable("AspNetRoles");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserApiKeyEntity", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ApiKey")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<bool>("IsActive")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ApiKey")
+                        .IsUnique()
+                        .HasFilter("[ApiKey] IS NOT NULL");
+
+                    b.ToTable("UserApiKey");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("PasswordHash")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserPasswordsHistory");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
+                        .WithMany("UserRoles")
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany("UserRoles")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
+                        .WithMany("Authorizations")
+                        .HasForeignKey("ApplicationId");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
+                        .WithMany("Tokens")
+                        .HasForeignKey("ApplicationId");
+
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", "Authorization")
+                        .WithMany("Tokens")
+                        .HasForeignKey("AuthorizationId");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade);
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs
new file mode 100644
index 00000000000..56816d19b0b
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs
@@ -0,0 +1,45 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace VirtoCommerce.Platform.Security.Migrations
+{
+    public partial class AddUserPasswordHistory : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.CreateTable(
+                name: "AspNetUserPasswordsHistory",
+                columns: table => new
+                {
+                    Id = table.Column<string>(maxLength: 128, nullable: false),
+                    CreatedDate = table.Column<DateTime>(nullable: false),
+                    ModifiedDate = table.Column<DateTime>(nullable: true),
+                    CreatedBy = table.Column<string>(maxLength: 64, nullable: true),
+                    ModifiedBy = table.Column<string>(maxLength: 64, nullable: true),
+                    UserId = table.Column<string>(maxLength: 128, nullable: true),
+                    PasswordHash = table.Column<string>(nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserPasswordsHistory", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_AspNetUserPasswordsHistory_AspNetUsers_UserId",
+                        column: x => x.UserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserPasswordsHistory_UserId",
+                table: "AspNetUserPasswordsHistory",
+                column: "UserId");
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "AspNetUserPasswordsHistory");
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
index b57aa1ab35b..aacab6a5806 100644
--- a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
+++ b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
@@ -499,6 +499,42 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                     b.ToTable("UserApiKey");
                 });
 
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("PasswordHash")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserPasswordsHistory");
+                });
+
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
                 {
                     b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
@@ -567,6 +603,14 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                         .WithMany("Tokens")
                         .HasForeignKey("AuthorizationId");
                 });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade);
+                });
 #pragma warning restore 612, 618
         }
     }
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt b/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt
index 6590bdeb64f..bdabbb805dc 100644
--- a/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt
+++ b/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt
@@ -1 +1,4 @@
-Add-Migration Initial -Context VirtoCommerce.Platform.Security.Repositories.SecurityDbContext  -Verbose -OutputDir Migrations -Project VirtoCommerce.Platform.Security  -Debug
+Add-Migration Initial -Context VirtoCommerce.Platform.Security.Repositories.SecurityDbContext -Verbose -OutputDir Migrations -Project VirtoCommerce.Platform.Security -Debug
+
+REMOVE:
+Remove-Migration -Context VirtoCommerce.Platform.Security.Repositories.SecurityDbContext -Project VirtoCommerce.Platform.Security
diff --git a/src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs b/src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs
new file mode 100644
index 00000000000..a130647c5f1
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs
@@ -0,0 +1,14 @@
+using System.ComponentModel.DataAnnotations;
+using VirtoCommerce.Platform.Core.Common;
+
+namespace VirtoCommerce.Platform.Security.Model
+{
+    public class UserPasswordHistoryEntity : AuditableEntity
+    {
+        [StringLength(128)]
+        public string UserId { get; set; }
+
+        [Required]
+        public string PasswordHash { get; set; }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs b/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs
index b3b6ba5abd1..badb37ecf40 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs
@@ -1,4 +1,5 @@
 using System.Linq;
+using System.Threading.Tasks;
 using VirtoCommerce.Platform.Core.Common;
 using VirtoCommerce.Platform.Security.Model;
 
@@ -6,6 +7,10 @@ namespace VirtoCommerce.Platform.Security.Repositories
 {
     public interface ISecurityRepository : IRepository
     {
-        IQueryable<UserApiKeyEntity> UserApiKeys { get; }      
+        IQueryable<UserApiKeyEntity> UserApiKeys { get; }
+
+        IQueryable<UserPasswordHistoryEntity> UserPasswordsHistory { get; }
+
+        Task<UserPasswordHistoryEntity[]> GetUserPasswordsHistoryAsync(string userId);
     }
 }
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
index 5a95f049e6d..4528d60e83f 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
@@ -28,6 +28,15 @@ protected override void OnModelCreating(ModelBuilder builder)
             builder.Entity<UserApiKeyEntity>().Property(x => x.CreatedBy).HasMaxLength(64);
             builder.Entity<UserApiKeyEntity>().Property(x => x.ModifiedBy).HasMaxLength(64);
 
+            builder.Entity<UserPasswordHistoryEntity>().ToTable("AspNetUserPasswordsHistory").HasKey(x => x.Id);
+            builder.Entity<UserPasswordHistoryEntity>().Property(x => x.Id).HasMaxLength(128).ValueGeneratedOnAdd();
+            builder.Entity<UserPasswordHistoryEntity>().HasIndex(x => new { x.UserId });
+            builder.Entity<UserPasswordHistoryEntity>()
+                .HasOne<ApplicationUser>()
+                .WithMany()
+                .HasForeignKey(uh => uh.UserId)
+                .OnDelete(DeleteBehavior.Cascade);
+
             builder.Entity<IdentityUserRole<string>>(userRole =>
             {
                 userRole.HasOne<Role>()
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs b/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs
index ff82c0fc5d2..6f3c737232b 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs
@@ -1,4 +1,9 @@
 using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Options;
+using VirtoCommerce.Platform.Core.Common;
+using VirtoCommerce.Platform.Core.Security;
 using VirtoCommerce.Platform.Data.Infrastructure;
 using VirtoCommerce.Platform.Security.Model;
 
@@ -6,13 +11,27 @@ namespace VirtoCommerce.Platform.Security.Repositories
 {
     public class SecurityRepository : DbContextRepositoryBase<SecurityDbContext>, ISecurityRepository
     {
-        public SecurityRepository(SecurityDbContext dbContext)
+        private readonly PasswordOptionsExtended _passwordOptions;
+
+        public SecurityRepository(SecurityDbContext dbContext, IOptions<PasswordOptionsExtended> passwordOptions)
             : base(dbContext)
         {
+            _passwordOptions = passwordOptions.Value;
         }
 
-        public virtual IQueryable<UserApiKeyEntity> UserApiKeys { get { return DbContext.Set<UserApiKeyEntity>(); } }
+        public virtual IQueryable<UserApiKeyEntity> UserApiKeys => DbContext.Set<UserApiKeyEntity>();
+
+        public virtual IQueryable<UserPasswordHistoryEntity> UserPasswordsHistory => DbContext.Set<UserPasswordHistoryEntity>();
 
+        public async Task<UserPasswordHistoryEntity[]> GetUserPasswordsHistoryAsync(string userId)
+        {
+            var passwordHistoryLength = _passwordOptions.PasswordHistory.GetValueOrDefault();
 
+            return await UserPasswordsHistory
+                .Where(x => x.UserId == userId)
+                .OrderByDescending(x => x.CreatedDate)
+                .Take(passwordHistoryLength)
+                .ToArrayAsync();
+        }
     }
 }
diff --git a/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs b/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
deleted file mode 100644
index 3ca83e78f73..00000000000
--- a/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
+++ /dev/null
@@ -1,110 +0,0 @@
-using System.Linq;
-using System.Text.RegularExpressions;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Identity;
-using VirtoCommerce.Platform.Core.Security;
-
-namespace VirtoCommerce.Platform.Security.Services
-{
-    /// <summary>
-    /// Implementation of <see cref="IPasswordCheckService"/> that does actual password validation.
-    /// </summary>
-    public class PasswordCheckService : IPasswordCheckService
-    {
-        protected IdentityOptions Options { get; }
-
-        /// <summary>
-        /// Creates new instance of password check service.
-        /// </summary>
-        /// <param name="options"></param>
-        public PasswordCheckService(UserManager<ApplicationUser> userManager)
-        {
-            Options = userManager.Options;
-        }
-
-        /// <inheritdoc />
-        public virtual Task<PasswordValidationResult> ValidatePasswordAsync(string password)
-        {
-            var result = new PasswordValidationResult
-            {
-                PasswordIsValid = true,
-                MinPasswordLength = Options.Password.RequiredLength,
-                MinUniqueCharsCount = Options.Password.RequiredUniqueChars
-            };
-
-            if (!HasSufficientLength(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordViolatesMinLength = true;
-            }
-
-            if (!HasSufficientUniqueChars(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordViolatesMinUniqueCharsCount = true;
-            }
-
-            if (Options.Password.RequireUppercase && !HasUpperCaseLetter(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordMustHaveUpperCaseLetters = true;
-            }
-
-            if (Options.Password.RequireLowercase && !HasLowerCaseLetter(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordMustHaveLowerCaseLetters = true;
-            }
-
-            if (Options.Password.RequireDigit && !HasDigit(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordMustHaveDigits = true;
-            }
-
-            if (Options.Password.RequireNonAlphanumeric && !HasSpecialCharacter(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordMustHaveSpecialCharacters = true;
-            }
-
-            return Task.FromResult(result);
-        }
-
-        protected virtual bool HasSufficientLength(string password)
-        {
-            return !string.IsNullOrEmpty(password)
-                   && password.Length >= Options.Password.RequiredLength;
-        }
-
-        protected virtual bool HasSufficientUniqueChars(string password)
-        {
-            return !string.IsNullOrEmpty(password)
-                   && password.Distinct().Count() >= Options.Password.RequiredUniqueChars;
-        }
-
-        protected virtual bool HasUpperCaseLetter(string password)
-        {
-            return !string.IsNullOrWhiteSpace(password)
-                   && password.Any(char.IsUpper);
-        }
-
-        protected virtual bool HasLowerCaseLetter(string password)
-        {
-            return !string.IsNullOrWhiteSpace(password)
-                   && password.Any(char.IsLower);
-        }
-
-        protected virtual bool HasDigit(string password)
-        {
-            return !string.IsNullOrWhiteSpace(password)
-                   && password.Any(char.IsDigit);
-        }
-
-        protected virtual bool HasSpecialCharacter(string password)
-        {
-            return !string.IsNullOrWhiteSpace(password)
-                   && !Regex.IsMatch(password, "^[a-zA-Z0-9]+$");
-        }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index c6c91b7e778..8f69d26aeba 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -37,21 +37,21 @@ public class SecurityController : Controller
         private readonly IPermissionsRegistrar _permissionsProvider;
         private readonly IUserSearchService _userSearchService;
         private readonly IRoleSearchService _roleSearchService;
-        private readonly IPasswordCheckService _passwordCheckService;
+        private readonly IPasswordValidator<ApplicationUser> _passwordValidator;
         private readonly IEmailSender _emailSender;
         private readonly IEventPublisher _eventPublisher;
         private readonly IUserApiKeyService _userApiKeyService;
 
         public SecurityController(SignInManager<ApplicationUser> signInManager, UserManager<ApplicationUser> userManager, RoleManager<Role> roleManager,
                 IPermissionsRegistrar permissionsProvider, IUserSearchService userSearchService, IRoleSearchService roleSearchService,
-                IOptions<Core.Security.AuthorizationOptions> securityOptions, IOptions<UserOptionsExtended> userOptionsExtended, IPasswordCheckService passwordCheckService, IEmailSender emailSender,
+                IOptions<Core.Security.AuthorizationOptions> securityOptions, IOptions<UserOptionsExtended> userOptionsExtended, IPasswordValidator<ApplicationUser> passwordValidator, IEmailSender emailSender,
                 IEventPublisher eventPublisher, IUserApiKeyService userApiKeyService)
         {
             _signInManager = signInManager;
             _userManager = userManager;
             _securityOptions = securityOptions.Value;
             _userOptionsExtended = userOptionsExtended.Value;
-            _passwordCheckService = passwordCheckService;
+            _passwordValidator = passwordValidator;
             _permissionsProvider = permissionsProvider;
             _roleManager = roleManager;
             _userSearchService = userSearchService;
@@ -539,9 +539,39 @@ public async Task<ActionResult> RequestPasswordReset(string loginOrEmail)
         [HttpPost]
         [Route("validatepassword")]
         [Authorize]
-        public async Task<ActionResult<PasswordValidationResult>> ValidatePassword([FromBody] string password)
+        public async Task<ActionResult<IdentityResult>> ValidatePassword([FromBody] string password)
         {
-            var result = await _passwordCheckService.ValidatePasswordAsync(password);
+            var currentUser = await _userManager.FindByNameAsync(User.Identity.Name);
+
+            var result = await _passwordValidator.ValidateAsync(_userManager, currentUser, password);
+
+            return Ok(result);
+        }
+
+        [HttpPost]
+        [Route("validateuserpassword")]
+        [Authorize(PlatformPermissions.SecurityUpdate)]
+        public async Task<ActionResult<IdentityResult>> ValidateUserPassword([FromBody] ChangePasswordRequest validatePassword)
+        {
+            if (validatePassword == null)
+            {
+                throw new ArgumentNullException(nameof(validatePassword));
+            }
+
+            ApplicationUser user = null;
+            if (!validatePassword.UserName.IsNullOrEmpty())
+            {
+
+                if (!IsUserEditable(validatePassword.UserName))
+                {
+                    return BadRequest(IdentityResult.Failed(new IdentityError { Description = "It is forbidden to edit this user." }));
+                }
+
+                user = await _userManager.FindByNameAsync(validatePassword.UserName);
+            }
+
+            var result = await _passwordValidator.ValidateAsync(_userManager, user, validatePassword.NewPassword);
+
             return Ok(result);
         }
 
diff --git a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
index cdc95e127f5..60ea557308d 100644
--- a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
+++ b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
@@ -12,6 +12,8 @@
 using VirtoCommerce.Platform.Core.Security;
 using VirtoCommerce.Platform.Core.Security.Events;
 using VirtoCommerce.Platform.Security.Caching;
+using VirtoCommerce.Platform.Security.Model;
+using VirtoCommerce.Platform.Security.Repositories;
 
 namespace VirtoCommerce.Platform.Web.Security
 {
@@ -22,12 +24,14 @@ public class CustomUserManager : AspNetUserManager<ApplicationUser>
         private readonly IEventPublisher _eventPublisher;
         private readonly IUserPasswordHasher _userPasswordHasher;
         private readonly UserOptionsExtended _userOptionsExtended;
+        private readonly Func<ISecurityRepository> _repositoryFactory;
+        private readonly PasswordOptionsExtended _passwordOptionsExtended;
 
         public CustomUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOptions> optionsAccessor, IPasswordHasher<ApplicationUser> passwordHasher, IUserPasswordHasher userPasswordHasher,
-                                 IOptions<UserOptionsExtended> userOptionsExtended,
-                                 IEnumerable<IUserValidator<ApplicationUser>> userValidators, IEnumerable<IPasswordValidator<ApplicationUser>> passwordValidators,
-                                 ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider services,
-                                 ILogger<UserManager<ApplicationUser>> logger, RoleManager<Role> roleManager, IPlatformMemoryCache memoryCache, IEventPublisher eventPublisher)
+            IOptions<UserOptionsExtended> userOptionsExtended,
+            IEnumerable<IUserValidator<ApplicationUser>> userValidators, IEnumerable<IPasswordValidator<ApplicationUser>> passwordValidators,
+            ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider services,
+            ILogger<UserManager<ApplicationUser>> logger, RoleManager<Role> roleManager, IPlatformMemoryCache memoryCache, IEventPublisher eventPublisher, Func<ISecurityRepository> repositoryFactory, IOptions<PasswordOptionsExtended> passwordOptionsExtended)
             : base(store, optionsAccessor, passwordHasher, userValidators, passwordValidators, keyNormalizer, errors, services, logger)
         {
             _memoryCache = memoryCache;
@@ -35,6 +39,8 @@ public CustomUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOpt
             _eventPublisher = eventPublisher;
             _userPasswordHasher = userPasswordHasher;
             _userOptionsExtended = userOptionsExtended.Value;
+            _repositoryFactory = repositoryFactory;
+            _passwordOptionsExtended = passwordOptionsExtended.Value;
         }
 
         public override async Task<ApplicationUser> FindByLoginAsync(string loginProvider, string providerKey)
@@ -112,6 +118,9 @@ public override async Task<IdentityResult> ResetPasswordAsync(ApplicationUser us
             if (result == IdentityResult.Success)
             {
                 SecurityCacheRegion.ExpireUser(user);
+
+                await SavePasswordHistory(user, newPassword);
+
                 // Calculate password hash for external hash storage. This provided as workaround until password hash storage would implemented
                 var customPasswordHash = _userPasswordHasher.HashPassword(user, newPassword);
                 await _eventPublisher.Publish(new UserResetPasswordEvent(user.Id, customPasswordHash));
@@ -128,6 +137,9 @@ public override async Task<IdentityResult> ChangePasswordAsync(ApplicationUser u
             if (result == IdentityResult.Success)
             {
                 SecurityCacheRegion.ExpireUser(user);
+
+                await SavePasswordHistory(user, newPassword);
+
                 // Calculate password hash for external hash storage. This provided as workaround until password hash storage would implemented
                 var customPasswordHash = _userPasswordHasher.HashPassword(user, newPassword);
                 await _eventPublisher.Publish(new UserPasswordChangedEvent(user.Id, customPasswordHash));
@@ -136,6 +148,21 @@ public override async Task<IdentityResult> ChangePasswordAsync(ApplicationUser u
             return result;
         }
 
+        protected virtual async Task SavePasswordHistory(ApplicationUser user, string newPassword)
+        {
+            // Store password history entry
+            if (_passwordOptionsExtended.PasswordHistory.GetValueOrDefault() > 0)
+            {
+                var userPasswordHistoryRecord = AbstractTypeFactory<UserPasswordHistoryEntity>.TryCreateInstance();
+                userPasswordHistoryRecord.UserId = user.Id;
+                userPasswordHistoryRecord.PasswordHash = PasswordHasher.HashPassword(user, newPassword);
+
+                using var repository = _repositoryFactory();
+                repository.Add(userPasswordHistoryRecord);
+                await repository.UnitOfWork.CommitAsync();
+            }
+        }
+
         public override async Task<IdentityResult> DeleteAsync(ApplicationUser user)
         {
             var changedEntries = new List<GenericChangedEntry<ApplicationUser>>
@@ -264,6 +291,19 @@ public override async Task<IdentityResult> CreateAsync(ApplicationUser user)
             return result;
         }
 
+        public override async Task<IdentityResult> CreateAsync(ApplicationUser user, string password)
+        {
+            var result = await base.CreateAsync(user, password);
+
+            if (result.Succeeded)
+            {
+                await SavePasswordHistory(user, password);
+            }
+
+            return result;
+
+        }
+
         public override async Task<IdentityResult> AddToRoleAsync(ApplicationUser user, string role)
         {
             var result = await base.AddToRoleAsync(user, role);
diff --git a/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs b/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
index 9f18f7b8e31..4ab3c2409cf 100644
--- a/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
+++ b/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
@@ -25,6 +25,7 @@ public static IServiceCollection AddSecurityServices(this IServiceCollection ser
             services.AddScoped<IUserNameResolver, HttpContextUserResolver>();
             services.AddSingleton<IPermissionsRegistrar, DefaultPermissionProvider>();
             services.AddScoped<IRoleSearchService, RoleSearchService>();
+
             //Register as singleton because this abstraction can be used as dependency in singleton services
             services.AddSingleton<IUserSearchService>(provider =>
             {
@@ -36,6 +37,8 @@ public static IServiceCollection AddSecurityServices(this IServiceCollection ser
             //Identity dependencies override
             services.TryAddScoped<RoleManager<Role>, CustomRoleManager>();
             services.TryAddScoped<UserManager<ApplicationUser>, CustomUserManager>();
+            services.TryAddScoped<IPasswordValidator<ApplicationUser>, CustomPasswordValidator>();
+            services.TryAddScoped<IdentityErrorDescriber, CustomIdentityErrorDescriber>();
             services.AddSingleton<Func<RoleManager<Role>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<RoleManager<Role>>());
             services.AddSingleton<Func<UserManager<ApplicationUser>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<UserManager<ApplicationUser>>());
             services.AddSingleton<Func<SignInManager<ApplicationUser>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<SignInManager<ApplicationUser>>());
diff --git a/src/VirtoCommerce.Platform.Web/Startup.cs b/src/VirtoCommerce.Platform.Web/Startup.cs
index 56088b187e4..f1902535487 100644
--- a/src/VirtoCommerce.Platform.Web/Startup.cs
+++ b/src/VirtoCommerce.Platform.Web/Startup.cs
@@ -45,7 +45,6 @@
 using VirtoCommerce.Platform.Modules;
 using VirtoCommerce.Platform.Security.Authorization;
 using VirtoCommerce.Platform.Security.Repositories;
-using VirtoCommerce.Platform.Security.Services;
 using VirtoCommerce.Platform.Web.Azure;
 using VirtoCommerce.Platform.Web.Extensions;
 using VirtoCommerce.Platform.Web.Infrastructure;
@@ -325,6 +324,7 @@ public void ConfigureServices(IServiceCollection services)
                 });
 
             services.Configure<IdentityOptions>(Configuration.GetSection("IdentityOptions"));
+            services.Configure<PasswordOptionsExtended>(Configuration.GetSection("IdentityOptions:Password"));
             services.Configure<UserOptionsExtended>(Configuration.GetSection("IdentityOptions:User"));
 
             //always  return 401 instead of 302 for unauthorized  requests
@@ -356,8 +356,6 @@ public void ConfigureServices(IServiceCollection services)
             services.AddSingleton<IAuthorizationPolicyProvider, PermissionAuthorizationPolicyProvider>();
             //Platform authorization handler for policies based on permissions
             services.AddSingleton<IAuthorizationHandler, DefaultPermissionAuthorizationHandler>();
-            // Default password validation service implementation
-            services.AddScoped<IPasswordCheckService, PasswordCheckService>();
 
             services.AddOptions<LocalStorageModuleCatalogOptions>().Bind(Configuration.GetSection("VirtoCommerce"))
                     .PostConfigure(options =>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json
index 2c9576bda0e..224b787f8c8 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json
@@ -325,11 +325,11 @@
                 "repeat-password": "Das neue Passwort stimmt nicht überein!",
                 "invalid-token": "Passwort zurücksetzen Token ist ungültig oder abgelaufen",
                 "password-too-weak": "Neues Passwort entspricht nicht einer oder mehreren Passwortsicherheitsrichtlinien:",
-                "passwordViolatesMinLength": "Passwörter müssen {{minPasswordLength}} oder mehr Zeichen lang sein",
-                "passwordMustHaveLowerCaseLetters": "Passwörter müssen mindestens einen Kleinbuchstaben enthalten ('a'-'z')",
-                "passwordMustHaveUpperCaseLetters": "Passwörter müssen mindestens einen Großbuchstaben haben ('A'-'Z')",
-                "passwordMustHaveDigits": "Passwörter müssen mindestens eine Ziffer haben ('0'-'9')",
-                "passwordMustHaveSpecialCharacters": "Passwörter müssen mindestens ein nicht alphanumerisches Zeichen enthalten"
+                "passwordTooShort": "Passwörter müssen {{errorParameter}} oder mehr Zeichen lang sein",
+                "passwordRequiresLower": "Passwörter müssen mindestens einen Kleinbuchstaben enthalten ('a'-'z')",
+                "passwordRequiresUpper": "Passwörter müssen mindestens einen Großbuchstaben haben ('A'-'Z')",
+                "passwordRequiresDigit": "Passwörter müssen mindestens eine Ziffer haben ('0'-'9')",
+                "passwordRequiresNonAlphanumeric": "Passwörter müssen mindestens ein nicht alphanumerisches Zeichen enthalten"
             },
             "placeholders": {
                 "current-password": "Aktuelles Passwort eingeben",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
index 8855e68b6be..4f812d521e5 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
@@ -347,12 +347,13 @@
                     "repeat-password": "New passwords do not match!",
                     "invalid-token": "Reset password token is invalid or expired",
                     "password-too-weak": "New password does not comply one or more password security policies:",
-                    "passwordViolatesMinLength": "Passwords must be {{minPasswordLength}} or more characters long",
-                    "passwordViolatesMinUniqueCharsCount": "Passwords must use at least {{minUniqueCharsCount}} different characters",
-                    "passwordMustHaveLowerCaseLetters": "Passwords must have at least one lowercase ('a'-'z')",
-                    "passwordMustHaveUpperCaseLetters": "Passwords must have at least one uppercase ('A'-'Z')",
-                    "passwordMustHaveDigits": "Passwords must have at least one digit ('0'-'9')",
-                    "passwordMustHaveSpecialCharacters": "Passwords must have at least one non alphanumeric character"
+                    "passwordTooShort": "Passwords must be {{errorParameter}} or more characters long",
+                    "passwordRequiresUniqueChars": "Passwords must use at least {{errorParameter}} different characters",
+                    "passwordRequiresLower": "Passwords must have at least one lowercase ('a'-'z')",
+                    "passwordRequiresUpper": "Passwords must have at least one uppercase ('A'-'Z')",
+                    "passwordRequiresDigit": "Passwords must have at least one digit ('0'-'9')",
+                    "passwordRequiresNonAlphanumeric": "Passwords must have at least one non alphanumeric character",
+                     "recentPasswordUsed": "This password has been used in recent history. Please choose a different password."
                 },
                 "placeholders": {
                     "new-password": "Enter new password",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json
index 32a8604b9e8..ef4616d3964 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json
@@ -410,11 +410,11 @@
                     "repeat-password": "Новые пароли не совпадают!",
                     "invalid-token": "Токен смены пароля некорректен или срок его действия истёк",
                     "password-too-weak": "Новый пароль не удовлетворяет одной или нескольким политикам безопасности паролей:",
-                    "passwordViolatesMinLength": "Длина паролей должна составлять {{minPasswordLength}} или более символов",
-                    "passwordMustHaveLowerCaseLetters": "Пароли должны содержать хотя бы одну строчную букву ('a'-'z')",
-                    "passwordMustHaveUpperCaseLetters": "Пароли должны содержать хотя бы одну заглавную букву ('A'-'Z')",
-                    "passwordMustHaveDigits": "Пароли должны содержать хотя бы одну цифру ('0'-'9')",
-                    "passwordMustHaveSpecialCharacters": "Пароли должны содержать хотя бы один знак препинания или другой специальный символ"
+                    "passwordTooShort": "Длина паролей должна составлять {{errorParameter}} или более символов",
+                    "passwordRequiresLower": "Пароли должны содержать хотя бы одну строчную букву ('a'-'z')",
+                    "passwordRequiresUpper": "Пароли должны содержать хотя бы одну заглавную букву ('A'-'Z')",
+                    "passwordRequiresDigit": "Пароли должны содержать хотя бы одну цифру ('0'-'9')",
+                    "passwordRequiresNonAlphanumeric": "Пароли должны содержать хотя бы один знак препинания или другой специальный символ"
                 },
                 "placeholders": {
                     "new-password": "Введите новый пароль",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
index 1186aba6e25..123735ee079 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
@@ -5,18 +5,14 @@ angular.module('platformWebApp')
         function initializeBlade() {
             blade.currentEntity = {
                 newPassword: '',
-                forcePasswordChange: true,
-                passwordIsValid: true,
-                minPasswordLength: 0,
-                minUniqueCharsCount: 0,
-                errors: []
+                forcePasswordChange: true
             };
 
             blade.isLoading = false;
         }
 
         $scope.validatePasswordAsync = function (value) {
-            return passwordValidationService.validatePasswordAsync(value);
+            return passwordValidationService.validateUserPasswordAsync(blade.currentEntityId, value);
         }
 
         $scope.saveChanges = function () {
@@ -28,11 +24,9 @@ angular.module('platformWebApp')
                 forcePasswordChangeOnNextSignIn: blade.currentEntity.forcePasswordChange
             };
 
-            accounts.resetPassword({ id: blade.currentEntityId }, postData, function (data) {
+            accounts.resetPassword({ userName: blade.currentEntityId }, postData, function (data) {
                 blade.parentBlade.refresh();
-                $scope.bladeClose();                
-            }, function (error) {
-                bladeNavigationService.setError(error, $scope.blade);
+                $scope.bladeClose();
             });
         };
 
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js
index 8cb13998b6d..6472c64208a 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js
@@ -9,12 +9,12 @@ angular.module('platformWebApp')
                 passwordTooWeakMessage: '@',
                 newPassword: '='
             },
-            link: function (scope, element, attrs) {
+            link: function (scope) {
                 scope.doValidatePasswordAsync = function (value) {
                     return scope.runPasswordValidation({ value: value }).then(
                         function (result) {
                             scope.passwordValidationResult = result;
-                            return result.passwordIsValid ? $q.resolve() : $q.reject();
+                            return result.succeeded ? $q.resolve() : $q.reject();
                         });
                 }
             }
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html
index 832904721fd..22862f38c98 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html
@@ -1,11 +1,11 @@
 <div class="form-input" ng-form="passwordInputForm">
     <input name="newPasswordInput" ng-model="newPassword" required placeholder="{{passwordPlaceholder}}" type="password" ui-validate-async="'doValidatePasswordAsync($value)'">
 </div>
-<div class="form-error" ng-show="passwordInputForm.newPasswordInput.$dirty && !passwordValidationResult.passwordIsValid">
+<div class="form-error" ng-show="passwordInputForm.newPasswordInput.$dirty && !passwordValidationResult.succeeded">
     <span>{{passwordTooWeakMessage}}</span>
     <ul>
         <li ng-repeat="error in passwordValidationResult.errors">
-            {{ error | translate: passwordValidationResult }}
+            {{ error.descriptionKey | translate: error }}
         </li>
     </ul>
 </div>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
index 7b65dc89c7d..37cb8e74526 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
@@ -4,8 +4,9 @@ angular.module('platformWebApp').factory('platformWebApp.accounts', ['$resource'
         save: { url: 'api/platform/security/users/create', method: 'POST' },
         changepassword: { url: 'api/platform/security/users/:id/changepassword', method: 'POST' },
         changeCurrentUserPassword: { url: 'api/platform/security/currentuser/changepassword', method: 'POST' },
-        resetPassword: { url: 'api/platform/security/users/:id/resetpassword', method: 'POST' },
+        resetPassword: { url: 'api/platform/security/users/:userName/resetpassword', method: 'POST' },
         validatePassword: { url: 'api/platform/security/validatepassword', method: 'POST' },
+        validateUserPassword: { url: 'api/platform/security/validateuserpassword', method: 'POST' },
         update: { method: 'PUT' },
         locked: { url: 'api/platform/security/users/:id/locked', method: 'GET' },
         unlock: { url: 'api/platform/security/users/:id/unlock', method: 'POST' },
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
index e366d690d32..195c75e8a10 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
@@ -4,38 +4,33 @@ angular
         var lastPassword = null;
         var lastPromise = null;
 
-        var performPasswordValidation = function(value) {
-            return accounts.validatePassword(JSON.stringify(value)).$promise.then(
-                function (response) {
-                    var result = {
-                        passwordIsValid: response.passwordIsValid,
-                        minPasswordLength: response.minPasswordLength,
-                        minUniqueCharsCount: response.minUniqueCharsCount,
-                        errors: []
-                    };
-
-                    var filteredKeys = _.filter(Object.keys(response),
-                        function (key) {
-                            return !key.startsWith('$') && response[key] === true;
-                        });
-
-                    filteredKeys.forEach(function (key) {
-                        var resourceName = 'platform.blades.account-resetPassword.validations.' + key;
-                        result.errors.push(resourceName);
-                    });
-
-                    return result;
-                }
-            );
+        var performPasswordValidation = function (value) {
+            return accounts.validatePassword(JSON.stringify(value)).$promise.then((result) => {
+                _.each(result.errors, (x) => {
+                    x.descriptionKey = 'platform.blades.account-resetPassword.validations.' + x.code.charAt(0).toLowerCase() + x.code.slice(1);
+                });
+
+                return result;
+            });
+        };
+
+        var performUserPasswordValidation = function (username, value) {
+            return accounts.validateUserPassword({ userName: username, newPassword: value }).$promise.then((result) => {
+                _.each(result.errors, (x) => {
+                    x.descriptionKey = 'platform.blades.account-resetPassword.validations.' + x.code.charAt(0).toLowerCase() + x.code.slice(1);
+                });
+
+                return result;
+            });
         };
 
         var service = {
             throttleTimeoutMilliseconds: 100,
 
-            validatePasswordAsync: function(value) {
+            validatePasswordAsync: function (value) {
                 lastPassword = value;
 
-                if (lastPromise != null) {
+                if (lastPromise !== null) {
                     return lastPromise;
                 }
 
@@ -46,6 +41,22 @@ angular
                     },
                     this.throttleTimeoutMilliseconds);
 
+                return lastPromise;
+            },
+            validateUserPasswordAsync: function (username, value) {
+                lastPassword = value;
+
+                if (lastPromise !== null) {
+                    return lastPromise;
+                }
+
+                lastPromise = $timeout(
+                    function () {
+                        lastPromise = null;
+                        return performUserPasswordValidation(username, lastPassword);
+                    },
+                    this.throttleTimeoutMilliseconds);
+
                 return lastPromise;
             }
         }
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js
index d072d2b6c5e..48d94ce5c0b 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js
@@ -49,11 +49,11 @@ angular.module('platformWebApp').controller('platformWebApp.newAccountWizardCont
             };
 
             $scope.validatePasswordAsync = function (value) {
-                return passwordValidationService.validatePasswordAsync(value);
+                return passwordValidationService.validateUserPasswordAsync(blade.currentEntity.userName, value);
             }
 
             $scope.saveChanges = function () {
-                if (blade.currentEntity.password != blade.currentEntity.newPassword2) {
+                if (blade.currentEntity.password !== blade.currentEntity.newPassword2) {
                     blade.error = 'Error: passwords don\'t match!';
                     return;
                 }
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs
new file mode 100644
index 00000000000..db08a25012d
--- /dev/null
+++ b/tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs
@@ -0,0 +1,167 @@
+using System;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity;
+using Moq;
+using VirtoCommerce.Platform.Core.Security;
+using VirtoCommerce.Platform.Security;
+using VirtoCommerce.Platform.Security.Model;
+using VirtoCommerce.Platform.Security.Repositories;
+using Xunit;
+
+namespace VirtoCommerce.Platform.Tests.Security
+{
+    public class CustomPasswordValidatorTests
+    {
+        [Fact]
+        public async Task NullPassword_ThrowsException()
+        {
+            // Arrange
+            var userManager = SecurityMockHelpers.TestCustomUserManager();
+            var target = userManager.PasswordValidators.First();
+
+            // Act, Assert
+            await Assert.ThrowsAsync<ArgumentNullException>(async () => await target.ValidateAsync(userManager, new ApplicationUser(), null));
+        }
+
+        [Theory]
+        // Valid passwords
+        [InlineData("qwerty", false, false, false, false, 5, true, false, false, false, false, false)]
+        [InlineData("LongPassword", true, true, false, false, 12, true, false, false, false, false, false)]
+        [InlineData("P455WithD1git5", true, true, true, false, 8, true, false, false, false, false, false)]
+        [InlineData("$ecur3P@Ssw0rd", true, true, true, true, 8, true, false, false, false, false, false)]
+        [InlineData("12ä45", false, false, false, true, 5, true, false, false, false, false, false)]
+        // Violation of minimal length
+        [InlineData("letmein", false, false, false, false, 8, false, true, false, false, false, false)]
+        [InlineData("123", false, false, false, false, 5, false, true, false, false, false, false)]
+        [InlineData("", false, false, false, false, 4, false, true, false, false, false, false)]
+        [InlineData(" \t \r\n", false, false, false, true, 4, false, true, false, false, false, false)]
+        [InlineData(" \t \r\n", true, true, true, true, 4, false, true, true, true, true, false)]
+        // Violation of upper-case letters requirement
+        [InlineData("password", true, false, false, false, 8, false, false, true, false, false, false)]
+        [InlineData("19910203", true, false, false, false, 5, false, false, true, false, false, false)]
+        // Violation of lower-case letters requirement
+        [InlineData("12345678", false, true, false, false, 5, false, false, false, true, false, false)]
+        [InlineData("ADMIN", false, true, false, false, 5, false, false, false, true, false, false)]
+        // Violation of digits requirement
+        [InlineData("welcome", false, false, true, false, 5, false, false, false, false, true, false)]
+        [InlineData("!@#$%^", false, false, true, false, 5, false, false, false, false, true, false)]
+        // Violation of special characters requirement
+        [InlineData("whatever", false, false, false, true, 8, false, false, false, false, false, true)]
+        [InlineData("TrustNo1", false, false, false, true, 8, false, false, false, false, false, true)]
+        // Multiple rule violations
+        [InlineData("passw0rd", true, true, true, true, 10, false, true, true, false, false, true)]
+        [InlineData("passw0rd", true, true, true, true, 8, false, false, true, false, false, true)]
+        [InlineData("login", true, true, true, true, 5, false, false, true, false, true, true)]
+        [InlineData("0987654321", true, true, true, true, 12, false, true, true, true, false, true)]
+        [InlineData("!@#$%^", true, true, true, false, 5, false, false, true, true, true, false)]
+        public async Task PasswordValidator_ValidatesByPasswordOptions(
+            string password,
+            bool requireUpperCase,
+            bool requireLowerCase,
+            bool requireDigits,
+            bool requireSpecialCharacters,
+            int minLength,
+            bool passwordIsValid,
+            bool passwordMustBeLonger,
+            bool passwordMustHaveUpper,
+            bool passwordMustHaveLower,
+            bool passwordMustHaveDigit,
+            bool passwordMustHaveNonAlphanumeric)
+        {
+            // Arrange
+            var options = new IdentityOptions
+            {
+                Password = new PasswordOptions
+                {
+                    RequiredLength = minLength,
+                    RequireUppercase = requireUpperCase,
+                    RequireLowercase = requireLowerCase,
+                    RequireDigit = requireDigits,
+                    RequireNonAlphanumeric = requireSpecialCharacters
+                }
+            };
+
+            var user = new ApplicationUser { Id = "id1" };
+            var userStoreMock = new Mock<IUserStore<ApplicationUser>>();
+            userStoreMock.Setup(x => x.FindByIdAsync(user.Id, CancellationToken.None)).ReturnsAsync(user);
+
+            var userManager = SecurityMockHelpers.TestCustomUserManager(userStoreMock, identityOptions: options);
+            var target = userManager.PasswordValidators.First();
+            //var target = new CustomPasswordValidator(new CustomIdentityErrorDescriber(), _repositoryFactory, null);
+
+            // Act
+            var result = await target.ValidateAsync(userManager, user, password);
+
+            // Assert
+            Assert.Equal(passwordIsValid, result.Succeeded);
+
+            Assert.Equal(passwordMustBeLonger, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordTooShort)));
+            if (passwordMustBeLonger)
+            {
+                var tooShort = TryFindErrorByCode(result, nameof(IdentityErrorDescriber.PasswordTooShort));
+                Assert.IsType<CustomIdentityError>(tooShort);
+                Assert.Equal(minLength, ((CustomIdentityError)tooShort).ErrorParameter);
+            }
+            Assert.Equal(passwordMustHaveUpper, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresUpper)));
+            Assert.Equal(passwordMustHaveLower, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresLower)));
+            Assert.Equal(passwordMustHaveDigit, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresDigit)));
+            Assert.Equal(passwordMustHaveNonAlphanumeric, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresNonAlphanumeric)));
+        }
+
+        [Theory]
+        [InlineData("Unique8)", 4, true)]
+        [InlineData("paS$word1", 4, false)]
+        [InlineData("paS$word3", 4, false)]
+        [InlineData("paS$word4", 4, false)]
+        [InlineData("paS$word5", 4, true)]
+        [InlineData("paS$word6", 4, true)]
+        [InlineData("paS$word6", 6, false)]
+        [InlineData("paS$word6", 0, true)]
+        public async Task PasswordValidator_ValidatesByPasswordHistory(
+            string password,
+            int passwordRepeatHistory,
+            bool passwordIsValid)
+        {
+            // Arrange
+            const string userId = "id1";
+            string Hash(string p) => $"hash-{p}";
+
+            var entities = Enumerable.Range(1, passwordRepeatHistory)
+                 .Select(i => new UserPasswordHistoryEntity { UserId = userId, PasswordHash = Hash($"paS$word{i}"), CreatedDate = DateTime.UtcNow.AddDays(-i) })
+                 .ToArray();
+
+            var securityRepositoryMock = new Mock<ISecurityRepository>();
+            securityRepositoryMock.Setup(x => x.GetUserPasswordsHistoryAsync(It.IsAny<string>())).ReturnsAsync(entities);
+            ISecurityRepository repositoryFactory() => securityRepositoryMock.Object;
+
+            var passwordHasher = new Mock<IUserPasswordHasher>();
+            passwordHasher.Setup(x => x.HashPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>()))
+                .Returns<ApplicationUser, string>((user, password) => Hash(password));
+            passwordHasher.Setup(x => x.VerifyHashedPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>(), It.IsAny<string>()))
+                .Returns<ApplicationUser, string, string>((user, hash, password) => hash == Hash(password) ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed);
+
+            var userManager = SecurityMockHelpers.TestCustomUserManager(repositoryFactory: repositoryFactory, passwordHasher: passwordHasher);
+            var user = new ApplicationUser { Id = userId };
+            var target = userManager.PasswordValidators.First();
+
+            // Act
+            var result = await target.ValidateAsync(userManager, user, password);
+
+            // Assert
+            Assert.Equal(passwordIsValid, result.Succeeded);
+            Assert.Equal(passwordIsValid, !ExistsErrorByCode(result, CustomPasswordValidator.RecentPasswordUsed));
+        }
+
+        private IdentityError TryFindErrorByCode(IdentityResult result, string errorCode)
+        {
+            return result.Errors.FirstOrDefault(x => x.Code == errorCode);
+        }
+
+        private bool ExistsErrorByCode(IdentityResult result, string errorCode)
+        {
+            return result.Errors.Any(x => x.Code == errorCode);
+        }
+    }
+}
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs
deleted file mode 100644
index d7283ce9993..00000000000
--- a/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs
+++ /dev/null
@@ -1,113 +0,0 @@
-using System;
-using System.Linq;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Identity;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using Moq;
-using VirtoCommerce.Platform.Core.Security;
-using VirtoCommerce.Platform.Security.Services;
-using Xunit;
-
-namespace VirtoCommerce.Platform.Tests.Security
-{
-    public class PasswordCheckServiceTests
-    {
-        [Theory]
-        // Valid passwords
-        [InlineData("qwerty", false, false, false, false, 5, true, false, false, false, false, false)]
-        [InlineData("LongPassword", true, true, false, false, 12, true, false, false, false, false, false)]
-        [InlineData("P455WithD1git5", true, true, true, false, 8, true, false, false, false, false, false)]
-        [InlineData("$ecur3P@Ssw0rd", true, true, true, true, 8, true, false, false, false, false, false)]
-        [InlineData("12ä45", false, false, false, true, 5, true, false, false, false, false, false)]
-        // Violation of minimal length
-        [InlineData("letmein", false, false, false, false, 8, false, true, false, false, false, false)]
-        [InlineData("123", false, false, false, false, 5, false, true, false, false, false, false)]
-        // Violation of upper-case letters requirement
-        [InlineData("password", true, false, false, false, 8, false, false, true, false, false, false)]
-        [InlineData("19910203", true, false, false, false, 5, false, false, true, false, false, false)]
-        // Violation of lower-case letters requirement
-        [InlineData("12345678", false, true, false, false, 5, false, false, false, true, false, false)]
-        [InlineData("ADMIN", false, true, false, false, 5, false, false, false, true, false, false)]
-        // Violation of digits requirement
-        [InlineData("welcome", false, false, true, false, 5, false, false, false, false, true, false)]
-        [InlineData("!@#$%^", false, false, true, false, 5, false, false, false, false, true, false)]
-        // Violation of special characters requirement
-        [InlineData("whatever", false, false, false, true, 8, false, false, false, false, false, true)]
-        [InlineData("TrustNo1", false, false, false, true, 8, false, false, false, false, false, true)]
-        // Multiple rule violations
-        [InlineData("passw0rd", true, true, true, true, 10, false, true, true, false, false, true)]
-        [InlineData("passw0rd", true, true, true, true, 8, false, false, true, false, false, true)]
-        [InlineData("login", true, true, true, true, 5, false, false, true, false, true, true)]
-        [InlineData("0987654321", true, true, true, true, 12, false, true, true, true, false, true)]
-        [InlineData("!@#$%^", true, true, true, false, 5, false, false, true, true, true, false)]
-        // Handling null, empty and whitespace-only passwords
-        [InlineData(null, false, false, false, false, 5, false, true, false, false, false, false)]
-        [InlineData(null, true, true, true, true, 5, false, true, true, true, true, true)]
-        [InlineData("", false, false, false, false, 5, false, true, false, false, false, false)]
-        [InlineData(" \t \r\n", false, false, false, false, 5, true, false, false, false, false, false)]
-        [InlineData(" \t \r\n", false, false, false, true, 5, false, false, false, false, false, true)]
-        [InlineData(" \t \r\n", true, true, true, true, 5, false, false, true, true, true, true)]
-        public async Task TestCheckingPassword(
-            string password,
-            bool requireUpperCase,
-            bool requireLowerCase,
-            bool requireDigits,
-            bool requireSpecialCharacters,
-            int minLength,
-            bool passwordIsValid,
-            bool passwordViolatesMinLength,
-            bool passwordMustHaveUpperCaseLetters,
-            bool passwordMustHaveLowerCaseLetters,
-            bool passwordMustHaveDigits,
-            bool passwordMustHaveSpecialCharacters)
-        {
-            // Arrange
-            var options = new IdentityOptions
-            {
-                Password = new PasswordOptions
-                {
-                    RequiredLength = minLength,
-                    RequireUppercase = requireUpperCase,
-                    RequireLowercase = requireLowerCase,
-                    RequireDigit = requireDigits,
-                    RequireNonAlphanumeric = requireSpecialCharacters
-                }
-            };
-
-            var userManager = CreateUserManager(options);
-            var target = new PasswordCheckService(userManager);
-
-            // Act
-            var result = await target.ValidatePasswordAsync(password);
-
-            // Assert
-            Assert.Equal(passwordIsValid, result.PasswordIsValid);
-
-            Assert.Equal(minLength, result.MinPasswordLength);
-            Assert.Equal(passwordViolatesMinLength, result.PasswordViolatesMinLength);
-            Assert.Equal(passwordMustHaveUpperCaseLetters, result.PasswordMustHaveUpperCaseLetters);
-            Assert.Equal(passwordMustHaveLowerCaseLetters, result.PasswordMustHaveLowerCaseLetters);
-            Assert.Equal(passwordMustHaveDigits, result.PasswordMustHaveDigits);
-            Assert.Equal(passwordMustHaveSpecialCharacters, result.PasswordMustHaveSpecialCharacters);
-        }
-
-        private UserManager<ApplicationUser> CreateUserManager(IdentityOptions options)
-        {
-            var optionsAccessor = new OptionsWrapper<IdentityOptions>(options);
-
-            // Note: all these mocks and stubs are just a boilerplate to create the UserManager instance.
-            var userStore = new Mock<IUserStore<ApplicationUser>>();
-            var passwordHasher = new Mock<IPasswordHasher<ApplicationUser>>();
-            var userValidators = Enumerable.Empty<IUserValidator<ApplicationUser>>();
-            var passwordValidators = Enumerable.Empty<IPasswordValidator<ApplicationUser>>();
-            var lookupNormalizer = new Mock<ILookupNormalizer>();
-            var serviceProvider = new Mock<IServiceProvider>();
-            var logger = new Mock<ILogger<UserManager<ApplicationUser>>>();
-
-            return new UserManager<ApplicationUser>(userStore.Object, optionsAccessor, passwordHasher.Object,
-                userValidators, passwordValidators, lookupNormalizer.Object, new IdentityErrorDescriber(),
-                serviceProvider.Object, logger.Object);
-        }
-    }
-}
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
index 4c6b7306f91..f48930fb2fc 100644
--- a/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
@@ -23,11 +23,12 @@ public async Task TestUserPasswordExpiry(DateTime? lastPasswordChangedDate, Time
             var userStoreMock = new Mock<IUserStore<ApplicationUser>>();
             userStoreMock.Setup(x => x.FindByIdAsync(user.Id, CancellationToken.None)).ReturnsAsync(user);
 
-            var userManager = SecurityMockHelpers.TestCustomUserManager(userStoreMock, new UserOptionsExtended
-            {
-                MaxPasswordAge = maxPasswordAge
-            },
-            GetPlatformMemoryCache());
+            var userManager = SecurityMockHelpers.TestCustomUserManager(userStoreMock,
+                new UserOptionsExtended
+                {
+                    MaxPasswordAge = maxPasswordAge
+                },
+                null, GetPlatformMemoryCache());
 
             //Act
             user = await userManager.FindByIdAsync(user.Id);
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs b/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
index 81345f60005..bf5d30ffd55 100644
--- a/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
@@ -9,6 +9,8 @@
 using VirtoCommerce.Platform.Core.Caching;
 using VirtoCommerce.Platform.Core.Events;
 using VirtoCommerce.Platform.Core.Security;
+using VirtoCommerce.Platform.Security;
+using VirtoCommerce.Platform.Security.Repositories;
 using VirtoCommerce.Platform.Web.Security;
 
 namespace VirtoCommerce.Platform.Tests.Security
@@ -17,10 +19,11 @@ public static class SecurityMockHelpers
     {
         public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock, IEventPublisher eventPublisher)
         {
-            return TestCustomUserManager(storeMock, null, null, eventPublisher);
+            return TestCustomUserManager(storeMock, null, null, null, eventPublisher);
         }
 
-        public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock = null, UserOptionsExtended userOptions = null, PlatformMemoryCache platformMemoryCache = null, IEventPublisher eventPublisher = null)
+        public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock = null,
+            UserOptionsExtended userOptions = null, IdentityOptions identityOptions = null, PlatformMemoryCache platformMemoryCache = null, IEventPublisher eventPublisher = null, Func<ISecurityRepository> repositoryFactory = null, Mock<IUserPasswordHasher> passwordHasher = null)
         {
             storeMock ??= new Mock<IUserStore<ApplicationUser>>();
             storeMock.As<IUserRoleStore<ApplicationUser>>()
@@ -32,10 +35,18 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
             storeMock.Setup(x => x.UpdateAsync(It.IsAny<ApplicationUser>(), CancellationToken.None))
                 .ReturnsAsync(IdentityResult.Success);
 
-            var optionsMock = new Mock<IOptions<IdentityOptions>>();
-            var idOptions = new IdentityOptions();
-            idOptions.Lockout.AllowedForNewUsers = false;
-            optionsMock.Setup(o => o.Value).Returns(idOptions);
+            var identityOptionsMock = new Mock<IOptions<IdentityOptions>>();
+            if (identityOptions != null)
+            {
+                identityOptionsMock.Setup(o => o.Value).Returns(identityOptions);
+            }
+
+            if (passwordHasher == null)
+            {
+                passwordHasher = new Mock<IUserPasswordHasher>();
+                passwordHasher.Setup(x => x.VerifyHashedPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>(), It.IsAny<string>()))
+                    .Returns(PasswordVerificationResult.Success);
+            }
 
             userOptions ??= new UserOptionsExtended
             {
@@ -46,19 +57,21 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
             var userValidators = new List<IUserValidator<ApplicationUser>>();
             var validator = new Mock<IUserValidator<ApplicationUser>>();
             userValidators.Add(validator.Object);
-            var pwdValidators = new List<PasswordValidator<ApplicationUser>>();
-            pwdValidators.Add(new PasswordValidator<ApplicationUser>());
+
+            repositoryFactory ??= () => Mock.Of<ISecurityRepository>();
+            var pwdValidators = new PasswordValidator<ApplicationUser>[] { new CustomPasswordValidator(new CustomIdentityErrorDescriber(), repositoryFactory, passwordHasher.Object) };
+
+            var passwordOptionsMock = new Mock<IOptions<PasswordOptionsExtended>>();
+            passwordOptionsMock.Setup(o => o.Value).Returns(new PasswordOptionsExtended());
+
             var roleManagerMock = new Mock<RoleManager<Role>>(Mock.Of<IRoleStore<Role>>(),
-                new[] { Mock.Of<IRoleValidator<Role>>() },
-                Mock.Of<ILookupNormalizer>(),
-                Mock.Of<IdentityErrorDescriber>(),
-                Mock.Of<ILogger<RoleManager<Role>>>());
-            var passwordHasher = new Mock<IUserPasswordHasher>();
-            passwordHasher.Setup(x => x.VerifyHashedPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>(), It.IsAny<string>()))
-                .Returns(PasswordVerificationResult.Success);
+                        new[] { Mock.Of<IRoleValidator<Role>>() },
+                        Mock.Of<ILookupNormalizer>(),
+                        Mock.Of<IdentityErrorDescriber>(),
+                        Mock.Of<ILogger<RoleManager<Role>>>());
 
             var userManager = new CustomUserManager(storeMock.Object,
-                Mock.Of<IOptions<IdentityOptions>>(),
+                identityOptionsMock.Object,
                 passwordHasher.Object,
                 passwordHasher.Object,
                 userOptionsMock.Object,
@@ -70,7 +83,9 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
                 Mock.Of<ILogger<UserManager<ApplicationUser>>>(),
                 roleManagerMock.Object,
                 platformMemoryCache ?? Mock.Of<IPlatformMemoryCache>(),
-                eventPublisher);
+                eventPublisher,
+                repositoryFactory,
+                passwordOptionsMock.Object);
 
             validator.Setup(x => x.ValidateAsync(userManager, It.IsAny<ApplicationUser>()))
                 .ReturnsAsync(IdentityResult.Success).Verifiable();

From e8bf09a0d2d827586df580d9b79e6b6cc0575354 Mon Sep 17 00:00:00 2001
From: Egidijus Mazeika <em@virtoway.com>
Date: Sun, 11 Apr 2021 22:44:16 +0300
Subject: [PATCH 61/70] Revert "PT-85: Set up user password repeat generation
 policy"

This reverts commit 982898301d5f26a1a68986fcbe6c9a83d15fd0cc.
---
 docs/user-guide/configuration-settings.md     |   1 -
 .../Security/IPasswordCheckService.cs         |  17 +
 .../Security/PasswordOptionsExtended.cs       |   7 -
 .../Security/PasswordValidationResult.cs      |  53 ++
 .../CustomIdentityError.cs                    |  12 -
 .../CustomIdentityErrorDescriber.cs           |  38 --
 .../CustomPasswordValidator.cs                |  48 --
 ...9102639_AddUserPasswordHistory.Designer.cs | 619 ------------------
 .../20210409102639_AddUserPasswordHistory.cs  |  45 --
 .../SecurityDbContextModelSnapshot.cs         |  44 --
 .../Migrations/add-migrations-command.txt     |   5 +-
 .../Model/UserPasswordHistoryEntity.cs        |  14 -
 .../Repositories/ISecurityRepository.cs       |   7 +-
 .../Repositories/SecurityDbContext.cs         |   9 -
 .../Repositories/SecurityRepository.cs        |  23 +-
 .../Services/PasswordCheckService.cs          | 110 ++++
 .../Controllers/Api/SecurityController.cs     |  40 +-
 .../Security/CustomUserManager.cs             |  48 +-
 .../Security/ServiceCollectionExtensions.cs   |   3 -
 src/VirtoCommerce.Platform.Web/Startup.cs     |   4 +-
 .../de.VirtoCommerce.Platform.json            |  10 +-
 .../en.VirtoCommerce.Platform.json            |  13 +-
 .../ru.VirtoCommerce.Platform.json            |  10 +-
 .../security/blades/account-resetPassword.js  |  14 +-
 .../app/security/directives/password-input.js |   4 +-
 .../directives/password-input.tpl.html        |   4 +-
 .../js/app/security/resources/accounts.js     |   3 +-
 .../services/passwordValidationService.js     |  61 +-
 .../wizards/newAccount/new-account-wizard.js  |   4 +-
 .../Security/CustomPasswordValidatorTests.cs  | 167 -----
 .../Security/PasswordCheckServiceTests.cs     | 113 ++++
 .../Security/PasswordExpiryTests.cs           |  11 +-
 .../Security/SecurityMockHelpers.cs           |  49 +-
 33 files changed, 389 insertions(+), 1221 deletions(-)
 create mode 100644 src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs
 delete mode 100644 src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs
 create mode 100644 src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
 delete mode 100644 src/VirtoCommerce.Platform.Security/CustomIdentityError.cs
 delete mode 100644 src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs
 delete mode 100644 src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs
 delete mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs
 delete mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs
 delete mode 100644 src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
 delete mode 100644 tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs
 create mode 100644 tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs

diff --git a/docs/user-guide/configuration-settings.md b/docs/user-guide/configuration-settings.md
index c92f5963bf4..5992e0b1165 100644
--- a/docs/user-guide/configuration-settings.md
+++ b/docs/user-guide/configuration-settings.md
@@ -23,7 +23,6 @@ The configuration keys are hierarchical. This structure is most convenient to ma
 |  | FileSystem | E.g., <br> "FileSystem": {<br> "RootPath": "~/assets",<br>"PublicUrl": "http://localhost:10645/assets/"<br>} | File system based assets provider configuration. Used, if `"Provider": "FileSystem"`
 |  | AzureBlobStorage | E.g., <br> "AzureBlobStorage": {<br> "ConnectionString": "",<br>"CdnUrl": ""<br>}  | Azure Blob Storage based assets provider configuration. Used, if `"Provider": "AzureBlobStorage"`
 | IdentityOptions | | | Options to configure the ASP&#46;NET Core Identity system. Check [Configure ASP.NET Core Identity](https://github.com/dotnet/AspNetCore.Docs/blob/master/aspnetcore/security/authentication/identity-configuration.md#configure-aspnet-core-identity) for details.
-|  | Password.PasswordHistory | E.g., <br>"PasswordHistory": 4 | The number of recent user's passwords to check during the password validation. Old password can't be reused for this number of cycles.<br>Value of "0" or not defined - password history is disabled.
 |  | User.MaxPasswordAge | "MaxPasswordAge": "0" | TimeSpan defining max. user password age until the password expires. The user is forced to change the expired password on login to Platform Manager UI.<br>Value of "0" or not defined - password expiration is disabled.
 |  | User.RemindPasswordExpiryInDays | "RemindPasswordExpiryInDays": 7  | Number of days to start showing password expiry warning in Platform Manager UI. Used, if password expiration is enabled. 
 | ExternalModules | | | Configure external source to install modules.
diff --git a/src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs b/src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs
new file mode 100644
index 00000000000..e1bf36ebb5e
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs
@@ -0,0 +1,17 @@
+using System.Threading.Tasks;
+
+namespace VirtoCommerce.Platform.Core.Security
+{
+    /// <summary>
+    /// Service for checking password against password security policies.
+    /// </summary>
+    public interface IPasswordCheckService
+    {
+        /// <summary>
+        /// Runs password validation.
+        /// </summary>
+        /// <param name="password">String with password to validate.</param>
+        /// <returns>Password validation result.</returns>
+        Task<PasswordValidationResult> ValidatePasswordAsync(string password);
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs b/src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs
deleted file mode 100644
index 1660b20248b..00000000000
--- a/src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs
+++ /dev/null
@@ -1,7 +0,0 @@
-namespace VirtoCommerce.Platform.Core.Security
-{
-    public class PasswordOptionsExtended
-    {
-        public int? PasswordHistory { get; set; }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs b/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
new file mode 100644
index 00000000000..690322489e7
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
@@ -0,0 +1,53 @@
+namespace VirtoCommerce.Platform.Core.Security
+{
+    /// <summary>
+    /// Result of password security validation.
+    /// </summary>
+    public class PasswordValidationResult
+    {
+        /// <summary>
+        /// Indicates overall password validation status.
+        /// </summary>
+        public bool PasswordIsValid { get; set; }
+
+        /// <summary>
+        /// Minimal password length required to pass the validation.
+        /// </summary>
+        public int MinPasswordLength { get; set; }
+
+        /// <summary>
+        /// Indicates that password length is less than minimal password length.
+        /// </summary>
+        public bool PasswordViolatesMinLength { get; set; }
+
+        /// <summary>
+        /// Minimal unique chars count.
+        /// </summary>
+        public int MinUniqueCharsCount { get; set; }
+
+        /// <summary>
+        /// Indicates that password comprised of less than minimum number of unique chars.
+        /// </summary>
+        public bool PasswordViolatesMinUniqueCharsCount { get; set; }
+
+        /// <summary>
+        /// Indicates that entered password lacks one or more lower-case letters.
+        /// </summary>
+        public bool PasswordMustHaveLowerCaseLetters { get; set; }
+
+        /// <summary>
+        /// Indicates that entered password lacks one or more upper-case letters.
+        /// </summary>
+        public bool PasswordMustHaveUpperCaseLetters { get; set; }
+
+        /// <summary>
+        /// Indicates that entered password lacks one or more digits.
+        /// </summary>
+        public bool PasswordMustHaveDigits { get; set; }
+
+        /// <summary>
+        /// Indicates that entered password lacks one or more non-alphanumerical characters.
+        /// </summary>
+        public bool PasswordMustHaveSpecialCharacters { get; set; }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/CustomIdentityError.cs b/src/VirtoCommerce.Platform.Security/CustomIdentityError.cs
deleted file mode 100644
index 74895c6c947..00000000000
--- a/src/VirtoCommerce.Platform.Security/CustomIdentityError.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-using Microsoft.AspNetCore.Identity;
-
-namespace VirtoCommerce.Platform.Security
-{
-    public class CustomIdentityError : IdentityError
-    {
-        /// <summary>
-        /// Auxiliary error parameter: E.g., RequiredLength, etc.
-        /// </summary>
-        public int ErrorParameter { get; set; }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs b/src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs
deleted file mode 100644
index 466efd95eb6..00000000000
--- a/src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs
+++ /dev/null
@@ -1,38 +0,0 @@
-using Microsoft.AspNetCore.Identity;
-
-namespace VirtoCommerce.Platform.Security
-{
-    /// <summary>
-    /// Overriding https://github.com/dotnet/aspnetcore/blob/release/3.1/src/Identity/Extensions.Core/src/IdentityErrorDescriber.cs
-    /// </summary>
-    public class CustomIdentityErrorDescriber : IdentityErrorDescriber
-    {
-        /// <summary>
-        /// Returns an <see cref="IdentityError"/> indicating a password of the specified <paramref name="length"/> does not meet the minimum length requirements.
-        /// </summary>
-        /// <param name="length">The length that is not long enough.</param>
-        /// <returns>An <see cref="IdentityError"/> indicating a password of the specified <paramref name="length"/> does not meet the minimum length requirements.</returns>
-        public override IdentityError PasswordTooShort(int length)
-        {
-            return new CustomIdentityError
-            {
-                Code = nameof(PasswordTooShort),
-                ErrorParameter = length
-            };
-        }
-
-        /// <summary>
-        /// Returns an <see cref="IdentityError"/> indicating a password does not meet the minimum number <paramref name="uniqueChars"/> of unique chars.
-        /// </summary>
-        /// <param name="uniqueChars">The number of different chars that must be used.</param>
-        /// <returns>An <see cref="IdentityError"/> indicating a password does not meet the minimum number <paramref name="uniqueChars"/> of unique chars.</returns>
-        public override IdentityError PasswordRequiresUniqueChars(int uniqueChars)
-        {
-            return new CustomIdentityError
-            {
-                Code = nameof(PasswordRequiresUniqueChars),
-                ErrorParameter = uniqueChars
-            };
-        }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs b/src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs
deleted file mode 100644
index 977d512d0a2..00000000000
--- a/src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs
+++ /dev/null
@@ -1,48 +0,0 @@
-using System;
-using System.Linq;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Identity;
-using VirtoCommerce.Platform.Core.Security;
-using VirtoCommerce.Platform.Security.Repositories;
-
-namespace VirtoCommerce.Platform.Security
-{
-    /// <summary>
-    /// Overriding https://github.com/dotnet/aspnetcore/blob/release/3.1/src/Identity/Extensions.Core/src/PasswordValidator.cs
-    /// </summary>
-    public class CustomPasswordValidator : PasswordValidator<ApplicationUser>
-    {
-        public const string RecentPasswordUsed = "RecentPasswordUsed";
-
-        protected readonly Func<ISecurityRepository> _repositoryFactory;
-        protected readonly IPasswordHasher<ApplicationUser> _passwordHasher;
-
-        public CustomPasswordValidator(IdentityErrorDescriber errors, Func<ISecurityRepository> repositoryFactory, IPasswordHasher<ApplicationUser> passwordHasher)
-            : base(errors)
-
-        {
-            _repositoryFactory = repositoryFactory;
-            _passwordHasher = passwordHasher;
-        }
-
-        public override async Task<IdentityResult> ValidateAsync(UserManager<ApplicationUser> manager, ApplicationUser user, string password)
-        {
-            var result = await base.ValidateAsync(manager, user, password);
-
-            if (result.Succeeded)
-            {
-                using var repository = _repositoryFactory();
-                var userPasswords = await repository.GetUserPasswordsHistoryAsync(user?.Id);
-
-                if (userPasswords.Any(x => _passwordHasher.VerifyHashedPassword(user, x.PasswordHash, password) != PasswordVerificationResult.Failed))
-                {
-                    result = IdentityResult.Failed(new IdentityError
-                    {
-                        Code = RecentPasswordUsed
-                    });
-                }
-            }
-            return result;
-        }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs
deleted file mode 100644
index dfdd51cb2a9..00000000000
--- a/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs
+++ /dev/null
@@ -1,619 +0,0 @@
-// <auto-generated />
-using System;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.EntityFrameworkCore.Infrastructure;
-using Microsoft.EntityFrameworkCore.Metadata;
-using Microsoft.EntityFrameworkCore.Migrations;
-using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
-using VirtoCommerce.Platform.Security.Repositories;
-
-namespace VirtoCommerce.Platform.Security.Migrations
-{
-    [DbContext(typeof(SecurityDbContext))]
-    [Migration("20210409102639_AddUserPasswordHistory")]
-    partial class AddUserPasswordHistory
-    {
-        protected override void BuildTargetModel(ModelBuilder modelBuilder)
-        {
-#pragma warning disable 612, 618
-            modelBuilder
-                .HasAnnotation("ProductVersion", "3.1.8")
-                .HasAnnotation("Relational:MaxIdentifierLength", 128)
-                .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
-                {
-                    b.Property<int>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("int")
-                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
-
-                    b.Property<string>("ClaimType")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("ClaimValue")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("RoleId")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("RoleId");
-
-                    b.ToTable("AspNetRoleClaims");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
-                {
-                    b.Property<int>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("int")
-                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
-
-                    b.Property<string>("ClaimType")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("ClaimValue")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("UserId")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("UserId");
-
-                    b.ToTable("AspNetUserClaims");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
-                {
-                    b.Property<string>("LoginProvider")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("ProviderKey")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("ProviderDisplayName")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("UserId")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.HasKey("LoginProvider", "ProviderKey");
-
-                    b.HasIndex("UserId");
-
-                    b.ToTable("AspNetUserLogins");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
-                {
-                    b.Property<string>("UserId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("RoleId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.HasKey("UserId", "RoleId");
-
-                    b.HasIndex("RoleId");
-
-                    b.ToTable("AspNetUserRoles");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
-                {
-                    b.Property<string>("UserId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("LoginProvider")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("Name")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("Value")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.HasKey("UserId", "LoginProvider", "Name");
-
-                    b.ToTable("AspNetUserTokens");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ClientId")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(100)")
-                        .HasMaxLength(100);
-
-                    b.Property<string>("ClientSecret")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(50)")
-                        .HasMaxLength(50);
-
-                    b.Property<string>("ConsentType")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("DisplayName")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Permissions")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("PostLogoutRedirectUris")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("RedirectUris")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Type")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(25)")
-                        .HasMaxLength(25);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ClientId")
-                        .IsUnique();
-
-                    b.ToTable("OpenIddictApplications");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ApplicationId")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(50)")
-                        .HasMaxLength(50);
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Scopes")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Status")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(25)")
-                        .HasMaxLength(25);
-
-                    b.Property<string>("Subject")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(450)")
-                        .HasMaxLength(450);
-
-                    b.Property<string>("Type")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(25)")
-                        .HasMaxLength(25);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
-
-                    b.ToTable("OpenIddictAuthorizations");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictScope", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(50)")
-                        .HasMaxLength(50);
-
-                    b.Property<string>("Description")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("DisplayName")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Name")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(200)")
-                        .HasMaxLength(200);
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Resources")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("Name")
-                        .IsUnique();
-
-                    b.ToTable("OpenIddictScopes");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ApplicationId")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("AuthorizationId")
-                        .HasColumnType("nvarchar(450)");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(50)")
-                        .HasMaxLength(50);
-
-                    b.Property<DateTimeOffset?>("CreationDate")
-                        .HasColumnType("datetimeoffset");
-
-                    b.Property<DateTimeOffset?>("ExpirationDate")
-                        .HasColumnType("datetimeoffset");
-
-                    b.Property<string>("Payload")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("ReferenceId")
-                        .HasColumnType("nvarchar(100)")
-                        .HasMaxLength(100);
-
-                    b.Property<string>("Status")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(25)")
-                        .HasMaxLength(25);
-
-                    b.Property<string>("Subject")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(450)")
-                        .HasMaxLength(450);
-
-                    b.Property<string>("Type")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(25)")
-                        .HasMaxLength(25);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("AuthorizationId");
-
-                    b.HasIndex("ReferenceId")
-                        .IsUnique()
-                        .HasFilter("[ReferenceId] IS NOT NULL");
-
-                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
-
-                    b.ToTable("OpenIddictTokens");
-                });
-
-            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.ApplicationUser", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<int>("AccessFailedCount")
-                        .HasColumnType("int");
-
-                    b.Property<string>("ConcurrencyStamp")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("CreatedBy")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<DateTime>("CreatedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<string>("Email")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.Property<bool>("EmailConfirmed")
-                        .HasColumnType("bit");
-
-                    b.Property<bool>("IsAdministrator")
-                        .HasColumnType("bit");
-
-                    b.Property<DateTime?>("LastPasswordChangedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<bool>("LockoutEnabled")
-                        .HasColumnType("bit");
-
-                    b.Property<DateTimeOffset?>("LockoutEnd")
-                        .HasColumnType("datetimeoffset");
-
-                    b.Property<string>("MemberId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("ModifiedBy")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<DateTime?>("ModifiedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<string>("NormalizedEmail")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.Property<string>("NormalizedUserName")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.Property<bool>("PasswordExpired")
-                        .HasColumnType("bit");
-
-                    b.Property<string>("PasswordHash")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("PhoneNumber")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<bool>("PhoneNumberConfirmed")
-                        .HasColumnType("bit");
-
-                    b.Property<string>("PhotoUrl")
-                        .HasColumnType("nvarchar(2048)")
-                        .HasMaxLength(2048);
-
-                    b.Property<string>("SecurityStamp")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Status")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.Property<string>("StoreId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<bool>("TwoFactorEnabled")
-                        .HasColumnType("bit");
-
-                    b.Property<string>("UserName")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.Property<string>("UserType")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("NormalizedEmail")
-                        .HasName("EmailIndex");
-
-                    b.HasIndex("NormalizedUserName")
-                        .IsUnique()
-                        .HasName("UserNameIndex")
-                        .HasFilter("[NormalizedUserName] IS NOT NULL");
-
-                    b.ToTable("AspNetUsers");
-                });
-
-            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.Role", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("ConcurrencyStamp")
-                        .IsConcurrencyToken()
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Description")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("Name")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.Property<string>("NormalizedName")
-                        .HasColumnType("nvarchar(256)")
-                        .HasMaxLength(256);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("NormalizedName")
-                        .IsUnique()
-                        .HasName("RoleNameIndex")
-                        .HasFilter("[NormalizedName] IS NOT NULL");
-
-                    b.ToTable("AspNetRoles");
-                });
-
-            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserApiKeyEntity", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("ApiKey")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("CreatedBy")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.Property<DateTime>("CreatedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<bool>("IsActive")
-                        .HasColumnType("bit");
-
-                    b.Property<string>("ModifiedBy")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.Property<DateTime?>("ModifiedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<string>("UserId")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("UserName")
-                        .HasColumnType("nvarchar(max)");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ApiKey")
-                        .IsUnique()
-                        .HasFilter("[ApiKey] IS NOT NULL");
-
-                    b.ToTable("UserApiKey");
-                });
-
-            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("CreatedBy")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.Property<DateTime>("CreatedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<string>("ModifiedBy")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.Property<DateTime?>("ModifiedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<string>("PasswordHash")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("UserId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("UserId");
-
-                    b.ToTable("AspNetUserPasswordsHistory");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
-                        .WithMany()
-                        .HasForeignKey("RoleId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
-                        .WithMany("UserRoles")
-                        .HasForeignKey("RoleId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
-                        .WithMany("UserRoles")
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
-                {
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
-                        .WithMany("Authorizations")
-                        .HasForeignKey("ApplicationId");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
-                {
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
-                        .WithMany("Tokens")
-                        .HasForeignKey("ApplicationId");
-
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", "Authorization")
-                        .WithMany("Tokens")
-                        .HasForeignKey("AuthorizationId");
-                });
-
-            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade);
-                });
-#pragma warning restore 612, 618
-        }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs
deleted file mode 100644
index 56816d19b0b..00000000000
--- a/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs
+++ /dev/null
@@ -1,45 +0,0 @@
-using System;
-using Microsoft.EntityFrameworkCore.Migrations;
-
-namespace VirtoCommerce.Platform.Security.Migrations
-{
-    public partial class AddUserPasswordHistory : Migration
-    {
-        protected override void Up(MigrationBuilder migrationBuilder)
-        {
-            migrationBuilder.CreateTable(
-                name: "AspNetUserPasswordsHistory",
-                columns: table => new
-                {
-                    Id = table.Column<string>(maxLength: 128, nullable: false),
-                    CreatedDate = table.Column<DateTime>(nullable: false),
-                    ModifiedDate = table.Column<DateTime>(nullable: true),
-                    CreatedBy = table.Column<string>(maxLength: 64, nullable: true),
-                    ModifiedBy = table.Column<string>(maxLength: 64, nullable: true),
-                    UserId = table.Column<string>(maxLength: 128, nullable: true),
-                    PasswordHash = table.Column<string>(nullable: false)
-                },
-                constraints: table =>
-                {
-                    table.PrimaryKey("PK_AspNetUserPasswordsHistory", x => x.Id);
-                    table.ForeignKey(
-                        name: "FK_AspNetUserPasswordsHistory_AspNetUsers_UserId",
-                        column: x => x.UserId,
-                        principalTable: "AspNetUsers",
-                        principalColumn: "Id",
-                        onDelete: ReferentialAction.Cascade);
-                });
-
-            migrationBuilder.CreateIndex(
-                name: "IX_AspNetUserPasswordsHistory_UserId",
-                table: "AspNetUserPasswordsHistory",
-                column: "UserId");
-        }
-
-        protected override void Down(MigrationBuilder migrationBuilder)
-        {
-            migrationBuilder.DropTable(
-                name: "AspNetUserPasswordsHistory");
-        }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
index aacab6a5806..b57aa1ab35b 100644
--- a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
+++ b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
@@ -499,42 +499,6 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                     b.ToTable("UserApiKey");
                 });
 
-            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.Property<string>("CreatedBy")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.Property<DateTime>("CreatedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<string>("ModifiedBy")
-                        .HasColumnType("nvarchar(64)")
-                        .HasMaxLength(64);
-
-                    b.Property<DateTime?>("ModifiedDate")
-                        .HasColumnType("datetime2");
-
-                    b.Property<string>("PasswordHash")
-                        .IsRequired()
-                        .HasColumnType("nvarchar(max)");
-
-                    b.Property<string>("UserId")
-                        .HasColumnType("nvarchar(128)")
-                        .HasMaxLength(128);
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("UserId");
-
-                    b.ToTable("AspNetUserPasswordsHistory");
-                });
-
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
                 {
                     b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
@@ -603,14 +567,6 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                         .WithMany("Tokens")
                         .HasForeignKey("AuthorizationId");
                 });
-
-            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
-                {
-                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade);
-                });
 #pragma warning restore 612, 618
         }
     }
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt b/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt
index bdabbb805dc..6590bdeb64f 100644
--- a/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt
+++ b/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt
@@ -1,4 +1 @@
-Add-Migration Initial -Context VirtoCommerce.Platform.Security.Repositories.SecurityDbContext -Verbose -OutputDir Migrations -Project VirtoCommerce.Platform.Security -Debug
-
-REMOVE:
-Remove-Migration -Context VirtoCommerce.Platform.Security.Repositories.SecurityDbContext -Project VirtoCommerce.Platform.Security
+Add-Migration Initial -Context VirtoCommerce.Platform.Security.Repositories.SecurityDbContext  -Verbose -OutputDir Migrations -Project VirtoCommerce.Platform.Security  -Debug
diff --git a/src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs b/src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs
deleted file mode 100644
index a130647c5f1..00000000000
--- a/src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs
+++ /dev/null
@@ -1,14 +0,0 @@
-using System.ComponentModel.DataAnnotations;
-using VirtoCommerce.Platform.Core.Common;
-
-namespace VirtoCommerce.Platform.Security.Model
-{
-    public class UserPasswordHistoryEntity : AuditableEntity
-    {
-        [StringLength(128)]
-        public string UserId { get; set; }
-
-        [Required]
-        public string PasswordHash { get; set; }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs b/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs
index badb37ecf40..b3b6ba5abd1 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs
@@ -1,5 +1,4 @@
 using System.Linq;
-using System.Threading.Tasks;
 using VirtoCommerce.Platform.Core.Common;
 using VirtoCommerce.Platform.Security.Model;
 
@@ -7,10 +6,6 @@ namespace VirtoCommerce.Platform.Security.Repositories
 {
     public interface ISecurityRepository : IRepository
     {
-        IQueryable<UserApiKeyEntity> UserApiKeys { get; }
-
-        IQueryable<UserPasswordHistoryEntity> UserPasswordsHistory { get; }
-
-        Task<UserPasswordHistoryEntity[]> GetUserPasswordsHistoryAsync(string userId);
+        IQueryable<UserApiKeyEntity> UserApiKeys { get; }      
     }
 }
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
index 4528d60e83f..5a95f049e6d 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
@@ -28,15 +28,6 @@ protected override void OnModelCreating(ModelBuilder builder)
             builder.Entity<UserApiKeyEntity>().Property(x => x.CreatedBy).HasMaxLength(64);
             builder.Entity<UserApiKeyEntity>().Property(x => x.ModifiedBy).HasMaxLength(64);
 
-            builder.Entity<UserPasswordHistoryEntity>().ToTable("AspNetUserPasswordsHistory").HasKey(x => x.Id);
-            builder.Entity<UserPasswordHistoryEntity>().Property(x => x.Id).HasMaxLength(128).ValueGeneratedOnAdd();
-            builder.Entity<UserPasswordHistoryEntity>().HasIndex(x => new { x.UserId });
-            builder.Entity<UserPasswordHistoryEntity>()
-                .HasOne<ApplicationUser>()
-                .WithMany()
-                .HasForeignKey(uh => uh.UserId)
-                .OnDelete(DeleteBehavior.Cascade);
-
             builder.Entity<IdentityUserRole<string>>(userRole =>
             {
                 userRole.HasOne<Role>()
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs b/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs
index 6f3c737232b..ff82c0fc5d2 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs
@@ -1,9 +1,4 @@
 using System.Linq;
-using System.Threading.Tasks;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.Extensions.Options;
-using VirtoCommerce.Platform.Core.Common;
-using VirtoCommerce.Platform.Core.Security;
 using VirtoCommerce.Platform.Data.Infrastructure;
 using VirtoCommerce.Platform.Security.Model;
 
@@ -11,27 +6,13 @@ namespace VirtoCommerce.Platform.Security.Repositories
 {
     public class SecurityRepository : DbContextRepositoryBase<SecurityDbContext>, ISecurityRepository
     {
-        private readonly PasswordOptionsExtended _passwordOptions;
-
-        public SecurityRepository(SecurityDbContext dbContext, IOptions<PasswordOptionsExtended> passwordOptions)
+        public SecurityRepository(SecurityDbContext dbContext)
             : base(dbContext)
         {
-            _passwordOptions = passwordOptions.Value;
         }
 
-        public virtual IQueryable<UserApiKeyEntity> UserApiKeys => DbContext.Set<UserApiKeyEntity>();
-
-        public virtual IQueryable<UserPasswordHistoryEntity> UserPasswordsHistory => DbContext.Set<UserPasswordHistoryEntity>();
+        public virtual IQueryable<UserApiKeyEntity> UserApiKeys { get { return DbContext.Set<UserApiKeyEntity>(); } }
 
-        public async Task<UserPasswordHistoryEntity[]> GetUserPasswordsHistoryAsync(string userId)
-        {
-            var passwordHistoryLength = _passwordOptions.PasswordHistory.GetValueOrDefault();
 
-            return await UserPasswordsHistory
-                .Where(x => x.UserId == userId)
-                .OrderByDescending(x => x.CreatedDate)
-                .Take(passwordHistoryLength)
-                .ToArrayAsync();
-        }
     }
 }
diff --git a/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs b/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
new file mode 100644
index 00000000000..3ca83e78f73
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
@@ -0,0 +1,110 @@
+using System.Linq;
+using System.Text.RegularExpressions;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity;
+using VirtoCommerce.Platform.Core.Security;
+
+namespace VirtoCommerce.Platform.Security.Services
+{
+    /// <summary>
+    /// Implementation of <see cref="IPasswordCheckService"/> that does actual password validation.
+    /// </summary>
+    public class PasswordCheckService : IPasswordCheckService
+    {
+        protected IdentityOptions Options { get; }
+
+        /// <summary>
+        /// Creates new instance of password check service.
+        /// </summary>
+        /// <param name="options"></param>
+        public PasswordCheckService(UserManager<ApplicationUser> userManager)
+        {
+            Options = userManager.Options;
+        }
+
+        /// <inheritdoc />
+        public virtual Task<PasswordValidationResult> ValidatePasswordAsync(string password)
+        {
+            var result = new PasswordValidationResult
+            {
+                PasswordIsValid = true,
+                MinPasswordLength = Options.Password.RequiredLength,
+                MinUniqueCharsCount = Options.Password.RequiredUniqueChars
+            };
+
+            if (!HasSufficientLength(password))
+            {
+                result.PasswordIsValid = false;
+                result.PasswordViolatesMinLength = true;
+            }
+
+            if (!HasSufficientUniqueChars(password))
+            {
+                result.PasswordIsValid = false;
+                result.PasswordViolatesMinUniqueCharsCount = true;
+            }
+
+            if (Options.Password.RequireUppercase && !HasUpperCaseLetter(password))
+            {
+                result.PasswordIsValid = false;
+                result.PasswordMustHaveUpperCaseLetters = true;
+            }
+
+            if (Options.Password.RequireLowercase && !HasLowerCaseLetter(password))
+            {
+                result.PasswordIsValid = false;
+                result.PasswordMustHaveLowerCaseLetters = true;
+            }
+
+            if (Options.Password.RequireDigit && !HasDigit(password))
+            {
+                result.PasswordIsValid = false;
+                result.PasswordMustHaveDigits = true;
+            }
+
+            if (Options.Password.RequireNonAlphanumeric && !HasSpecialCharacter(password))
+            {
+                result.PasswordIsValid = false;
+                result.PasswordMustHaveSpecialCharacters = true;
+            }
+
+            return Task.FromResult(result);
+        }
+
+        protected virtual bool HasSufficientLength(string password)
+        {
+            return !string.IsNullOrEmpty(password)
+                   && password.Length >= Options.Password.RequiredLength;
+        }
+
+        protected virtual bool HasSufficientUniqueChars(string password)
+        {
+            return !string.IsNullOrEmpty(password)
+                   && password.Distinct().Count() >= Options.Password.RequiredUniqueChars;
+        }
+
+        protected virtual bool HasUpperCaseLetter(string password)
+        {
+            return !string.IsNullOrWhiteSpace(password)
+                   && password.Any(char.IsUpper);
+        }
+
+        protected virtual bool HasLowerCaseLetter(string password)
+        {
+            return !string.IsNullOrWhiteSpace(password)
+                   && password.Any(char.IsLower);
+        }
+
+        protected virtual bool HasDigit(string password)
+        {
+            return !string.IsNullOrWhiteSpace(password)
+                   && password.Any(char.IsDigit);
+        }
+
+        protected virtual bool HasSpecialCharacter(string password)
+        {
+            return !string.IsNullOrWhiteSpace(password)
+                   && !Regex.IsMatch(password, "^[a-zA-Z0-9]+$");
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index 8f69d26aeba..c6c91b7e778 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -37,21 +37,21 @@ public class SecurityController : Controller
         private readonly IPermissionsRegistrar _permissionsProvider;
         private readonly IUserSearchService _userSearchService;
         private readonly IRoleSearchService _roleSearchService;
-        private readonly IPasswordValidator<ApplicationUser> _passwordValidator;
+        private readonly IPasswordCheckService _passwordCheckService;
         private readonly IEmailSender _emailSender;
         private readonly IEventPublisher _eventPublisher;
         private readonly IUserApiKeyService _userApiKeyService;
 
         public SecurityController(SignInManager<ApplicationUser> signInManager, UserManager<ApplicationUser> userManager, RoleManager<Role> roleManager,
                 IPermissionsRegistrar permissionsProvider, IUserSearchService userSearchService, IRoleSearchService roleSearchService,
-                IOptions<Core.Security.AuthorizationOptions> securityOptions, IOptions<UserOptionsExtended> userOptionsExtended, IPasswordValidator<ApplicationUser> passwordValidator, IEmailSender emailSender,
+                IOptions<Core.Security.AuthorizationOptions> securityOptions, IOptions<UserOptionsExtended> userOptionsExtended, IPasswordCheckService passwordCheckService, IEmailSender emailSender,
                 IEventPublisher eventPublisher, IUserApiKeyService userApiKeyService)
         {
             _signInManager = signInManager;
             _userManager = userManager;
             _securityOptions = securityOptions.Value;
             _userOptionsExtended = userOptionsExtended.Value;
-            _passwordValidator = passwordValidator;
+            _passwordCheckService = passwordCheckService;
             _permissionsProvider = permissionsProvider;
             _roleManager = roleManager;
             _userSearchService = userSearchService;
@@ -539,39 +539,9 @@ public async Task<ActionResult> RequestPasswordReset(string loginOrEmail)
         [HttpPost]
         [Route("validatepassword")]
         [Authorize]
-        public async Task<ActionResult<IdentityResult>> ValidatePassword([FromBody] string password)
+        public async Task<ActionResult<PasswordValidationResult>> ValidatePassword([FromBody] string password)
         {
-            var currentUser = await _userManager.FindByNameAsync(User.Identity.Name);
-
-            var result = await _passwordValidator.ValidateAsync(_userManager, currentUser, password);
-
-            return Ok(result);
-        }
-
-        [HttpPost]
-        [Route("validateuserpassword")]
-        [Authorize(PlatformPermissions.SecurityUpdate)]
-        public async Task<ActionResult<IdentityResult>> ValidateUserPassword([FromBody] ChangePasswordRequest validatePassword)
-        {
-            if (validatePassword == null)
-            {
-                throw new ArgumentNullException(nameof(validatePassword));
-            }
-
-            ApplicationUser user = null;
-            if (!validatePassword.UserName.IsNullOrEmpty())
-            {
-
-                if (!IsUserEditable(validatePassword.UserName))
-                {
-                    return BadRequest(IdentityResult.Failed(new IdentityError { Description = "It is forbidden to edit this user." }));
-                }
-
-                user = await _userManager.FindByNameAsync(validatePassword.UserName);
-            }
-
-            var result = await _passwordValidator.ValidateAsync(_userManager, user, validatePassword.NewPassword);
-
+            var result = await _passwordCheckService.ValidatePasswordAsync(password);
             return Ok(result);
         }
 
diff --git a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
index 60ea557308d..cdc95e127f5 100644
--- a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
+++ b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
@@ -12,8 +12,6 @@
 using VirtoCommerce.Platform.Core.Security;
 using VirtoCommerce.Platform.Core.Security.Events;
 using VirtoCommerce.Platform.Security.Caching;
-using VirtoCommerce.Platform.Security.Model;
-using VirtoCommerce.Platform.Security.Repositories;
 
 namespace VirtoCommerce.Platform.Web.Security
 {
@@ -24,14 +22,12 @@ public class CustomUserManager : AspNetUserManager<ApplicationUser>
         private readonly IEventPublisher _eventPublisher;
         private readonly IUserPasswordHasher _userPasswordHasher;
         private readonly UserOptionsExtended _userOptionsExtended;
-        private readonly Func<ISecurityRepository> _repositoryFactory;
-        private readonly PasswordOptionsExtended _passwordOptionsExtended;
 
         public CustomUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOptions> optionsAccessor, IPasswordHasher<ApplicationUser> passwordHasher, IUserPasswordHasher userPasswordHasher,
-            IOptions<UserOptionsExtended> userOptionsExtended,
-            IEnumerable<IUserValidator<ApplicationUser>> userValidators, IEnumerable<IPasswordValidator<ApplicationUser>> passwordValidators,
-            ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider services,
-            ILogger<UserManager<ApplicationUser>> logger, RoleManager<Role> roleManager, IPlatformMemoryCache memoryCache, IEventPublisher eventPublisher, Func<ISecurityRepository> repositoryFactory, IOptions<PasswordOptionsExtended> passwordOptionsExtended)
+                                 IOptions<UserOptionsExtended> userOptionsExtended,
+                                 IEnumerable<IUserValidator<ApplicationUser>> userValidators, IEnumerable<IPasswordValidator<ApplicationUser>> passwordValidators,
+                                 ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider services,
+                                 ILogger<UserManager<ApplicationUser>> logger, RoleManager<Role> roleManager, IPlatformMemoryCache memoryCache, IEventPublisher eventPublisher)
             : base(store, optionsAccessor, passwordHasher, userValidators, passwordValidators, keyNormalizer, errors, services, logger)
         {
             _memoryCache = memoryCache;
@@ -39,8 +35,6 @@ public CustomUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOpt
             _eventPublisher = eventPublisher;
             _userPasswordHasher = userPasswordHasher;
             _userOptionsExtended = userOptionsExtended.Value;
-            _repositoryFactory = repositoryFactory;
-            _passwordOptionsExtended = passwordOptionsExtended.Value;
         }
 
         public override async Task<ApplicationUser> FindByLoginAsync(string loginProvider, string providerKey)
@@ -118,9 +112,6 @@ public override async Task<IdentityResult> ResetPasswordAsync(ApplicationUser us
             if (result == IdentityResult.Success)
             {
                 SecurityCacheRegion.ExpireUser(user);
-
-                await SavePasswordHistory(user, newPassword);
-
                 // Calculate password hash for external hash storage. This provided as workaround until password hash storage would implemented
                 var customPasswordHash = _userPasswordHasher.HashPassword(user, newPassword);
                 await _eventPublisher.Publish(new UserResetPasswordEvent(user.Id, customPasswordHash));
@@ -137,9 +128,6 @@ public override async Task<IdentityResult> ChangePasswordAsync(ApplicationUser u
             if (result == IdentityResult.Success)
             {
                 SecurityCacheRegion.ExpireUser(user);
-
-                await SavePasswordHistory(user, newPassword);
-
                 // Calculate password hash for external hash storage. This provided as workaround until password hash storage would implemented
                 var customPasswordHash = _userPasswordHasher.HashPassword(user, newPassword);
                 await _eventPublisher.Publish(new UserPasswordChangedEvent(user.Id, customPasswordHash));
@@ -148,21 +136,6 @@ public override async Task<IdentityResult> ChangePasswordAsync(ApplicationUser u
             return result;
         }
 
-        protected virtual async Task SavePasswordHistory(ApplicationUser user, string newPassword)
-        {
-            // Store password history entry
-            if (_passwordOptionsExtended.PasswordHistory.GetValueOrDefault() > 0)
-            {
-                var userPasswordHistoryRecord = AbstractTypeFactory<UserPasswordHistoryEntity>.TryCreateInstance();
-                userPasswordHistoryRecord.UserId = user.Id;
-                userPasswordHistoryRecord.PasswordHash = PasswordHasher.HashPassword(user, newPassword);
-
-                using var repository = _repositoryFactory();
-                repository.Add(userPasswordHistoryRecord);
-                await repository.UnitOfWork.CommitAsync();
-            }
-        }
-
         public override async Task<IdentityResult> DeleteAsync(ApplicationUser user)
         {
             var changedEntries = new List<GenericChangedEntry<ApplicationUser>>
@@ -291,19 +264,6 @@ public override async Task<IdentityResult> CreateAsync(ApplicationUser user)
             return result;
         }
 
-        public override async Task<IdentityResult> CreateAsync(ApplicationUser user, string password)
-        {
-            var result = await base.CreateAsync(user, password);
-
-            if (result.Succeeded)
-            {
-                await SavePasswordHistory(user, password);
-            }
-
-            return result;
-
-        }
-
         public override async Task<IdentityResult> AddToRoleAsync(ApplicationUser user, string role)
         {
             var result = await base.AddToRoleAsync(user, role);
diff --git a/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs b/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
index 4ab3c2409cf..9f18f7b8e31 100644
--- a/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
+++ b/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
@@ -25,7 +25,6 @@ public static IServiceCollection AddSecurityServices(this IServiceCollection ser
             services.AddScoped<IUserNameResolver, HttpContextUserResolver>();
             services.AddSingleton<IPermissionsRegistrar, DefaultPermissionProvider>();
             services.AddScoped<IRoleSearchService, RoleSearchService>();
-
             //Register as singleton because this abstraction can be used as dependency in singleton services
             services.AddSingleton<IUserSearchService>(provider =>
             {
@@ -37,8 +36,6 @@ public static IServiceCollection AddSecurityServices(this IServiceCollection ser
             //Identity dependencies override
             services.TryAddScoped<RoleManager<Role>, CustomRoleManager>();
             services.TryAddScoped<UserManager<ApplicationUser>, CustomUserManager>();
-            services.TryAddScoped<IPasswordValidator<ApplicationUser>, CustomPasswordValidator>();
-            services.TryAddScoped<IdentityErrorDescriber, CustomIdentityErrorDescriber>();
             services.AddSingleton<Func<RoleManager<Role>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<RoleManager<Role>>());
             services.AddSingleton<Func<UserManager<ApplicationUser>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<UserManager<ApplicationUser>>());
             services.AddSingleton<Func<SignInManager<ApplicationUser>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<SignInManager<ApplicationUser>>());
diff --git a/src/VirtoCommerce.Platform.Web/Startup.cs b/src/VirtoCommerce.Platform.Web/Startup.cs
index f1902535487..56088b187e4 100644
--- a/src/VirtoCommerce.Platform.Web/Startup.cs
+++ b/src/VirtoCommerce.Platform.Web/Startup.cs
@@ -45,6 +45,7 @@
 using VirtoCommerce.Platform.Modules;
 using VirtoCommerce.Platform.Security.Authorization;
 using VirtoCommerce.Platform.Security.Repositories;
+using VirtoCommerce.Platform.Security.Services;
 using VirtoCommerce.Platform.Web.Azure;
 using VirtoCommerce.Platform.Web.Extensions;
 using VirtoCommerce.Platform.Web.Infrastructure;
@@ -324,7 +325,6 @@ public void ConfigureServices(IServiceCollection services)
                 });
 
             services.Configure<IdentityOptions>(Configuration.GetSection("IdentityOptions"));
-            services.Configure<PasswordOptionsExtended>(Configuration.GetSection("IdentityOptions:Password"));
             services.Configure<UserOptionsExtended>(Configuration.GetSection("IdentityOptions:User"));
 
             //always  return 401 instead of 302 for unauthorized  requests
@@ -356,6 +356,8 @@ public void ConfigureServices(IServiceCollection services)
             services.AddSingleton<IAuthorizationPolicyProvider, PermissionAuthorizationPolicyProvider>();
             //Platform authorization handler for policies based on permissions
             services.AddSingleton<IAuthorizationHandler, DefaultPermissionAuthorizationHandler>();
+            // Default password validation service implementation
+            services.AddScoped<IPasswordCheckService, PasswordCheckService>();
 
             services.AddOptions<LocalStorageModuleCatalogOptions>().Bind(Configuration.GetSection("VirtoCommerce"))
                     .PostConfigure(options =>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json
index 224b787f8c8..2c9576bda0e 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json
@@ -325,11 +325,11 @@
                 "repeat-password": "Das neue Passwort stimmt nicht überein!",
                 "invalid-token": "Passwort zurücksetzen Token ist ungültig oder abgelaufen",
                 "password-too-weak": "Neues Passwort entspricht nicht einer oder mehreren Passwortsicherheitsrichtlinien:",
-                "passwordTooShort": "Passwörter müssen {{errorParameter}} oder mehr Zeichen lang sein",
-                "passwordRequiresLower": "Passwörter müssen mindestens einen Kleinbuchstaben enthalten ('a'-'z')",
-                "passwordRequiresUpper": "Passwörter müssen mindestens einen Großbuchstaben haben ('A'-'Z')",
-                "passwordRequiresDigit": "Passwörter müssen mindestens eine Ziffer haben ('0'-'9')",
-                "passwordRequiresNonAlphanumeric": "Passwörter müssen mindestens ein nicht alphanumerisches Zeichen enthalten"
+                "passwordViolatesMinLength": "Passwörter müssen {{minPasswordLength}} oder mehr Zeichen lang sein",
+                "passwordMustHaveLowerCaseLetters": "Passwörter müssen mindestens einen Kleinbuchstaben enthalten ('a'-'z')",
+                "passwordMustHaveUpperCaseLetters": "Passwörter müssen mindestens einen Großbuchstaben haben ('A'-'Z')",
+                "passwordMustHaveDigits": "Passwörter müssen mindestens eine Ziffer haben ('0'-'9')",
+                "passwordMustHaveSpecialCharacters": "Passwörter müssen mindestens ein nicht alphanumerisches Zeichen enthalten"
             },
             "placeholders": {
                 "current-password": "Aktuelles Passwort eingeben",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
index 4f812d521e5..8855e68b6be 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
@@ -347,13 +347,12 @@
                     "repeat-password": "New passwords do not match!",
                     "invalid-token": "Reset password token is invalid or expired",
                     "password-too-weak": "New password does not comply one or more password security policies:",
-                    "passwordTooShort": "Passwords must be {{errorParameter}} or more characters long",
-                    "passwordRequiresUniqueChars": "Passwords must use at least {{errorParameter}} different characters",
-                    "passwordRequiresLower": "Passwords must have at least one lowercase ('a'-'z')",
-                    "passwordRequiresUpper": "Passwords must have at least one uppercase ('A'-'Z')",
-                    "passwordRequiresDigit": "Passwords must have at least one digit ('0'-'9')",
-                    "passwordRequiresNonAlphanumeric": "Passwords must have at least one non alphanumeric character",
-                     "recentPasswordUsed": "This password has been used in recent history. Please choose a different password."
+                    "passwordViolatesMinLength": "Passwords must be {{minPasswordLength}} or more characters long",
+                    "passwordViolatesMinUniqueCharsCount": "Passwords must use at least {{minUniqueCharsCount}} different characters",
+                    "passwordMustHaveLowerCaseLetters": "Passwords must have at least one lowercase ('a'-'z')",
+                    "passwordMustHaveUpperCaseLetters": "Passwords must have at least one uppercase ('A'-'Z')",
+                    "passwordMustHaveDigits": "Passwords must have at least one digit ('0'-'9')",
+                    "passwordMustHaveSpecialCharacters": "Passwords must have at least one non alphanumeric character"
                 },
                 "placeholders": {
                     "new-password": "Enter new password",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json
index ef4616d3964..32a8604b9e8 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json
@@ -410,11 +410,11 @@
                     "repeat-password": "Новые пароли не совпадают!",
                     "invalid-token": "Токен смены пароля некорректен или срок его действия истёк",
                     "password-too-weak": "Новый пароль не удовлетворяет одной или нескольким политикам безопасности паролей:",
-                    "passwordTooShort": "Длина паролей должна составлять {{errorParameter}} или более символов",
-                    "passwordRequiresLower": "Пароли должны содержать хотя бы одну строчную букву ('a'-'z')",
-                    "passwordRequiresUpper": "Пароли должны содержать хотя бы одну заглавную букву ('A'-'Z')",
-                    "passwordRequiresDigit": "Пароли должны содержать хотя бы одну цифру ('0'-'9')",
-                    "passwordRequiresNonAlphanumeric": "Пароли должны содержать хотя бы один знак препинания или другой специальный символ"
+                    "passwordViolatesMinLength": "Длина паролей должна составлять {{minPasswordLength}} или более символов",
+                    "passwordMustHaveLowerCaseLetters": "Пароли должны содержать хотя бы одну строчную букву ('a'-'z')",
+                    "passwordMustHaveUpperCaseLetters": "Пароли должны содержать хотя бы одну заглавную букву ('A'-'Z')",
+                    "passwordMustHaveDigits": "Пароли должны содержать хотя бы одну цифру ('0'-'9')",
+                    "passwordMustHaveSpecialCharacters": "Пароли должны содержать хотя бы один знак препинания или другой специальный символ"
                 },
                 "placeholders": {
                     "new-password": "Введите новый пароль",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
index 123735ee079..1186aba6e25 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
@@ -5,14 +5,18 @@ angular.module('platformWebApp')
         function initializeBlade() {
             blade.currentEntity = {
                 newPassword: '',
-                forcePasswordChange: true
+                forcePasswordChange: true,
+                passwordIsValid: true,
+                minPasswordLength: 0,
+                minUniqueCharsCount: 0,
+                errors: []
             };
 
             blade.isLoading = false;
         }
 
         $scope.validatePasswordAsync = function (value) {
-            return passwordValidationService.validateUserPasswordAsync(blade.currentEntityId, value);
+            return passwordValidationService.validatePasswordAsync(value);
         }
 
         $scope.saveChanges = function () {
@@ -24,9 +28,11 @@ angular.module('platformWebApp')
                 forcePasswordChangeOnNextSignIn: blade.currentEntity.forcePasswordChange
             };
 
-            accounts.resetPassword({ userName: blade.currentEntityId }, postData, function (data) {
+            accounts.resetPassword({ id: blade.currentEntityId }, postData, function (data) {
                 blade.parentBlade.refresh();
-                $scope.bladeClose();
+                $scope.bladeClose();                
+            }, function (error) {
+                bladeNavigationService.setError(error, $scope.blade);
             });
         };
 
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js
index 6472c64208a..8cb13998b6d 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js
@@ -9,12 +9,12 @@ angular.module('platformWebApp')
                 passwordTooWeakMessage: '@',
                 newPassword: '='
             },
-            link: function (scope) {
+            link: function (scope, element, attrs) {
                 scope.doValidatePasswordAsync = function (value) {
                     return scope.runPasswordValidation({ value: value }).then(
                         function (result) {
                             scope.passwordValidationResult = result;
-                            return result.succeeded ? $q.resolve() : $q.reject();
+                            return result.passwordIsValid ? $q.resolve() : $q.reject();
                         });
                 }
             }
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html
index 22862f38c98..832904721fd 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html
@@ -1,11 +1,11 @@
 <div class="form-input" ng-form="passwordInputForm">
     <input name="newPasswordInput" ng-model="newPassword" required placeholder="{{passwordPlaceholder}}" type="password" ui-validate-async="'doValidatePasswordAsync($value)'">
 </div>
-<div class="form-error" ng-show="passwordInputForm.newPasswordInput.$dirty && !passwordValidationResult.succeeded">
+<div class="form-error" ng-show="passwordInputForm.newPasswordInput.$dirty && !passwordValidationResult.passwordIsValid">
     <span>{{passwordTooWeakMessage}}</span>
     <ul>
         <li ng-repeat="error in passwordValidationResult.errors">
-            {{ error.descriptionKey | translate: error }}
+            {{ error | translate: passwordValidationResult }}
         </li>
     </ul>
 </div>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
index 37cb8e74526..7b65dc89c7d 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
@@ -4,9 +4,8 @@ angular.module('platformWebApp').factory('platformWebApp.accounts', ['$resource'
         save: { url: 'api/platform/security/users/create', method: 'POST' },
         changepassword: { url: 'api/platform/security/users/:id/changepassword', method: 'POST' },
         changeCurrentUserPassword: { url: 'api/platform/security/currentuser/changepassword', method: 'POST' },
-        resetPassword: { url: 'api/platform/security/users/:userName/resetpassword', method: 'POST' },
+        resetPassword: { url: 'api/platform/security/users/:id/resetpassword', method: 'POST' },
         validatePassword: { url: 'api/platform/security/validatepassword', method: 'POST' },
-        validateUserPassword: { url: 'api/platform/security/validateuserpassword', method: 'POST' },
         update: { method: 'PUT' },
         locked: { url: 'api/platform/security/users/:id/locked', method: 'GET' },
         unlock: { url: 'api/platform/security/users/:id/unlock', method: 'POST' },
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
index 195c75e8a10..e366d690d32 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
@@ -4,33 +4,38 @@ angular
         var lastPassword = null;
         var lastPromise = null;
 
-        var performPasswordValidation = function (value) {
-            return accounts.validatePassword(JSON.stringify(value)).$promise.then((result) => {
-                _.each(result.errors, (x) => {
-                    x.descriptionKey = 'platform.blades.account-resetPassword.validations.' + x.code.charAt(0).toLowerCase() + x.code.slice(1);
-                });
-
-                return result;
-            });
-        };
-
-        var performUserPasswordValidation = function (username, value) {
-            return accounts.validateUserPassword({ userName: username, newPassword: value }).$promise.then((result) => {
-                _.each(result.errors, (x) => {
-                    x.descriptionKey = 'platform.blades.account-resetPassword.validations.' + x.code.charAt(0).toLowerCase() + x.code.slice(1);
-                });
-
-                return result;
-            });
+        var performPasswordValidation = function(value) {
+            return accounts.validatePassword(JSON.stringify(value)).$promise.then(
+                function (response) {
+                    var result = {
+                        passwordIsValid: response.passwordIsValid,
+                        minPasswordLength: response.minPasswordLength,
+                        minUniqueCharsCount: response.minUniqueCharsCount,
+                        errors: []
+                    };
+
+                    var filteredKeys = _.filter(Object.keys(response),
+                        function (key) {
+                            return !key.startsWith('$') && response[key] === true;
+                        });
+
+                    filteredKeys.forEach(function (key) {
+                        var resourceName = 'platform.blades.account-resetPassword.validations.' + key;
+                        result.errors.push(resourceName);
+                    });
+
+                    return result;
+                }
+            );
         };
 
         var service = {
             throttleTimeoutMilliseconds: 100,
 
-            validatePasswordAsync: function (value) {
+            validatePasswordAsync: function(value) {
                 lastPassword = value;
 
-                if (lastPromise !== null) {
+                if (lastPromise != null) {
                     return lastPromise;
                 }
 
@@ -41,22 +46,6 @@ angular
                     },
                     this.throttleTimeoutMilliseconds);
 
-                return lastPromise;
-            },
-            validateUserPasswordAsync: function (username, value) {
-                lastPassword = value;
-
-                if (lastPromise !== null) {
-                    return lastPromise;
-                }
-
-                lastPromise = $timeout(
-                    function () {
-                        lastPromise = null;
-                        return performUserPasswordValidation(username, lastPassword);
-                    },
-                    this.throttleTimeoutMilliseconds);
-
                 return lastPromise;
             }
         }
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js
index 48d94ce5c0b..d072d2b6c5e 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js
@@ -49,11 +49,11 @@ angular.module('platformWebApp').controller('platformWebApp.newAccountWizardCont
             };
 
             $scope.validatePasswordAsync = function (value) {
-                return passwordValidationService.validateUserPasswordAsync(blade.currentEntity.userName, value);
+                return passwordValidationService.validatePasswordAsync(value);
             }
 
             $scope.saveChanges = function () {
-                if (blade.currentEntity.password !== blade.currentEntity.newPassword2) {
+                if (blade.currentEntity.password != blade.currentEntity.newPassword2) {
                     blade.error = 'Error: passwords don\'t match!';
                     return;
                 }
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs
deleted file mode 100644
index db08a25012d..00000000000
--- a/tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs
+++ /dev/null
@@ -1,167 +0,0 @@
-using System;
-using System.Linq;
-using System.Threading;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Identity;
-using Moq;
-using VirtoCommerce.Platform.Core.Security;
-using VirtoCommerce.Platform.Security;
-using VirtoCommerce.Platform.Security.Model;
-using VirtoCommerce.Platform.Security.Repositories;
-using Xunit;
-
-namespace VirtoCommerce.Platform.Tests.Security
-{
-    public class CustomPasswordValidatorTests
-    {
-        [Fact]
-        public async Task NullPassword_ThrowsException()
-        {
-            // Arrange
-            var userManager = SecurityMockHelpers.TestCustomUserManager();
-            var target = userManager.PasswordValidators.First();
-
-            // Act, Assert
-            await Assert.ThrowsAsync<ArgumentNullException>(async () => await target.ValidateAsync(userManager, new ApplicationUser(), null));
-        }
-
-        [Theory]
-        // Valid passwords
-        [InlineData("qwerty", false, false, false, false, 5, true, false, false, false, false, false)]
-        [InlineData("LongPassword", true, true, false, false, 12, true, false, false, false, false, false)]
-        [InlineData("P455WithD1git5", true, true, true, false, 8, true, false, false, false, false, false)]
-        [InlineData("$ecur3P@Ssw0rd", true, true, true, true, 8, true, false, false, false, false, false)]
-        [InlineData("12ä45", false, false, false, true, 5, true, false, false, false, false, false)]
-        // Violation of minimal length
-        [InlineData("letmein", false, false, false, false, 8, false, true, false, false, false, false)]
-        [InlineData("123", false, false, false, false, 5, false, true, false, false, false, false)]
-        [InlineData("", false, false, false, false, 4, false, true, false, false, false, false)]
-        [InlineData(" \t \r\n", false, false, false, true, 4, false, true, false, false, false, false)]
-        [InlineData(" \t \r\n", true, true, true, true, 4, false, true, true, true, true, false)]
-        // Violation of upper-case letters requirement
-        [InlineData("password", true, false, false, false, 8, false, false, true, false, false, false)]
-        [InlineData("19910203", true, false, false, false, 5, false, false, true, false, false, false)]
-        // Violation of lower-case letters requirement
-        [InlineData("12345678", false, true, false, false, 5, false, false, false, true, false, false)]
-        [InlineData("ADMIN", false, true, false, false, 5, false, false, false, true, false, false)]
-        // Violation of digits requirement
-        [InlineData("welcome", false, false, true, false, 5, false, false, false, false, true, false)]
-        [InlineData("!@#$%^", false, false, true, false, 5, false, false, false, false, true, false)]
-        // Violation of special characters requirement
-        [InlineData("whatever", false, false, false, true, 8, false, false, false, false, false, true)]
-        [InlineData("TrustNo1", false, false, false, true, 8, false, false, false, false, false, true)]
-        // Multiple rule violations
-        [InlineData("passw0rd", true, true, true, true, 10, false, true, true, false, false, true)]
-        [InlineData("passw0rd", true, true, true, true, 8, false, false, true, false, false, true)]
-        [InlineData("login", true, true, true, true, 5, false, false, true, false, true, true)]
-        [InlineData("0987654321", true, true, true, true, 12, false, true, true, true, false, true)]
-        [InlineData("!@#$%^", true, true, true, false, 5, false, false, true, true, true, false)]
-        public async Task PasswordValidator_ValidatesByPasswordOptions(
-            string password,
-            bool requireUpperCase,
-            bool requireLowerCase,
-            bool requireDigits,
-            bool requireSpecialCharacters,
-            int minLength,
-            bool passwordIsValid,
-            bool passwordMustBeLonger,
-            bool passwordMustHaveUpper,
-            bool passwordMustHaveLower,
-            bool passwordMustHaveDigit,
-            bool passwordMustHaveNonAlphanumeric)
-        {
-            // Arrange
-            var options = new IdentityOptions
-            {
-                Password = new PasswordOptions
-                {
-                    RequiredLength = minLength,
-                    RequireUppercase = requireUpperCase,
-                    RequireLowercase = requireLowerCase,
-                    RequireDigit = requireDigits,
-                    RequireNonAlphanumeric = requireSpecialCharacters
-                }
-            };
-
-            var user = new ApplicationUser { Id = "id1" };
-            var userStoreMock = new Mock<IUserStore<ApplicationUser>>();
-            userStoreMock.Setup(x => x.FindByIdAsync(user.Id, CancellationToken.None)).ReturnsAsync(user);
-
-            var userManager = SecurityMockHelpers.TestCustomUserManager(userStoreMock, identityOptions: options);
-            var target = userManager.PasswordValidators.First();
-            //var target = new CustomPasswordValidator(new CustomIdentityErrorDescriber(), _repositoryFactory, null);
-
-            // Act
-            var result = await target.ValidateAsync(userManager, user, password);
-
-            // Assert
-            Assert.Equal(passwordIsValid, result.Succeeded);
-
-            Assert.Equal(passwordMustBeLonger, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordTooShort)));
-            if (passwordMustBeLonger)
-            {
-                var tooShort = TryFindErrorByCode(result, nameof(IdentityErrorDescriber.PasswordTooShort));
-                Assert.IsType<CustomIdentityError>(tooShort);
-                Assert.Equal(minLength, ((CustomIdentityError)tooShort).ErrorParameter);
-            }
-            Assert.Equal(passwordMustHaveUpper, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresUpper)));
-            Assert.Equal(passwordMustHaveLower, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresLower)));
-            Assert.Equal(passwordMustHaveDigit, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresDigit)));
-            Assert.Equal(passwordMustHaveNonAlphanumeric, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresNonAlphanumeric)));
-        }
-
-        [Theory]
-        [InlineData("Unique8)", 4, true)]
-        [InlineData("paS$word1", 4, false)]
-        [InlineData("paS$word3", 4, false)]
-        [InlineData("paS$word4", 4, false)]
-        [InlineData("paS$word5", 4, true)]
-        [InlineData("paS$word6", 4, true)]
-        [InlineData("paS$word6", 6, false)]
-        [InlineData("paS$word6", 0, true)]
-        public async Task PasswordValidator_ValidatesByPasswordHistory(
-            string password,
-            int passwordRepeatHistory,
-            bool passwordIsValid)
-        {
-            // Arrange
-            const string userId = "id1";
-            string Hash(string p) => $"hash-{p}";
-
-            var entities = Enumerable.Range(1, passwordRepeatHistory)
-                 .Select(i => new UserPasswordHistoryEntity { UserId = userId, PasswordHash = Hash($"paS$word{i}"), CreatedDate = DateTime.UtcNow.AddDays(-i) })
-                 .ToArray();
-
-            var securityRepositoryMock = new Mock<ISecurityRepository>();
-            securityRepositoryMock.Setup(x => x.GetUserPasswordsHistoryAsync(It.IsAny<string>())).ReturnsAsync(entities);
-            ISecurityRepository repositoryFactory() => securityRepositoryMock.Object;
-
-            var passwordHasher = new Mock<IUserPasswordHasher>();
-            passwordHasher.Setup(x => x.HashPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>()))
-                .Returns<ApplicationUser, string>((user, password) => Hash(password));
-            passwordHasher.Setup(x => x.VerifyHashedPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>(), It.IsAny<string>()))
-                .Returns<ApplicationUser, string, string>((user, hash, password) => hash == Hash(password) ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed);
-
-            var userManager = SecurityMockHelpers.TestCustomUserManager(repositoryFactory: repositoryFactory, passwordHasher: passwordHasher);
-            var user = new ApplicationUser { Id = userId };
-            var target = userManager.PasswordValidators.First();
-
-            // Act
-            var result = await target.ValidateAsync(userManager, user, password);
-
-            // Assert
-            Assert.Equal(passwordIsValid, result.Succeeded);
-            Assert.Equal(passwordIsValid, !ExistsErrorByCode(result, CustomPasswordValidator.RecentPasswordUsed));
-        }
-
-        private IdentityError TryFindErrorByCode(IdentityResult result, string errorCode)
-        {
-            return result.Errors.FirstOrDefault(x => x.Code == errorCode);
-        }
-
-        private bool ExistsErrorByCode(IdentityResult result, string errorCode)
-        {
-            return result.Errors.Any(x => x.Code == errorCode);
-        }
-    }
-}
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs
new file mode 100644
index 00000000000..d7283ce9993
--- /dev/null
+++ b/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs
@@ -0,0 +1,113 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Moq;
+using VirtoCommerce.Platform.Core.Security;
+using VirtoCommerce.Platform.Security.Services;
+using Xunit;
+
+namespace VirtoCommerce.Platform.Tests.Security
+{
+    public class PasswordCheckServiceTests
+    {
+        [Theory]
+        // Valid passwords
+        [InlineData("qwerty", false, false, false, false, 5, true, false, false, false, false, false)]
+        [InlineData("LongPassword", true, true, false, false, 12, true, false, false, false, false, false)]
+        [InlineData("P455WithD1git5", true, true, true, false, 8, true, false, false, false, false, false)]
+        [InlineData("$ecur3P@Ssw0rd", true, true, true, true, 8, true, false, false, false, false, false)]
+        [InlineData("12ä45", false, false, false, true, 5, true, false, false, false, false, false)]
+        // Violation of minimal length
+        [InlineData("letmein", false, false, false, false, 8, false, true, false, false, false, false)]
+        [InlineData("123", false, false, false, false, 5, false, true, false, false, false, false)]
+        // Violation of upper-case letters requirement
+        [InlineData("password", true, false, false, false, 8, false, false, true, false, false, false)]
+        [InlineData("19910203", true, false, false, false, 5, false, false, true, false, false, false)]
+        // Violation of lower-case letters requirement
+        [InlineData("12345678", false, true, false, false, 5, false, false, false, true, false, false)]
+        [InlineData("ADMIN", false, true, false, false, 5, false, false, false, true, false, false)]
+        // Violation of digits requirement
+        [InlineData("welcome", false, false, true, false, 5, false, false, false, false, true, false)]
+        [InlineData("!@#$%^", false, false, true, false, 5, false, false, false, false, true, false)]
+        // Violation of special characters requirement
+        [InlineData("whatever", false, false, false, true, 8, false, false, false, false, false, true)]
+        [InlineData("TrustNo1", false, false, false, true, 8, false, false, false, false, false, true)]
+        // Multiple rule violations
+        [InlineData("passw0rd", true, true, true, true, 10, false, true, true, false, false, true)]
+        [InlineData("passw0rd", true, true, true, true, 8, false, false, true, false, false, true)]
+        [InlineData("login", true, true, true, true, 5, false, false, true, false, true, true)]
+        [InlineData("0987654321", true, true, true, true, 12, false, true, true, true, false, true)]
+        [InlineData("!@#$%^", true, true, true, false, 5, false, false, true, true, true, false)]
+        // Handling null, empty and whitespace-only passwords
+        [InlineData(null, false, false, false, false, 5, false, true, false, false, false, false)]
+        [InlineData(null, true, true, true, true, 5, false, true, true, true, true, true)]
+        [InlineData("", false, false, false, false, 5, false, true, false, false, false, false)]
+        [InlineData(" \t \r\n", false, false, false, false, 5, true, false, false, false, false, false)]
+        [InlineData(" \t \r\n", false, false, false, true, 5, false, false, false, false, false, true)]
+        [InlineData(" \t \r\n", true, true, true, true, 5, false, false, true, true, true, true)]
+        public async Task TestCheckingPassword(
+            string password,
+            bool requireUpperCase,
+            bool requireLowerCase,
+            bool requireDigits,
+            bool requireSpecialCharacters,
+            int minLength,
+            bool passwordIsValid,
+            bool passwordViolatesMinLength,
+            bool passwordMustHaveUpperCaseLetters,
+            bool passwordMustHaveLowerCaseLetters,
+            bool passwordMustHaveDigits,
+            bool passwordMustHaveSpecialCharacters)
+        {
+            // Arrange
+            var options = new IdentityOptions
+            {
+                Password = new PasswordOptions
+                {
+                    RequiredLength = minLength,
+                    RequireUppercase = requireUpperCase,
+                    RequireLowercase = requireLowerCase,
+                    RequireDigit = requireDigits,
+                    RequireNonAlphanumeric = requireSpecialCharacters
+                }
+            };
+
+            var userManager = CreateUserManager(options);
+            var target = new PasswordCheckService(userManager);
+
+            // Act
+            var result = await target.ValidatePasswordAsync(password);
+
+            // Assert
+            Assert.Equal(passwordIsValid, result.PasswordIsValid);
+
+            Assert.Equal(minLength, result.MinPasswordLength);
+            Assert.Equal(passwordViolatesMinLength, result.PasswordViolatesMinLength);
+            Assert.Equal(passwordMustHaveUpperCaseLetters, result.PasswordMustHaveUpperCaseLetters);
+            Assert.Equal(passwordMustHaveLowerCaseLetters, result.PasswordMustHaveLowerCaseLetters);
+            Assert.Equal(passwordMustHaveDigits, result.PasswordMustHaveDigits);
+            Assert.Equal(passwordMustHaveSpecialCharacters, result.PasswordMustHaveSpecialCharacters);
+        }
+
+        private UserManager<ApplicationUser> CreateUserManager(IdentityOptions options)
+        {
+            var optionsAccessor = new OptionsWrapper<IdentityOptions>(options);
+
+            // Note: all these mocks and stubs are just a boilerplate to create the UserManager instance.
+            var userStore = new Mock<IUserStore<ApplicationUser>>();
+            var passwordHasher = new Mock<IPasswordHasher<ApplicationUser>>();
+            var userValidators = Enumerable.Empty<IUserValidator<ApplicationUser>>();
+            var passwordValidators = Enumerable.Empty<IPasswordValidator<ApplicationUser>>();
+            var lookupNormalizer = new Mock<ILookupNormalizer>();
+            var serviceProvider = new Mock<IServiceProvider>();
+            var logger = new Mock<ILogger<UserManager<ApplicationUser>>>();
+
+            return new UserManager<ApplicationUser>(userStore.Object, optionsAccessor, passwordHasher.Object,
+                userValidators, passwordValidators, lookupNormalizer.Object, new IdentityErrorDescriber(),
+                serviceProvider.Object, logger.Object);
+        }
+    }
+}
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
index f48930fb2fc..4c6b7306f91 100644
--- a/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
@@ -23,12 +23,11 @@ public async Task TestUserPasswordExpiry(DateTime? lastPasswordChangedDate, Time
             var userStoreMock = new Mock<IUserStore<ApplicationUser>>();
             userStoreMock.Setup(x => x.FindByIdAsync(user.Id, CancellationToken.None)).ReturnsAsync(user);
 
-            var userManager = SecurityMockHelpers.TestCustomUserManager(userStoreMock,
-                new UserOptionsExtended
-                {
-                    MaxPasswordAge = maxPasswordAge
-                },
-                null, GetPlatformMemoryCache());
+            var userManager = SecurityMockHelpers.TestCustomUserManager(userStoreMock, new UserOptionsExtended
+            {
+                MaxPasswordAge = maxPasswordAge
+            },
+            GetPlatformMemoryCache());
 
             //Act
             user = await userManager.FindByIdAsync(user.Id);
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs b/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
index bf5d30ffd55..81345f60005 100644
--- a/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
@@ -9,8 +9,6 @@
 using VirtoCommerce.Platform.Core.Caching;
 using VirtoCommerce.Platform.Core.Events;
 using VirtoCommerce.Platform.Core.Security;
-using VirtoCommerce.Platform.Security;
-using VirtoCommerce.Platform.Security.Repositories;
 using VirtoCommerce.Platform.Web.Security;
 
 namespace VirtoCommerce.Platform.Tests.Security
@@ -19,11 +17,10 @@ public static class SecurityMockHelpers
     {
         public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock, IEventPublisher eventPublisher)
         {
-            return TestCustomUserManager(storeMock, null, null, null, eventPublisher);
+            return TestCustomUserManager(storeMock, null, null, eventPublisher);
         }
 
-        public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock = null,
-            UserOptionsExtended userOptions = null, IdentityOptions identityOptions = null, PlatformMemoryCache platformMemoryCache = null, IEventPublisher eventPublisher = null, Func<ISecurityRepository> repositoryFactory = null, Mock<IUserPasswordHasher> passwordHasher = null)
+        public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock = null, UserOptionsExtended userOptions = null, PlatformMemoryCache platformMemoryCache = null, IEventPublisher eventPublisher = null)
         {
             storeMock ??= new Mock<IUserStore<ApplicationUser>>();
             storeMock.As<IUserRoleStore<ApplicationUser>>()
@@ -35,18 +32,10 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
             storeMock.Setup(x => x.UpdateAsync(It.IsAny<ApplicationUser>(), CancellationToken.None))
                 .ReturnsAsync(IdentityResult.Success);
 
-            var identityOptionsMock = new Mock<IOptions<IdentityOptions>>();
-            if (identityOptions != null)
-            {
-                identityOptionsMock.Setup(o => o.Value).Returns(identityOptions);
-            }
-
-            if (passwordHasher == null)
-            {
-                passwordHasher = new Mock<IUserPasswordHasher>();
-                passwordHasher.Setup(x => x.VerifyHashedPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>(), It.IsAny<string>()))
-                    .Returns(PasswordVerificationResult.Success);
-            }
+            var optionsMock = new Mock<IOptions<IdentityOptions>>();
+            var idOptions = new IdentityOptions();
+            idOptions.Lockout.AllowedForNewUsers = false;
+            optionsMock.Setup(o => o.Value).Returns(idOptions);
 
             userOptions ??= new UserOptionsExtended
             {
@@ -57,21 +46,19 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
             var userValidators = new List<IUserValidator<ApplicationUser>>();
             var validator = new Mock<IUserValidator<ApplicationUser>>();
             userValidators.Add(validator.Object);
-
-            repositoryFactory ??= () => Mock.Of<ISecurityRepository>();
-            var pwdValidators = new PasswordValidator<ApplicationUser>[] { new CustomPasswordValidator(new CustomIdentityErrorDescriber(), repositoryFactory, passwordHasher.Object) };
-
-            var passwordOptionsMock = new Mock<IOptions<PasswordOptionsExtended>>();
-            passwordOptionsMock.Setup(o => o.Value).Returns(new PasswordOptionsExtended());
-
+            var pwdValidators = new List<PasswordValidator<ApplicationUser>>();
+            pwdValidators.Add(new PasswordValidator<ApplicationUser>());
             var roleManagerMock = new Mock<RoleManager<Role>>(Mock.Of<IRoleStore<Role>>(),
-                        new[] { Mock.Of<IRoleValidator<Role>>() },
-                        Mock.Of<ILookupNormalizer>(),
-                        Mock.Of<IdentityErrorDescriber>(),
-                        Mock.Of<ILogger<RoleManager<Role>>>());
+                new[] { Mock.Of<IRoleValidator<Role>>() },
+                Mock.Of<ILookupNormalizer>(),
+                Mock.Of<IdentityErrorDescriber>(),
+                Mock.Of<ILogger<RoleManager<Role>>>());
+            var passwordHasher = new Mock<IUserPasswordHasher>();
+            passwordHasher.Setup(x => x.VerifyHashedPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>(), It.IsAny<string>()))
+                .Returns(PasswordVerificationResult.Success);
 
             var userManager = new CustomUserManager(storeMock.Object,
-                identityOptionsMock.Object,
+                Mock.Of<IOptions<IdentityOptions>>(),
                 passwordHasher.Object,
                 passwordHasher.Object,
                 userOptionsMock.Object,
@@ -83,9 +70,7 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
                 Mock.Of<ILogger<UserManager<ApplicationUser>>>(),
                 roleManagerMock.Object,
                 platformMemoryCache ?? Mock.Of<IPlatformMemoryCache>(),
-                eventPublisher,
-                repositoryFactory,
-                passwordOptionsMock.Object);
+                eventPublisher);
 
             validator.Setup(x => x.ValidateAsync(userManager, It.IsAny<ApplicationUser>()))
                 .ReturnsAsync(IdentityResult.Success).Verifiable();

From cfbba2c1e2ab99be13fbc51e8c549a39b0c7cfc8 Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Tue, 13 Apr 2021 11:27:27 +0300
Subject: [PATCH 62/70] PT-85: Set up user password repeat generation policy
 (#2209)

* PT-85: Set up user password repeat generation policy
---
 docs/user-guide/configuration-settings.md     |   1 +
 .../Security/IPasswordCheckService.cs         |  17 -
 .../Security/IUserPasswordHasher.cs           |   2 +
 .../Security/PasswordOptionsExtended.cs       |  10 +
 .../Security/PasswordValidationResult.cs      |  53 --
 .../CustomIdentityError.cs                    |  12 +
 .../CustomIdentityErrorDescriber.cs           |  38 ++
 .../CustomPasswordValidator.cs                |  51 ++
 ...9102639_AddUserPasswordHistory.Designer.cs | 619 ++++++++++++++++++
 .../20210409102639_AddUserPasswordHistory.cs  |  45 ++
 .../SecurityDbContextModelSnapshot.cs         |  44 ++
 .../Migrations/add-migrations-command.txt     |   5 +-
 .../Model/UserPasswordHistoryEntity.cs        |  14 +
 .../Repositories/ISecurityRepository.cs       |   8 +-
 .../Repositories/SecurityDbContext.cs         |   9 +
 .../Repositories/SecurityRepository.cs        |  17 +-
 .../Services/PasswordCheckService.cs          | 110 ----
 .../Controllers/Api/SecurityController.cs     |  36 +-
 .../Security/CustomUserManager.cs             |  48 +-
 .../Security/ServiceCollectionExtensions.cs   |   3 +
 src/VirtoCommerce.Platform.Web/Startup.cs     |   4 +-
 .../de.VirtoCommerce.Platform.json            |  10 +-
 .../en.VirtoCommerce.Platform.json            |  13 +-
 .../ru.VirtoCommerce.Platform.json            |  10 +-
 .../security/blades/account-resetPassword.js  |  14 +-
 .../app/security/directives/password-input.js |   4 +-
 .../directives/password-input.tpl.html        |   4 +-
 .../js/app/security/resources/accounts.js     |   3 +-
 .../services/passwordValidationService.js     |  61 +-
 .../wizards/newAccount/new-account-wizard.js  |   4 +-
 .../Security/CustomPasswordValidatorTests.cs  | 168 +++++
 .../Security/PasswordCheckServiceTests.cs     | 113 ----
 .../Security/PasswordExpiryTests.cs           |  11 +-
 .../Security/SecurityMockHelpers.cs           |  49 +-
 34 files changed, 1221 insertions(+), 389 deletions(-)
 delete mode 100644 src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs
 create mode 100644 src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs
 delete mode 100644 src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/CustomIdentityError.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs
 create mode 100644 src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs
 delete mode 100644 src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
 create mode 100644 tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs
 delete mode 100644 tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs

diff --git a/docs/user-guide/configuration-settings.md b/docs/user-guide/configuration-settings.md
index 5992e0b1165..c92f5963bf4 100644
--- a/docs/user-guide/configuration-settings.md
+++ b/docs/user-guide/configuration-settings.md
@@ -23,6 +23,7 @@ The configuration keys are hierarchical. This structure is most convenient to ma
 |  | FileSystem | E.g., <br> "FileSystem": {<br> "RootPath": "~/assets",<br>"PublicUrl": "http://localhost:10645/assets/"<br>} | File system based assets provider configuration. Used, if `"Provider": "FileSystem"`
 |  | AzureBlobStorage | E.g., <br> "AzureBlobStorage": {<br> "ConnectionString": "",<br>"CdnUrl": ""<br>}  | Azure Blob Storage based assets provider configuration. Used, if `"Provider": "AzureBlobStorage"`
 | IdentityOptions | | | Options to configure the ASP&#46;NET Core Identity system. Check [Configure ASP.NET Core Identity](https://github.com/dotnet/AspNetCore.Docs/blob/master/aspnetcore/security/authentication/identity-configuration.md#configure-aspnet-core-identity) for details.
+|  | Password.PasswordHistory | E.g., <br>"PasswordHistory": 4 | The number of recent user's passwords to check during the password validation. Old password can't be reused for this number of cycles.<br>Value of "0" or not defined - password history is disabled.
 |  | User.MaxPasswordAge | "MaxPasswordAge": "0" | TimeSpan defining max. user password age until the password expires. The user is forced to change the expired password on login to Platform Manager UI.<br>Value of "0" or not defined - password expiration is disabled.
 |  | User.RemindPasswordExpiryInDays | "RemindPasswordExpiryInDays": 7  | Number of days to start showing password expiry warning in Platform Manager UI. Used, if password expiration is enabled. 
 | ExternalModules | | | Configure external source to install modules.
diff --git a/src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs b/src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs
deleted file mode 100644
index e1bf36ebb5e..00000000000
--- a/src/VirtoCommerce.Platform.Core/Security/IPasswordCheckService.cs
+++ /dev/null
@@ -1,17 +0,0 @@
-using System.Threading.Tasks;
-
-namespace VirtoCommerce.Platform.Core.Security
-{
-    /// <summary>
-    /// Service for checking password against password security policies.
-    /// </summary>
-    public interface IPasswordCheckService
-    {
-        /// <summary>
-        /// Runs password validation.
-        /// </summary>
-        /// <param name="password">String with password to validate.</param>
-        /// <returns>Password validation result.</returns>
-        Task<PasswordValidationResult> ValidatePasswordAsync(string password);
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Core/Security/IUserPasswordHasher.cs b/src/VirtoCommerce.Platform.Core/Security/IUserPasswordHasher.cs
index 6b44a6741c3..f16c9ab28c2 100644
--- a/src/VirtoCommerce.Platform.Core/Security/IUserPasswordHasher.cs
+++ b/src/VirtoCommerce.Platform.Core/Security/IUserPasswordHasher.cs
@@ -1,3 +1,4 @@
+using System;
 using Microsoft.AspNetCore.Identity;
 
 namespace VirtoCommerce.Platform.Core.Security
@@ -5,6 +6,7 @@ namespace VirtoCommerce.Platform.Core.Security
     /// <summary>
     /// Basic interface for platform password hashers
     /// </summary>
+    [Obsolete("Use IPasswordHasher<ApplicationUser> instead. UserPasswordsHistory is available from ISecurityRepository")]
     public interface IUserPasswordHasher : IPasswordHasher<ApplicationUser>
     {
     }
diff --git a/src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs b/src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs
new file mode 100644
index 00000000000..1f86e68c5ac
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Core/Security/PasswordOptionsExtended.cs
@@ -0,0 +1,10 @@
+namespace VirtoCommerce.Platform.Core.Security
+{
+    public class PasswordOptionsExtended
+    {
+        /// <summary>
+        /// The number of recent user's passwords to check during the password validation. Old password can't be reused for this number of cycles. Value of "0" or not defined - password history disabled.
+        /// </summary>
+        public int? PasswordHistory { get; set; }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs b/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
deleted file mode 100644
index 690322489e7..00000000000
--- a/src/VirtoCommerce.Platform.Core/Security/PasswordValidationResult.cs
+++ /dev/null
@@ -1,53 +0,0 @@
-namespace VirtoCommerce.Platform.Core.Security
-{
-    /// <summary>
-    /// Result of password security validation.
-    /// </summary>
-    public class PasswordValidationResult
-    {
-        /// <summary>
-        /// Indicates overall password validation status.
-        /// </summary>
-        public bool PasswordIsValid { get; set; }
-
-        /// <summary>
-        /// Minimal password length required to pass the validation.
-        /// </summary>
-        public int MinPasswordLength { get; set; }
-
-        /// <summary>
-        /// Indicates that password length is less than minimal password length.
-        /// </summary>
-        public bool PasswordViolatesMinLength { get; set; }
-
-        /// <summary>
-        /// Minimal unique chars count.
-        /// </summary>
-        public int MinUniqueCharsCount { get; set; }
-
-        /// <summary>
-        /// Indicates that password comprised of less than minimum number of unique chars.
-        /// </summary>
-        public bool PasswordViolatesMinUniqueCharsCount { get; set; }
-
-        /// <summary>
-        /// Indicates that entered password lacks one or more lower-case letters.
-        /// </summary>
-        public bool PasswordMustHaveLowerCaseLetters { get; set; }
-
-        /// <summary>
-        /// Indicates that entered password lacks one or more upper-case letters.
-        /// </summary>
-        public bool PasswordMustHaveUpperCaseLetters { get; set; }
-
-        /// <summary>
-        /// Indicates that entered password lacks one or more digits.
-        /// </summary>
-        public bool PasswordMustHaveDigits { get; set; }
-
-        /// <summary>
-        /// Indicates that entered password lacks one or more non-alphanumerical characters.
-        /// </summary>
-        public bool PasswordMustHaveSpecialCharacters { get; set; }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Security/CustomIdentityError.cs b/src/VirtoCommerce.Platform.Security/CustomIdentityError.cs
new file mode 100644
index 00000000000..74895c6c947
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/CustomIdentityError.cs
@@ -0,0 +1,12 @@
+using Microsoft.AspNetCore.Identity;
+
+namespace VirtoCommerce.Platform.Security
+{
+    public class CustomIdentityError : IdentityError
+    {
+        /// <summary>
+        /// Auxiliary error parameter: E.g., RequiredLength, etc.
+        /// </summary>
+        public int ErrorParameter { get; set; }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs b/src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs
new file mode 100644
index 00000000000..466efd95eb6
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/CustomIdentityErrorDescriber.cs
@@ -0,0 +1,38 @@
+using Microsoft.AspNetCore.Identity;
+
+namespace VirtoCommerce.Platform.Security
+{
+    /// <summary>
+    /// Overriding https://github.com/dotnet/aspnetcore/blob/release/3.1/src/Identity/Extensions.Core/src/IdentityErrorDescriber.cs
+    /// </summary>
+    public class CustomIdentityErrorDescriber : IdentityErrorDescriber
+    {
+        /// <summary>
+        /// Returns an <see cref="IdentityError"/> indicating a password of the specified <paramref name="length"/> does not meet the minimum length requirements.
+        /// </summary>
+        /// <param name="length">The length that is not long enough.</param>
+        /// <returns>An <see cref="IdentityError"/> indicating a password of the specified <paramref name="length"/> does not meet the minimum length requirements.</returns>
+        public override IdentityError PasswordTooShort(int length)
+        {
+            return new CustomIdentityError
+            {
+                Code = nameof(PasswordTooShort),
+                ErrorParameter = length
+            };
+        }
+
+        /// <summary>
+        /// Returns an <see cref="IdentityError"/> indicating a password does not meet the minimum number <paramref name="uniqueChars"/> of unique chars.
+        /// </summary>
+        /// <param name="uniqueChars">The number of different chars that must be used.</param>
+        /// <returns>An <see cref="IdentityError"/> indicating a password does not meet the minimum number <paramref name="uniqueChars"/> of unique chars.</returns>
+        public override IdentityError PasswordRequiresUniqueChars(int uniqueChars)
+        {
+            return new CustomIdentityError
+            {
+                Code = nameof(PasswordRequiresUniqueChars),
+                ErrorParameter = uniqueChars
+            };
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs b/src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs
new file mode 100644
index 00000000000..aaf58f8e3bd
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/CustomPasswordValidator.cs
@@ -0,0 +1,51 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Options;
+using VirtoCommerce.Platform.Core.Security;
+using VirtoCommerce.Platform.Security.Repositories;
+
+namespace VirtoCommerce.Platform.Security
+{
+    /// <summary>
+    /// Overriding https://github.com/dotnet/aspnetcore/blob/release/3.1/src/Identity/Extensions.Core/src/PasswordValidator.cs
+    /// </summary>
+    public class CustomPasswordValidator : PasswordValidator<ApplicationUser>
+    {
+        public const string RecentPasswordUsed = "RecentPasswordUsed";
+
+        protected readonly Func<ISecurityRepository> _repositoryFactory;
+        protected readonly IPasswordHasher<ApplicationUser> _passwordHasher;
+        protected readonly PasswordOptionsExtended _passwordOptions;
+
+        public CustomPasswordValidator(IdentityErrorDescriber errors, Func<ISecurityRepository> repositoryFactory, IPasswordHasher<ApplicationUser> passwordHasher, IOptions<PasswordOptionsExtended> passwordOptions)
+            : base(errors)
+
+        {
+            _repositoryFactory = repositoryFactory;
+            _passwordHasher = passwordHasher;
+            _passwordOptions = passwordOptions.Value;
+        }
+
+        public override async Task<IdentityResult> ValidateAsync(UserManager<ApplicationUser> manager, ApplicationUser user, string password)
+        {
+            var result = await base.ValidateAsync(manager, user, password);
+
+            if (result.Succeeded)
+            {
+                using var repository = _repositoryFactory();
+                var userPasswords = await repository.GetUserPasswordsHistoryAsync(user?.Id, _passwordOptions.PasswordHistory.GetValueOrDefault());
+
+                if (userPasswords.Any(x => _passwordHasher.VerifyHashedPassword(user, x.PasswordHash, password) != PasswordVerificationResult.Failed))
+                {
+                    result = IdentityResult.Failed(new IdentityError
+                    {
+                        Code = RecentPasswordUsed
+                    });
+                }
+            }
+            return result;
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs
new file mode 100644
index 00000000000..dfdd51cb2a9
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.Designer.cs
@@ -0,0 +1,619 @@
+// <auto-generated />
+using System;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Metadata;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using VirtoCommerce.Platform.Security.Repositories;
+
+namespace VirtoCommerce.Platform.Security.Migrations
+{
+    [DbContext(typeof(SecurityDbContext))]
+    [Migration("20210409102639_AddUserPasswordHistory")]
+    partial class AddUserPasswordHistory
+    {
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "3.1.8")
+                .HasAnnotation("Relational:MaxIdentifierLength", 128)
+                .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("RoleId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetRoleClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderKey")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserLogins");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("RoleId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetUserRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("AspNetUserTokens");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(100)")
+                        .HasMaxLength(100);
+
+                    b.Property<string>("ClientSecret")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("ConsentType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Permissions")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("PostLogoutRedirectUris")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("RedirectUris")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ClientId")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictApplications");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Scopes")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Status")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.Property<string>("Subject")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)")
+                        .HasMaxLength(450);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictAuthorizations");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictScope", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<string>("Description")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Resources")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Name")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictScopes");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("AuthorizationId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.Property<DateTimeOffset?>("CreationDate")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<DateTimeOffset?>("ExpirationDate")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<string>("Payload")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ReferenceId")
+                        .HasColumnType("nvarchar(100)")
+                        .HasMaxLength(100);
+
+                    b.Property<string>("Status")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.Property<string>("Subject")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)")
+                        .HasMaxLength(450);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(25)")
+                        .HasMaxLength(25);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("AuthorizationId");
+
+                    b.HasIndex("ReferenceId")
+                        .IsUnique()
+                        .HasFilter("[ReferenceId] IS NOT NULL");
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictTokens");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.ApplicationUser", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("int");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<bool>("IsAdministrator")
+                        .HasColumnType("bit");
+
+                    b.Property<DateTime?>("LastPasswordChangedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<string>("MemberId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("PasswordExpired")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("PhotoUrl")
+                        .HasColumnType("nvarchar(2048)")
+                        .HasMaxLength(2048);
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Status")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<string>("StoreId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("UserType")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedEmail")
+                        .HasName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasName("UserNameIndex")
+                        .HasFilter("[NormalizedUserName] IS NOT NULL");
+
+                    b.ToTable("AspNetUsers");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Core.Security.Role", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedName")
+                        .IsUnique()
+                        .HasName("RoleNameIndex")
+                        .HasFilter("[NormalizedName] IS NOT NULL");
+
+                    b.ToTable("AspNetRoles");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserApiKeyEntity", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ApiKey")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<bool>("IsActive")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ApiKey")
+                        .IsUnique()
+                        .HasFilter("[ApiKey] IS NOT NULL");
+
+                    b.ToTable("UserApiKey");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("PasswordHash")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserPasswordsHistory");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
+                        .WithMany("UserRoles")
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany("UserRoles")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
+                        .WithMany("Authorizations")
+                        .HasForeignKey("ApplicationId");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictToken", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictApplication", "Application")
+                        .WithMany("Tokens")
+                        .HasForeignKey("ApplicationId");
+
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictAuthorization", "Authorization")
+                        .WithMany("Tokens")
+                        .HasForeignKey("AuthorizationId");
+                });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade);
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs b/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs
new file mode 100644
index 00000000000..56816d19b0b
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/Migrations/20210409102639_AddUserPasswordHistory.cs
@@ -0,0 +1,45 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace VirtoCommerce.Platform.Security.Migrations
+{
+    public partial class AddUserPasswordHistory : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.CreateTable(
+                name: "AspNetUserPasswordsHistory",
+                columns: table => new
+                {
+                    Id = table.Column<string>(maxLength: 128, nullable: false),
+                    CreatedDate = table.Column<DateTime>(nullable: false),
+                    ModifiedDate = table.Column<DateTime>(nullable: true),
+                    CreatedBy = table.Column<string>(maxLength: 64, nullable: true),
+                    ModifiedBy = table.Column<string>(maxLength: 64, nullable: true),
+                    UserId = table.Column<string>(maxLength: 128, nullable: true),
+                    PasswordHash = table.Column<string>(nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserPasswordsHistory", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_AspNetUserPasswordsHistory_AspNetUsers_UserId",
+                        column: x => x.UserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserPasswordsHistory_UserId",
+                table: "AspNetUserPasswordsHistory",
+                column: "UserId");
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "AspNetUserPasswordsHistory");
+        }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
index b57aa1ab35b..aacab6a5806 100644
--- a/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
+++ b/src/VirtoCommerce.Platform.Security/Migrations/SecurityDbContextModelSnapshot.cs
@@ -499,6 +499,42 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                     b.ToTable("UserApiKey");
                 });
 
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("CreatedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime>("CreatedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("ModifiedBy")
+                        .HasColumnType("nvarchar(64)")
+                        .HasMaxLength(64);
+
+                    b.Property<DateTime?>("ModifiedDate")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("PasswordHash")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserPasswordsHistory");
+                });
+
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
                 {
                     b.HasOne("VirtoCommerce.Platform.Core.Security.Role", null)
@@ -567,6 +603,14 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                         .WithMany("Tokens")
                         .HasForeignKey("AuthorizationId");
                 });
+
+            modelBuilder.Entity("VirtoCommerce.Platform.Security.Model.UserPasswordHistoryEntity", b =>
+                {
+                    b.HasOne("VirtoCommerce.Platform.Core.Security.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade);
+                });
 #pragma warning restore 612, 618
         }
     }
diff --git a/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt b/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt
index 6590bdeb64f..bdabbb805dc 100644
--- a/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt
+++ b/src/VirtoCommerce.Platform.Security/Migrations/add-migrations-command.txt
@@ -1 +1,4 @@
-Add-Migration Initial -Context VirtoCommerce.Platform.Security.Repositories.SecurityDbContext  -Verbose -OutputDir Migrations -Project VirtoCommerce.Platform.Security  -Debug
+Add-Migration Initial -Context VirtoCommerce.Platform.Security.Repositories.SecurityDbContext -Verbose -OutputDir Migrations -Project VirtoCommerce.Platform.Security -Debug
+
+REMOVE:
+Remove-Migration -Context VirtoCommerce.Platform.Security.Repositories.SecurityDbContext -Project VirtoCommerce.Platform.Security
diff --git a/src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs b/src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs
new file mode 100644
index 00000000000..a130647c5f1
--- /dev/null
+++ b/src/VirtoCommerce.Platform.Security/Model/UserPasswordHistoryEntity.cs
@@ -0,0 +1,14 @@
+using System.ComponentModel.DataAnnotations;
+using VirtoCommerce.Platform.Core.Common;
+
+namespace VirtoCommerce.Platform.Security.Model
+{
+    public class UserPasswordHistoryEntity : AuditableEntity
+    {
+        [StringLength(128)]
+        public string UserId { get; set; }
+
+        [Required]
+        public string PasswordHash { get; set; }
+    }
+}
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs b/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs
index b3b6ba5abd1..64664c3ed74 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/ISecurityRepository.cs
@@ -1,4 +1,6 @@
+using System.Collections.Generic;
 using System.Linq;
+using System.Threading.Tasks;
 using VirtoCommerce.Platform.Core.Common;
 using VirtoCommerce.Platform.Security.Model;
 
@@ -6,6 +8,10 @@ namespace VirtoCommerce.Platform.Security.Repositories
 {
     public interface ISecurityRepository : IRepository
     {
-        IQueryable<UserApiKeyEntity> UserApiKeys { get; }      
+        IQueryable<UserApiKeyEntity> UserApiKeys { get; }
+
+        IQueryable<UserPasswordHistoryEntity> UserPasswordsHistory { get; }
+
+        Task<IEnumerable<UserPasswordHistoryEntity>> GetUserPasswordsHistoryAsync(string userId, int passwordsCountToCheck);
     }
 }
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
index 5a95f049e6d..4528d60e83f 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/SecurityDbContext.cs
@@ -28,6 +28,15 @@ protected override void OnModelCreating(ModelBuilder builder)
             builder.Entity<UserApiKeyEntity>().Property(x => x.CreatedBy).HasMaxLength(64);
             builder.Entity<UserApiKeyEntity>().Property(x => x.ModifiedBy).HasMaxLength(64);
 
+            builder.Entity<UserPasswordHistoryEntity>().ToTable("AspNetUserPasswordsHistory").HasKey(x => x.Id);
+            builder.Entity<UserPasswordHistoryEntity>().Property(x => x.Id).HasMaxLength(128).ValueGeneratedOnAdd();
+            builder.Entity<UserPasswordHistoryEntity>().HasIndex(x => new { x.UserId });
+            builder.Entity<UserPasswordHistoryEntity>()
+                .HasOne<ApplicationUser>()
+                .WithMany()
+                .HasForeignKey(uh => uh.UserId)
+                .OnDelete(DeleteBehavior.Cascade);
+
             builder.Entity<IdentityUserRole<string>>(userRole =>
             {
                 userRole.HasOne<Role>()
diff --git a/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs b/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs
index ff82c0fc5d2..ba11fa6d3f6 100644
--- a/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs
+++ b/src/VirtoCommerce.Platform.Security/Repositories/SecurityRepository.cs
@@ -1,4 +1,8 @@
+using System.Collections.Generic;
 using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.EntityFrameworkCore;
+using VirtoCommerce.Platform.Core.Common;
 using VirtoCommerce.Platform.Data.Infrastructure;
 using VirtoCommerce.Platform.Security.Model;
 
@@ -7,12 +11,21 @@ namespace VirtoCommerce.Platform.Security.Repositories
     public class SecurityRepository : DbContextRepositoryBase<SecurityDbContext>, ISecurityRepository
     {
         public SecurityRepository(SecurityDbContext dbContext)
-            : base(dbContext)
+       : base(dbContext)
         {
         }
 
-        public virtual IQueryable<UserApiKeyEntity> UserApiKeys { get { return DbContext.Set<UserApiKeyEntity>(); } }
+        public virtual IQueryable<UserApiKeyEntity> UserApiKeys => DbContext.Set<UserApiKeyEntity>();
 
+        public virtual IQueryable<UserPasswordHistoryEntity> UserPasswordsHistory => DbContext.Set<UserPasswordHistoryEntity>();
 
+        public async Task<IEnumerable<UserPasswordHistoryEntity>> GetUserPasswordsHistoryAsync(string userId, int passwordsCountToCheck)
+        {
+            return await UserPasswordsHistory
+                .Where(x => x.UserId == userId)
+                .OrderByDescending(x => x.CreatedDate)
+                .Take(passwordsCountToCheck)
+                .ToArrayAsync();
+        }
     }
 }
diff --git a/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs b/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
deleted file mode 100644
index 3ca83e78f73..00000000000
--- a/src/VirtoCommerce.Platform.Security/Services/PasswordCheckService.cs
+++ /dev/null
@@ -1,110 +0,0 @@
-using System.Linq;
-using System.Text.RegularExpressions;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Identity;
-using VirtoCommerce.Platform.Core.Security;
-
-namespace VirtoCommerce.Platform.Security.Services
-{
-    /// <summary>
-    /// Implementation of <see cref="IPasswordCheckService"/> that does actual password validation.
-    /// </summary>
-    public class PasswordCheckService : IPasswordCheckService
-    {
-        protected IdentityOptions Options { get; }
-
-        /// <summary>
-        /// Creates new instance of password check service.
-        /// </summary>
-        /// <param name="options"></param>
-        public PasswordCheckService(UserManager<ApplicationUser> userManager)
-        {
-            Options = userManager.Options;
-        }
-
-        /// <inheritdoc />
-        public virtual Task<PasswordValidationResult> ValidatePasswordAsync(string password)
-        {
-            var result = new PasswordValidationResult
-            {
-                PasswordIsValid = true,
-                MinPasswordLength = Options.Password.RequiredLength,
-                MinUniqueCharsCount = Options.Password.RequiredUniqueChars
-            };
-
-            if (!HasSufficientLength(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordViolatesMinLength = true;
-            }
-
-            if (!HasSufficientUniqueChars(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordViolatesMinUniqueCharsCount = true;
-            }
-
-            if (Options.Password.RequireUppercase && !HasUpperCaseLetter(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordMustHaveUpperCaseLetters = true;
-            }
-
-            if (Options.Password.RequireLowercase && !HasLowerCaseLetter(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordMustHaveLowerCaseLetters = true;
-            }
-
-            if (Options.Password.RequireDigit && !HasDigit(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordMustHaveDigits = true;
-            }
-
-            if (Options.Password.RequireNonAlphanumeric && !HasSpecialCharacter(password))
-            {
-                result.PasswordIsValid = false;
-                result.PasswordMustHaveSpecialCharacters = true;
-            }
-
-            return Task.FromResult(result);
-        }
-
-        protected virtual bool HasSufficientLength(string password)
-        {
-            return !string.IsNullOrEmpty(password)
-                   && password.Length >= Options.Password.RequiredLength;
-        }
-
-        protected virtual bool HasSufficientUniqueChars(string password)
-        {
-            return !string.IsNullOrEmpty(password)
-                   && password.Distinct().Count() >= Options.Password.RequiredUniqueChars;
-        }
-
-        protected virtual bool HasUpperCaseLetter(string password)
-        {
-            return !string.IsNullOrWhiteSpace(password)
-                   && password.Any(char.IsUpper);
-        }
-
-        protected virtual bool HasLowerCaseLetter(string password)
-        {
-            return !string.IsNullOrWhiteSpace(password)
-                   && password.Any(char.IsLower);
-        }
-
-        protected virtual bool HasDigit(string password)
-        {
-            return !string.IsNullOrWhiteSpace(password)
-                   && password.Any(char.IsDigit);
-        }
-
-        protected virtual bool HasSpecialCharacter(string password)
-        {
-            return !string.IsNullOrWhiteSpace(password)
-                   && !Regex.IsMatch(password, "^[a-zA-Z0-9]+$");
-        }
-    }
-}
diff --git a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
index c6c91b7e778..61e0c81e426 100644
--- a/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
+++ b/src/VirtoCommerce.Platform.Web/Controllers/Api/SecurityController.cs
@@ -37,21 +37,21 @@ public class SecurityController : Controller
         private readonly IPermissionsRegistrar _permissionsProvider;
         private readonly IUserSearchService _userSearchService;
         private readonly IRoleSearchService _roleSearchService;
-        private readonly IPasswordCheckService _passwordCheckService;
+        private readonly IPasswordValidator<ApplicationUser> _passwordValidator;
         private readonly IEmailSender _emailSender;
         private readonly IEventPublisher _eventPublisher;
         private readonly IUserApiKeyService _userApiKeyService;
 
         public SecurityController(SignInManager<ApplicationUser> signInManager, UserManager<ApplicationUser> userManager, RoleManager<Role> roleManager,
                 IPermissionsRegistrar permissionsProvider, IUserSearchService userSearchService, IRoleSearchService roleSearchService,
-                IOptions<Core.Security.AuthorizationOptions> securityOptions, IOptions<UserOptionsExtended> userOptionsExtended, IPasswordCheckService passwordCheckService, IEmailSender emailSender,
+                IOptions<Core.Security.AuthorizationOptions> securityOptions, IOptions<UserOptionsExtended> userOptionsExtended, IPasswordValidator<ApplicationUser> passwordValidator, IEmailSender emailSender,
                 IEventPublisher eventPublisher, IUserApiKeyService userApiKeyService)
         {
             _signInManager = signInManager;
             _userManager = userManager;
             _securityOptions = securityOptions.Value;
             _userOptionsExtended = userOptionsExtended.Value;
-            _passwordCheckService = passwordCheckService;
+            _passwordValidator = passwordValidator;
             _permissionsProvider = permissionsProvider;
             _roleManager = roleManager;
             _userSearchService = userSearchService;
@@ -539,9 +539,35 @@ public async Task<ActionResult> RequestPasswordReset(string loginOrEmail)
         [HttpPost]
         [Route("validatepassword")]
         [Authorize]
-        public async Task<ActionResult<PasswordValidationResult>> ValidatePassword([FromBody] string password)
+        public async Task<ActionResult<IdentityResult>> ValidatePassword([FromBody] string password)
         {
-            var result = await _passwordCheckService.ValidatePasswordAsync(password);
+            var currentUser = await _userManager.FindByNameAsync(User.Identity.Name);
+
+            var result = await _passwordValidator.ValidateAsync(_userManager, currentUser, password);
+
+            return Ok(result);
+        }
+
+        [HttpPost]
+        [Route("validateuserpassword")]
+        [Authorize(PlatformPermissions.SecurityUpdate)]
+        public async Task<ActionResult<IdentityResult>> ValidateUserPassword([FromBody] ChangePasswordRequest validatePassword)
+        {
+            if (validatePassword == null)
+            {
+                throw new ArgumentNullException(nameof(validatePassword));
+            }
+
+            if (validatePassword.UserName.IsNullOrEmpty() || !IsUserEditable(validatePassword.UserName))
+            {
+                return BadRequest(IdentityResult.Failed(new IdentityError { Description = "It is forbidden to edit this user." }));
+            }
+            
+           var user = await _userManager.FindByNameAsync(validatePassword.UserName);
+
+
+            var result = await _passwordValidator.ValidateAsync(_userManager, user, validatePassword.NewPassword);
+
             return Ok(result);
         }
 
diff --git a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
index cdc95e127f5..60ea557308d 100644
--- a/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
+++ b/src/VirtoCommerce.Platform.Web/Security/CustomUserManager.cs
@@ -12,6 +12,8 @@
 using VirtoCommerce.Platform.Core.Security;
 using VirtoCommerce.Platform.Core.Security.Events;
 using VirtoCommerce.Platform.Security.Caching;
+using VirtoCommerce.Platform.Security.Model;
+using VirtoCommerce.Platform.Security.Repositories;
 
 namespace VirtoCommerce.Platform.Web.Security
 {
@@ -22,12 +24,14 @@ public class CustomUserManager : AspNetUserManager<ApplicationUser>
         private readonly IEventPublisher _eventPublisher;
         private readonly IUserPasswordHasher _userPasswordHasher;
         private readonly UserOptionsExtended _userOptionsExtended;
+        private readonly Func<ISecurityRepository> _repositoryFactory;
+        private readonly PasswordOptionsExtended _passwordOptionsExtended;
 
         public CustomUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOptions> optionsAccessor, IPasswordHasher<ApplicationUser> passwordHasher, IUserPasswordHasher userPasswordHasher,
-                                 IOptions<UserOptionsExtended> userOptionsExtended,
-                                 IEnumerable<IUserValidator<ApplicationUser>> userValidators, IEnumerable<IPasswordValidator<ApplicationUser>> passwordValidators,
-                                 ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider services,
-                                 ILogger<UserManager<ApplicationUser>> logger, RoleManager<Role> roleManager, IPlatformMemoryCache memoryCache, IEventPublisher eventPublisher)
+            IOptions<UserOptionsExtended> userOptionsExtended,
+            IEnumerable<IUserValidator<ApplicationUser>> userValidators, IEnumerable<IPasswordValidator<ApplicationUser>> passwordValidators,
+            ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider services,
+            ILogger<UserManager<ApplicationUser>> logger, RoleManager<Role> roleManager, IPlatformMemoryCache memoryCache, IEventPublisher eventPublisher, Func<ISecurityRepository> repositoryFactory, IOptions<PasswordOptionsExtended> passwordOptionsExtended)
             : base(store, optionsAccessor, passwordHasher, userValidators, passwordValidators, keyNormalizer, errors, services, logger)
         {
             _memoryCache = memoryCache;
@@ -35,6 +39,8 @@ public CustomUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOpt
             _eventPublisher = eventPublisher;
             _userPasswordHasher = userPasswordHasher;
             _userOptionsExtended = userOptionsExtended.Value;
+            _repositoryFactory = repositoryFactory;
+            _passwordOptionsExtended = passwordOptionsExtended.Value;
         }
 
         public override async Task<ApplicationUser> FindByLoginAsync(string loginProvider, string providerKey)
@@ -112,6 +118,9 @@ public override async Task<IdentityResult> ResetPasswordAsync(ApplicationUser us
             if (result == IdentityResult.Success)
             {
                 SecurityCacheRegion.ExpireUser(user);
+
+                await SavePasswordHistory(user, newPassword);
+
                 // Calculate password hash for external hash storage. This provided as workaround until password hash storage would implemented
                 var customPasswordHash = _userPasswordHasher.HashPassword(user, newPassword);
                 await _eventPublisher.Publish(new UserResetPasswordEvent(user.Id, customPasswordHash));
@@ -128,6 +137,9 @@ public override async Task<IdentityResult> ChangePasswordAsync(ApplicationUser u
             if (result == IdentityResult.Success)
             {
                 SecurityCacheRegion.ExpireUser(user);
+
+                await SavePasswordHistory(user, newPassword);
+
                 // Calculate password hash for external hash storage. This provided as workaround until password hash storage would implemented
                 var customPasswordHash = _userPasswordHasher.HashPassword(user, newPassword);
                 await _eventPublisher.Publish(new UserPasswordChangedEvent(user.Id, customPasswordHash));
@@ -136,6 +148,21 @@ public override async Task<IdentityResult> ChangePasswordAsync(ApplicationUser u
             return result;
         }
 
+        protected virtual async Task SavePasswordHistory(ApplicationUser user, string newPassword)
+        {
+            // Store password history entry
+            if (_passwordOptionsExtended.PasswordHistory.GetValueOrDefault() > 0)
+            {
+                var userPasswordHistoryRecord = AbstractTypeFactory<UserPasswordHistoryEntity>.TryCreateInstance();
+                userPasswordHistoryRecord.UserId = user.Id;
+                userPasswordHistoryRecord.PasswordHash = PasswordHasher.HashPassword(user, newPassword);
+
+                using var repository = _repositoryFactory();
+                repository.Add(userPasswordHistoryRecord);
+                await repository.UnitOfWork.CommitAsync();
+            }
+        }
+
         public override async Task<IdentityResult> DeleteAsync(ApplicationUser user)
         {
             var changedEntries = new List<GenericChangedEntry<ApplicationUser>>
@@ -264,6 +291,19 @@ public override async Task<IdentityResult> CreateAsync(ApplicationUser user)
             return result;
         }
 
+        public override async Task<IdentityResult> CreateAsync(ApplicationUser user, string password)
+        {
+            var result = await base.CreateAsync(user, password);
+
+            if (result.Succeeded)
+            {
+                await SavePasswordHistory(user, password);
+            }
+
+            return result;
+
+        }
+
         public override async Task<IdentityResult> AddToRoleAsync(ApplicationUser user, string role)
         {
             var result = await base.AddToRoleAsync(user, role);
diff --git a/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs b/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
index 9f18f7b8e31..4ab3c2409cf 100644
--- a/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
+++ b/src/VirtoCommerce.Platform.Web/Security/ServiceCollectionExtensions.cs
@@ -25,6 +25,7 @@ public static IServiceCollection AddSecurityServices(this IServiceCollection ser
             services.AddScoped<IUserNameResolver, HttpContextUserResolver>();
             services.AddSingleton<IPermissionsRegistrar, DefaultPermissionProvider>();
             services.AddScoped<IRoleSearchService, RoleSearchService>();
+
             //Register as singleton because this abstraction can be used as dependency in singleton services
             services.AddSingleton<IUserSearchService>(provider =>
             {
@@ -36,6 +37,8 @@ public static IServiceCollection AddSecurityServices(this IServiceCollection ser
             //Identity dependencies override
             services.TryAddScoped<RoleManager<Role>, CustomRoleManager>();
             services.TryAddScoped<UserManager<ApplicationUser>, CustomUserManager>();
+            services.TryAddScoped<IPasswordValidator<ApplicationUser>, CustomPasswordValidator>();
+            services.TryAddScoped<IdentityErrorDescriber, CustomIdentityErrorDescriber>();
             services.AddSingleton<Func<RoleManager<Role>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<RoleManager<Role>>());
             services.AddSingleton<Func<UserManager<ApplicationUser>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<UserManager<ApplicationUser>>());
             services.AddSingleton<Func<SignInManager<ApplicationUser>>>(provider => () => provider.CreateScope().ServiceProvider.GetService<SignInManager<ApplicationUser>>());
diff --git a/src/VirtoCommerce.Platform.Web/Startup.cs b/src/VirtoCommerce.Platform.Web/Startup.cs
index 56088b187e4..f1902535487 100644
--- a/src/VirtoCommerce.Platform.Web/Startup.cs
+++ b/src/VirtoCommerce.Platform.Web/Startup.cs
@@ -45,7 +45,6 @@
 using VirtoCommerce.Platform.Modules;
 using VirtoCommerce.Platform.Security.Authorization;
 using VirtoCommerce.Platform.Security.Repositories;
-using VirtoCommerce.Platform.Security.Services;
 using VirtoCommerce.Platform.Web.Azure;
 using VirtoCommerce.Platform.Web.Extensions;
 using VirtoCommerce.Platform.Web.Infrastructure;
@@ -325,6 +324,7 @@ public void ConfigureServices(IServiceCollection services)
                 });
 
             services.Configure<IdentityOptions>(Configuration.GetSection("IdentityOptions"));
+            services.Configure<PasswordOptionsExtended>(Configuration.GetSection("IdentityOptions:Password"));
             services.Configure<UserOptionsExtended>(Configuration.GetSection("IdentityOptions:User"));
 
             //always  return 401 instead of 302 for unauthorized  requests
@@ -356,8 +356,6 @@ public void ConfigureServices(IServiceCollection services)
             services.AddSingleton<IAuthorizationPolicyProvider, PermissionAuthorizationPolicyProvider>();
             //Platform authorization handler for policies based on permissions
             services.AddSingleton<IAuthorizationHandler, DefaultPermissionAuthorizationHandler>();
-            // Default password validation service implementation
-            services.AddScoped<IPasswordCheckService, PasswordCheckService>();
 
             services.AddOptions<LocalStorageModuleCatalogOptions>().Bind(Configuration.GetSection("VirtoCommerce"))
                     .PostConfigure(options =>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json
index 2c9576bda0e..224b787f8c8 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/de.VirtoCommerce.Platform.json
@@ -325,11 +325,11 @@
                 "repeat-password": "Das neue Passwort stimmt nicht überein!",
                 "invalid-token": "Passwort zurücksetzen Token ist ungültig oder abgelaufen",
                 "password-too-weak": "Neues Passwort entspricht nicht einer oder mehreren Passwortsicherheitsrichtlinien:",
-                "passwordViolatesMinLength": "Passwörter müssen {{minPasswordLength}} oder mehr Zeichen lang sein",
-                "passwordMustHaveLowerCaseLetters": "Passwörter müssen mindestens einen Kleinbuchstaben enthalten ('a'-'z')",
-                "passwordMustHaveUpperCaseLetters": "Passwörter müssen mindestens einen Großbuchstaben haben ('A'-'Z')",
-                "passwordMustHaveDigits": "Passwörter müssen mindestens eine Ziffer haben ('0'-'9')",
-                "passwordMustHaveSpecialCharacters": "Passwörter müssen mindestens ein nicht alphanumerisches Zeichen enthalten"
+                "passwordTooShort": "Passwörter müssen {{errorParameter}} oder mehr Zeichen lang sein",
+                "passwordRequiresLower": "Passwörter müssen mindestens einen Kleinbuchstaben enthalten ('a'-'z')",
+                "passwordRequiresUpper": "Passwörter müssen mindestens einen Großbuchstaben haben ('A'-'Z')",
+                "passwordRequiresDigit": "Passwörter müssen mindestens eine Ziffer haben ('0'-'9')",
+                "passwordRequiresNonAlphanumeric": "Passwörter müssen mindestens ein nicht alphanumerisches Zeichen enthalten"
             },
             "placeholders": {
                 "current-password": "Aktuelles Passwort eingeben",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
index 8855e68b6be..4f812d521e5 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
@@ -347,12 +347,13 @@
                     "repeat-password": "New passwords do not match!",
                     "invalid-token": "Reset password token is invalid or expired",
                     "password-too-weak": "New password does not comply one or more password security policies:",
-                    "passwordViolatesMinLength": "Passwords must be {{minPasswordLength}} or more characters long",
-                    "passwordViolatesMinUniqueCharsCount": "Passwords must use at least {{minUniqueCharsCount}} different characters",
-                    "passwordMustHaveLowerCaseLetters": "Passwords must have at least one lowercase ('a'-'z')",
-                    "passwordMustHaveUpperCaseLetters": "Passwords must have at least one uppercase ('A'-'Z')",
-                    "passwordMustHaveDigits": "Passwords must have at least one digit ('0'-'9')",
-                    "passwordMustHaveSpecialCharacters": "Passwords must have at least one non alphanumeric character"
+                    "passwordTooShort": "Passwords must be {{errorParameter}} or more characters long",
+                    "passwordRequiresUniqueChars": "Passwords must use at least {{errorParameter}} different characters",
+                    "passwordRequiresLower": "Passwords must have at least one lowercase ('a'-'z')",
+                    "passwordRequiresUpper": "Passwords must have at least one uppercase ('A'-'Z')",
+                    "passwordRequiresDigit": "Passwords must have at least one digit ('0'-'9')",
+                    "passwordRequiresNonAlphanumeric": "Passwords must have at least one non alphanumeric character",
+                     "recentPasswordUsed": "This password has been used in recent history. Please choose a different password."
                 },
                 "placeholders": {
                     "new-password": "Enter new password",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json
index 32a8604b9e8..ef4616d3964 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/ru.VirtoCommerce.Platform.json
@@ -410,11 +410,11 @@
                     "repeat-password": "Новые пароли не совпадают!",
                     "invalid-token": "Токен смены пароля некорректен или срок его действия истёк",
                     "password-too-weak": "Новый пароль не удовлетворяет одной или нескольким политикам безопасности паролей:",
-                    "passwordViolatesMinLength": "Длина паролей должна составлять {{minPasswordLength}} или более символов",
-                    "passwordMustHaveLowerCaseLetters": "Пароли должны содержать хотя бы одну строчную букву ('a'-'z')",
-                    "passwordMustHaveUpperCaseLetters": "Пароли должны содержать хотя бы одну заглавную букву ('A'-'Z')",
-                    "passwordMustHaveDigits": "Пароли должны содержать хотя бы одну цифру ('0'-'9')",
-                    "passwordMustHaveSpecialCharacters": "Пароли должны содержать хотя бы один знак препинания или другой специальный символ"
+                    "passwordTooShort": "Длина паролей должна составлять {{errorParameter}} или более символов",
+                    "passwordRequiresLower": "Пароли должны содержать хотя бы одну строчную букву ('a'-'z')",
+                    "passwordRequiresUpper": "Пароли должны содержать хотя бы одну заглавную букву ('A'-'Z')",
+                    "passwordRequiresDigit": "Пароли должны содержать хотя бы одну цифру ('0'-'9')",
+                    "passwordRequiresNonAlphanumeric": "Пароли должны содержать хотя бы один знак препинания или другой специальный символ"
                 },
                 "placeholders": {
                     "new-password": "Введите новый пароль",
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
index 1186aba6e25..123735ee079 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/blades/account-resetPassword.js
@@ -5,18 +5,14 @@ angular.module('platformWebApp')
         function initializeBlade() {
             blade.currentEntity = {
                 newPassword: '',
-                forcePasswordChange: true,
-                passwordIsValid: true,
-                minPasswordLength: 0,
-                minUniqueCharsCount: 0,
-                errors: []
+                forcePasswordChange: true
             };
 
             blade.isLoading = false;
         }
 
         $scope.validatePasswordAsync = function (value) {
-            return passwordValidationService.validatePasswordAsync(value);
+            return passwordValidationService.validateUserPasswordAsync(blade.currentEntityId, value);
         }
 
         $scope.saveChanges = function () {
@@ -28,11 +24,9 @@ angular.module('platformWebApp')
                 forcePasswordChangeOnNextSignIn: blade.currentEntity.forcePasswordChange
             };
 
-            accounts.resetPassword({ id: blade.currentEntityId }, postData, function (data) {
+            accounts.resetPassword({ userName: blade.currentEntityId }, postData, function (data) {
                 blade.parentBlade.refresh();
-                $scope.bladeClose();                
-            }, function (error) {
-                bladeNavigationService.setError(error, $scope.blade);
+                $scope.bladeClose();
             });
         };
 
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js
index 8cb13998b6d..6472c64208a 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.js
@@ -9,12 +9,12 @@ angular.module('platformWebApp')
                 passwordTooWeakMessage: '@',
                 newPassword: '='
             },
-            link: function (scope, element, attrs) {
+            link: function (scope) {
                 scope.doValidatePasswordAsync = function (value) {
                     return scope.runPasswordValidation({ value: value }).then(
                         function (result) {
                             scope.passwordValidationResult = result;
-                            return result.passwordIsValid ? $q.resolve() : $q.reject();
+                            return result.succeeded ? $q.resolve() : $q.reject();
                         });
                 }
             }
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html
index 832904721fd..22862f38c98 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/directives/password-input.tpl.html
@@ -1,11 +1,11 @@
 <div class="form-input" ng-form="passwordInputForm">
     <input name="newPasswordInput" ng-model="newPassword" required placeholder="{{passwordPlaceholder}}" type="password" ui-validate-async="'doValidatePasswordAsync($value)'">
 </div>
-<div class="form-error" ng-show="passwordInputForm.newPasswordInput.$dirty && !passwordValidationResult.passwordIsValid">
+<div class="form-error" ng-show="passwordInputForm.newPasswordInput.$dirty && !passwordValidationResult.succeeded">
     <span>{{passwordTooWeakMessage}}</span>
     <ul>
         <li ng-repeat="error in passwordValidationResult.errors">
-            {{ error | translate: passwordValidationResult }}
+            {{ error.descriptionKey | translate: error }}
         </li>
     </ul>
 </div>
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
index 7b65dc89c7d..37cb8e74526 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/resources/accounts.js
@@ -4,8 +4,9 @@ angular.module('platformWebApp').factory('platformWebApp.accounts', ['$resource'
         save: { url: 'api/platform/security/users/create', method: 'POST' },
         changepassword: { url: 'api/platform/security/users/:id/changepassword', method: 'POST' },
         changeCurrentUserPassword: { url: 'api/platform/security/currentuser/changepassword', method: 'POST' },
-        resetPassword: { url: 'api/platform/security/users/:id/resetpassword', method: 'POST' },
+        resetPassword: { url: 'api/platform/security/users/:userName/resetpassword', method: 'POST' },
         validatePassword: { url: 'api/platform/security/validatepassword', method: 'POST' },
+        validateUserPassword: { url: 'api/platform/security/validateuserpassword', method: 'POST' },
         update: { method: 'PUT' },
         locked: { url: 'api/platform/security/users/:id/locked', method: 'GET' },
         unlock: { url: 'api/platform/security/users/:id/unlock', method: 'POST' },
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
index e366d690d32..195c75e8a10 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/services/passwordValidationService.js
@@ -4,38 +4,33 @@ angular
         var lastPassword = null;
         var lastPromise = null;
 
-        var performPasswordValidation = function(value) {
-            return accounts.validatePassword(JSON.stringify(value)).$promise.then(
-                function (response) {
-                    var result = {
-                        passwordIsValid: response.passwordIsValid,
-                        minPasswordLength: response.minPasswordLength,
-                        minUniqueCharsCount: response.minUniqueCharsCount,
-                        errors: []
-                    };
-
-                    var filteredKeys = _.filter(Object.keys(response),
-                        function (key) {
-                            return !key.startsWith('$') && response[key] === true;
-                        });
-
-                    filteredKeys.forEach(function (key) {
-                        var resourceName = 'platform.blades.account-resetPassword.validations.' + key;
-                        result.errors.push(resourceName);
-                    });
-
-                    return result;
-                }
-            );
+        var performPasswordValidation = function (value) {
+            return accounts.validatePassword(JSON.stringify(value)).$promise.then((result) => {
+                _.each(result.errors, (x) => {
+                    x.descriptionKey = 'platform.blades.account-resetPassword.validations.' + x.code.charAt(0).toLowerCase() + x.code.slice(1);
+                });
+
+                return result;
+            });
+        };
+
+        var performUserPasswordValidation = function (username, value) {
+            return accounts.validateUserPassword({ userName: username, newPassword: value }).$promise.then((result) => {
+                _.each(result.errors, (x) => {
+                    x.descriptionKey = 'platform.blades.account-resetPassword.validations.' + x.code.charAt(0).toLowerCase() + x.code.slice(1);
+                });
+
+                return result;
+            });
         };
 
         var service = {
             throttleTimeoutMilliseconds: 100,
 
-            validatePasswordAsync: function(value) {
+            validatePasswordAsync: function (value) {
                 lastPassword = value;
 
-                if (lastPromise != null) {
+                if (lastPromise !== null) {
                     return lastPromise;
                 }
 
@@ -46,6 +41,22 @@ angular
                     },
                     this.throttleTimeoutMilliseconds);
 
+                return lastPromise;
+            },
+            validateUserPasswordAsync: function (username, value) {
+                lastPassword = value;
+
+                if (lastPromise !== null) {
+                    return lastPromise;
+                }
+
+                lastPromise = $timeout(
+                    function () {
+                        lastPromise = null;
+                        return performUserPasswordValidation(username, lastPassword);
+                    },
+                    this.throttleTimeoutMilliseconds);
+
                 return lastPromise;
             }
         }
diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js
index d072d2b6c5e..48d94ce5c0b 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/js/app/security/wizards/newAccount/new-account-wizard.js
@@ -49,11 +49,11 @@ angular.module('platformWebApp').controller('platformWebApp.newAccountWizardCont
             };
 
             $scope.validatePasswordAsync = function (value) {
-                return passwordValidationService.validatePasswordAsync(value);
+                return passwordValidationService.validateUserPasswordAsync(blade.currentEntity.userName, value);
             }
 
             $scope.saveChanges = function () {
-                if (blade.currentEntity.password != blade.currentEntity.newPassword2) {
+                if (blade.currentEntity.password !== blade.currentEntity.newPassword2) {
                     blade.error = 'Error: passwords don\'t match!';
                     return;
                 }
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs
new file mode 100644
index 00000000000..8411dd4800c
--- /dev/null
+++ b/tests/VirtoCommerce.Platform.Tests/Security/CustomPasswordValidatorTests.cs
@@ -0,0 +1,168 @@
+using System;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity;
+using Moq;
+using VirtoCommerce.Platform.Core.Security;
+using VirtoCommerce.Platform.Security;
+using VirtoCommerce.Platform.Security.Model;
+using VirtoCommerce.Platform.Security.Repositories;
+using Xunit;
+
+namespace VirtoCommerce.Platform.Tests.Security
+{
+    // PT-1033: Refactor security mock helper and custom password validator
+    public class CustomPasswordValidatorTests
+    {
+        [Fact]
+        public async Task NullPassword_ThrowsException()
+        {
+            // Arrange
+            var userManager = SecurityMockHelpers.TestCustomUserManager();
+            var target = userManager.PasswordValidators.First();
+
+            // Act, Assert
+            await Assert.ThrowsAsync<ArgumentNullException>(async () => await target.ValidateAsync(userManager, new ApplicationUser(), null));
+        }
+
+        [Theory]
+        // Valid passwords
+        [InlineData("qwerty", false, false, false, false, 5, true, false, false, false, false, false)]
+        [InlineData("LongPassword", true, true, false, false, 12, true, false, false, false, false, false)]
+        [InlineData("P455WithD1git5", true, true, true, false, 8, true, false, false, false, false, false)]
+        [InlineData("$ecur3P@Ssw0rd", true, true, true, true, 8, true, false, false, false, false, false)]
+        [InlineData("12ä45", false, false, false, true, 5, true, false, false, false, false, false)]
+        // Violation of minimal length
+        [InlineData("letmein", false, false, false, false, 8, false, true, false, false, false, false)]
+        [InlineData("123", false, false, false, false, 5, false, true, false, false, false, false)]
+        [InlineData("", false, false, false, false, 4, false, true, false, false, false, false)]
+        [InlineData(" \t \r\n", false, false, false, true, 4, false, true, false, false, false, false)]
+        [InlineData(" \t \r\n", true, true, true, true, 4, false, true, true, true, true, false)]
+        // Violation of upper-case letters requirement
+        [InlineData("password", true, false, false, false, 8, false, false, true, false, false, false)]
+        [InlineData("19910203", true, false, false, false, 5, false, false, true, false, false, false)]
+        // Violation of lower-case letters requirement
+        [InlineData("12345678", false, true, false, false, 5, false, false, false, true, false, false)]
+        [InlineData("ADMIN", false, true, false, false, 5, false, false, false, true, false, false)]
+        // Violation of digits requirement
+        [InlineData("welcome", false, false, true, false, 5, false, false, false, false, true, false)]
+        [InlineData("!@#$%^", false, false, true, false, 5, false, false, false, false, true, false)]
+        // Violation of special characters requirement
+        [InlineData("whatever", false, false, false, true, 8, false, false, false, false, false, true)]
+        [InlineData("TrustNo1", false, false, false, true, 8, false, false, false, false, false, true)]
+        // Multiple rule violations
+        [InlineData("passw0rd", true, true, true, true, 10, false, true, true, false, false, true)]
+        [InlineData("passw0rd", true, true, true, true, 8, false, false, true, false, false, true)]
+        [InlineData("login", true, true, true, true, 5, false, false, true, false, true, true)]
+        [InlineData("0987654321", true, true, true, true, 12, false, true, true, true, false, true)]
+        [InlineData("!@#$%^", true, true, true, false, 5, false, false, true, true, true, false)]
+        public async Task PasswordValidator_ValidatesByPasswordOptions(
+            string password,
+            bool requireUpperCase,
+            bool requireLowerCase,
+            bool requireDigits,
+            bool requireSpecialCharacters,
+            int minLength,
+            bool expectedIsValid,
+            bool expectedMustBeLonger,
+            bool expectedMustHaveUpper,
+            bool expectedMustHaveLower,
+            bool expectedMustHaveDigit,
+            bool expectedMustHaveNonAlphanumeric)
+        {
+            // Arrange
+            var options = new IdentityOptions
+            {
+                Password = new PasswordOptions
+                {
+                    RequiredLength = minLength,
+                    RequireUppercase = requireUpperCase,
+                    RequireLowercase = requireLowerCase,
+                    RequireDigit = requireDigits,
+                    RequireNonAlphanumeric = requireSpecialCharacters
+                }
+            };
+
+            var user = new ApplicationUser { Id = "id1" };
+            var userStoreMock = new Mock<IUserStore<ApplicationUser>>();
+            userStoreMock.Setup(x => x.FindByIdAsync(user.Id, CancellationToken.None)).ReturnsAsync(user);
+
+            var userManager = SecurityMockHelpers.TestCustomUserManager(userStoreMock, identityOptions: options);
+            var target = userManager.PasswordValidators.First();
+            //var target = new CustomPasswordValidator(new CustomIdentityErrorDescriber(), _repositoryFactory, null);
+
+            // Act
+            var result = await target.ValidateAsync(userManager, user, password);
+
+            // Assert
+            Assert.Equal(expectedIsValid, result.Succeeded);
+
+            Assert.Equal(expectedMustBeLonger, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordTooShort)));
+            if (expectedMustBeLonger)
+            {
+                var tooShort = TryFindErrorByCode(result, nameof(IdentityErrorDescriber.PasswordTooShort));
+                Assert.IsType<CustomIdentityError>(tooShort);
+                Assert.Equal(minLength, ((CustomIdentityError)tooShort).ErrorParameter);
+            }
+            Assert.Equal(expectedMustHaveUpper, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresUpper)));
+            Assert.Equal(expectedMustHaveLower, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresLower)));
+            Assert.Equal(expectedMustHaveDigit, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresDigit)));
+            Assert.Equal(expectedMustHaveNonAlphanumeric, ExistsErrorByCode(result, nameof(IdentityErrorDescriber.PasswordRequiresNonAlphanumeric)));
+        }
+
+        [Theory]
+        [InlineData("Unique8)", 4, true)]
+        [InlineData("paS$word1", 4, false)]
+        [InlineData("paS$word3", 4, false)]
+        [InlineData("paS$word4", 4, false)]
+        [InlineData("paS$word5", 4, true)]
+        [InlineData("paS$word6", 4, true)]
+        [InlineData("paS$word6", 6, false)]
+        [InlineData("paS$word6", 0, true)]
+        public async Task PasswordValidator_ValidatesByPasswordHistory(
+            string password,
+            int passwordRepeatHistory,
+            bool expectedIsValid)
+        {
+            // Arrange
+            const string userId = "id1";
+            string Hash(string p) => $"hash-{p}";
+
+            var entities = Enumerable.Range(1, passwordRepeatHistory)
+                 .Select(i => new UserPasswordHistoryEntity { UserId = userId, PasswordHash = Hash($"paS$word{i}"), CreatedDate = DateTime.UtcNow.AddDays(-i) })
+                 .ToArray();
+
+            var securityRepositoryMock = new Mock<ISecurityRepository>();
+            securityRepositoryMock.Setup(x => x.GetUserPasswordsHistoryAsync(It.IsAny<string>(), It.IsAny<int>())).ReturnsAsync(entities);
+            ISecurityRepository repositoryFactory() => securityRepositoryMock.Object;
+
+            var passwordHasher = new Mock<IUserPasswordHasher>();
+            passwordHasher.Setup(x => x.HashPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>()))
+                .Returns<ApplicationUser, string>((user, password) => Hash(password));
+            passwordHasher.Setup(x => x.VerifyHashedPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>(), It.IsAny<string>()))
+                .Returns<ApplicationUser, string, string>((user, hash, password) => hash == Hash(password) ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed);
+
+            var userManager = SecurityMockHelpers.TestCustomUserManager(repositoryFactory: repositoryFactory, passwordHasher: passwordHasher);
+            var user = new ApplicationUser { Id = userId };
+            var target = userManager.PasswordValidators.First();
+
+            // Act
+            var result = await target.ValidateAsync(userManager, user, password);
+
+            // Assert
+            Assert.Equal(expectedIsValid, result.Succeeded);
+            Assert.Equal(expectedIsValid, !ExistsErrorByCode(result, CustomPasswordValidator.RecentPasswordUsed));
+        }
+
+        private IdentityError TryFindErrorByCode(IdentityResult result, string errorCode)
+        {
+            return result.Errors.FirstOrDefault(x => x.Code == errorCode);
+        }
+
+        private bool ExistsErrorByCode(IdentityResult result, string errorCode)
+        {
+            return result.Errors.Any(x => x.Code == errorCode);
+        }
+    }
+}
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs
deleted file mode 100644
index d7283ce9993..00000000000
--- a/tests/VirtoCommerce.Platform.Tests/Security/PasswordCheckServiceTests.cs
+++ /dev/null
@@ -1,113 +0,0 @@
-using System;
-using System.Linq;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Identity;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using Moq;
-using VirtoCommerce.Platform.Core.Security;
-using VirtoCommerce.Platform.Security.Services;
-using Xunit;
-
-namespace VirtoCommerce.Platform.Tests.Security
-{
-    public class PasswordCheckServiceTests
-    {
-        [Theory]
-        // Valid passwords
-        [InlineData("qwerty", false, false, false, false, 5, true, false, false, false, false, false)]
-        [InlineData("LongPassword", true, true, false, false, 12, true, false, false, false, false, false)]
-        [InlineData("P455WithD1git5", true, true, true, false, 8, true, false, false, false, false, false)]
-        [InlineData("$ecur3P@Ssw0rd", true, true, true, true, 8, true, false, false, false, false, false)]
-        [InlineData("12ä45", false, false, false, true, 5, true, false, false, false, false, false)]
-        // Violation of minimal length
-        [InlineData("letmein", false, false, false, false, 8, false, true, false, false, false, false)]
-        [InlineData("123", false, false, false, false, 5, false, true, false, false, false, false)]
-        // Violation of upper-case letters requirement
-        [InlineData("password", true, false, false, false, 8, false, false, true, false, false, false)]
-        [InlineData("19910203", true, false, false, false, 5, false, false, true, false, false, false)]
-        // Violation of lower-case letters requirement
-        [InlineData("12345678", false, true, false, false, 5, false, false, false, true, false, false)]
-        [InlineData("ADMIN", false, true, false, false, 5, false, false, false, true, false, false)]
-        // Violation of digits requirement
-        [InlineData("welcome", false, false, true, false, 5, false, false, false, false, true, false)]
-        [InlineData("!@#$%^", false, false, true, false, 5, false, false, false, false, true, false)]
-        // Violation of special characters requirement
-        [InlineData("whatever", false, false, false, true, 8, false, false, false, false, false, true)]
-        [InlineData("TrustNo1", false, false, false, true, 8, false, false, false, false, false, true)]
-        // Multiple rule violations
-        [InlineData("passw0rd", true, true, true, true, 10, false, true, true, false, false, true)]
-        [InlineData("passw0rd", true, true, true, true, 8, false, false, true, false, false, true)]
-        [InlineData("login", true, true, true, true, 5, false, false, true, false, true, true)]
-        [InlineData("0987654321", true, true, true, true, 12, false, true, true, true, false, true)]
-        [InlineData("!@#$%^", true, true, true, false, 5, false, false, true, true, true, false)]
-        // Handling null, empty and whitespace-only passwords
-        [InlineData(null, false, false, false, false, 5, false, true, false, false, false, false)]
-        [InlineData(null, true, true, true, true, 5, false, true, true, true, true, true)]
-        [InlineData("", false, false, false, false, 5, false, true, false, false, false, false)]
-        [InlineData(" \t \r\n", false, false, false, false, 5, true, false, false, false, false, false)]
-        [InlineData(" \t \r\n", false, false, false, true, 5, false, false, false, false, false, true)]
-        [InlineData(" \t \r\n", true, true, true, true, 5, false, false, true, true, true, true)]
-        public async Task TestCheckingPassword(
-            string password,
-            bool requireUpperCase,
-            bool requireLowerCase,
-            bool requireDigits,
-            bool requireSpecialCharacters,
-            int minLength,
-            bool passwordIsValid,
-            bool passwordViolatesMinLength,
-            bool passwordMustHaveUpperCaseLetters,
-            bool passwordMustHaveLowerCaseLetters,
-            bool passwordMustHaveDigits,
-            bool passwordMustHaveSpecialCharacters)
-        {
-            // Arrange
-            var options = new IdentityOptions
-            {
-                Password = new PasswordOptions
-                {
-                    RequiredLength = minLength,
-                    RequireUppercase = requireUpperCase,
-                    RequireLowercase = requireLowerCase,
-                    RequireDigit = requireDigits,
-                    RequireNonAlphanumeric = requireSpecialCharacters
-                }
-            };
-
-            var userManager = CreateUserManager(options);
-            var target = new PasswordCheckService(userManager);
-
-            // Act
-            var result = await target.ValidatePasswordAsync(password);
-
-            // Assert
-            Assert.Equal(passwordIsValid, result.PasswordIsValid);
-
-            Assert.Equal(minLength, result.MinPasswordLength);
-            Assert.Equal(passwordViolatesMinLength, result.PasswordViolatesMinLength);
-            Assert.Equal(passwordMustHaveUpperCaseLetters, result.PasswordMustHaveUpperCaseLetters);
-            Assert.Equal(passwordMustHaveLowerCaseLetters, result.PasswordMustHaveLowerCaseLetters);
-            Assert.Equal(passwordMustHaveDigits, result.PasswordMustHaveDigits);
-            Assert.Equal(passwordMustHaveSpecialCharacters, result.PasswordMustHaveSpecialCharacters);
-        }
-
-        private UserManager<ApplicationUser> CreateUserManager(IdentityOptions options)
-        {
-            var optionsAccessor = new OptionsWrapper<IdentityOptions>(options);
-
-            // Note: all these mocks and stubs are just a boilerplate to create the UserManager instance.
-            var userStore = new Mock<IUserStore<ApplicationUser>>();
-            var passwordHasher = new Mock<IPasswordHasher<ApplicationUser>>();
-            var userValidators = Enumerable.Empty<IUserValidator<ApplicationUser>>();
-            var passwordValidators = Enumerable.Empty<IPasswordValidator<ApplicationUser>>();
-            var lookupNormalizer = new Mock<ILookupNormalizer>();
-            var serviceProvider = new Mock<IServiceProvider>();
-            var logger = new Mock<ILogger<UserManager<ApplicationUser>>>();
-
-            return new UserManager<ApplicationUser>(userStore.Object, optionsAccessor, passwordHasher.Object,
-                userValidators, passwordValidators, lookupNormalizer.Object, new IdentityErrorDescriber(),
-                serviceProvider.Object, logger.Object);
-        }
-    }
-}
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs b/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
index 4c6b7306f91..f48930fb2fc 100644
--- a/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Security/PasswordExpiryTests.cs
@@ -23,11 +23,12 @@ public async Task TestUserPasswordExpiry(DateTime? lastPasswordChangedDate, Time
             var userStoreMock = new Mock<IUserStore<ApplicationUser>>();
             userStoreMock.Setup(x => x.FindByIdAsync(user.Id, CancellationToken.None)).ReturnsAsync(user);
 
-            var userManager = SecurityMockHelpers.TestCustomUserManager(userStoreMock, new UserOptionsExtended
-            {
-                MaxPasswordAge = maxPasswordAge
-            },
-            GetPlatformMemoryCache());
+            var userManager = SecurityMockHelpers.TestCustomUserManager(userStoreMock,
+                new UserOptionsExtended
+                {
+                    MaxPasswordAge = maxPasswordAge
+                },
+                null, GetPlatformMemoryCache());
 
             //Act
             user = await userManager.FindByIdAsync(user.Id);
diff --git a/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs b/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
index 81345f60005..7ec18251e54 100644
--- a/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
+++ b/tests/VirtoCommerce.Platform.Tests/Security/SecurityMockHelpers.cs
@@ -9,6 +9,8 @@
 using VirtoCommerce.Platform.Core.Caching;
 using VirtoCommerce.Platform.Core.Events;
 using VirtoCommerce.Platform.Core.Security;
+using VirtoCommerce.Platform.Security;
+using VirtoCommerce.Platform.Security.Repositories;
 using VirtoCommerce.Platform.Web.Security;
 
 namespace VirtoCommerce.Platform.Tests.Security
@@ -17,10 +19,11 @@ public static class SecurityMockHelpers
     {
         public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock, IEventPublisher eventPublisher)
         {
-            return TestCustomUserManager(storeMock, null, null, eventPublisher);
+            return TestCustomUserManager(storeMock, null, null, null, eventPublisher);
         }
 
-        public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock = null, UserOptionsExtended userOptions = null, PlatformMemoryCache platformMemoryCache = null, IEventPublisher eventPublisher = null)
+        public static CustomUserManager TestCustomUserManager(Mock<IUserStore<ApplicationUser>> storeMock = null,
+            UserOptionsExtended userOptions = null, IdentityOptions identityOptions = null, PlatformMemoryCache platformMemoryCache = null, IEventPublisher eventPublisher = null, Func<ISecurityRepository> repositoryFactory = null, Mock<IUserPasswordHasher> passwordHasher = null)
         {
             storeMock ??= new Mock<IUserStore<ApplicationUser>>();
             storeMock.As<IUserRoleStore<ApplicationUser>>()
@@ -32,10 +35,18 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
             storeMock.Setup(x => x.UpdateAsync(It.IsAny<ApplicationUser>(), CancellationToken.None))
                 .ReturnsAsync(IdentityResult.Success);
 
-            var optionsMock = new Mock<IOptions<IdentityOptions>>();
-            var idOptions = new IdentityOptions();
-            idOptions.Lockout.AllowedForNewUsers = false;
-            optionsMock.Setup(o => o.Value).Returns(idOptions);
+            var identityOptionsMock = new Mock<IOptions<IdentityOptions>>();
+            if (identityOptions != null)
+            {
+                identityOptionsMock.Setup(o => o.Value).Returns(identityOptions);
+            }
+
+            if (passwordHasher == null)
+            {
+                passwordHasher = new Mock<IUserPasswordHasher>();
+                passwordHasher.Setup(x => x.VerifyHashedPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>(), It.IsAny<string>()))
+                    .Returns(PasswordVerificationResult.Success);
+            }
 
             userOptions ??= new UserOptionsExtended
             {
@@ -46,19 +57,21 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
             var userValidators = new List<IUserValidator<ApplicationUser>>();
             var validator = new Mock<IUserValidator<ApplicationUser>>();
             userValidators.Add(validator.Object);
-            var pwdValidators = new List<PasswordValidator<ApplicationUser>>();
-            pwdValidators.Add(new PasswordValidator<ApplicationUser>());
+
+            repositoryFactory ??= () => Mock.Of<ISecurityRepository>();
+            var passwordOptionsMock = new Mock<IOptions<PasswordOptionsExtended>>();
+            passwordOptionsMock.Setup(o => o.Value).Returns(new PasswordOptionsExtended());
+
+            var pwdValidators = new PasswordValidator<ApplicationUser>[] { new CustomPasswordValidator(new CustomIdentityErrorDescriber(), repositoryFactory, passwordHasher.Object, passwordOptionsMock.Object) };
+
             var roleManagerMock = new Mock<RoleManager<Role>>(Mock.Of<IRoleStore<Role>>(),
-                new[] { Mock.Of<IRoleValidator<Role>>() },
-                Mock.Of<ILookupNormalizer>(),
-                Mock.Of<IdentityErrorDescriber>(),
-                Mock.Of<ILogger<RoleManager<Role>>>());
-            var passwordHasher = new Mock<IUserPasswordHasher>();
-            passwordHasher.Setup(x => x.VerifyHashedPassword(It.IsAny<ApplicationUser>(), It.IsAny<string>(), It.IsAny<string>()))
-                .Returns(PasswordVerificationResult.Success);
+                        new[] { Mock.Of<IRoleValidator<Role>>() },
+                        Mock.Of<ILookupNormalizer>(),
+                        Mock.Of<IdentityErrorDescriber>(),
+                        Mock.Of<ILogger<RoleManager<Role>>>());
 
             var userManager = new CustomUserManager(storeMock.Object,
-                Mock.Of<IOptions<IdentityOptions>>(),
+                identityOptionsMock.Object,
                 passwordHasher.Object,
                 passwordHasher.Object,
                 userOptionsMock.Object,
@@ -70,7 +83,9 @@ public static CustomUserManager TestCustomUserManager(Mock<IUserStore<Applicatio
                 Mock.Of<ILogger<UserManager<ApplicationUser>>>(),
                 roleManagerMock.Object,
                 platformMemoryCache ?? Mock.Of<IPlatformMemoryCache>(),
-                eventPublisher);
+                eventPublisher,
+                repositoryFactory,
+                passwordOptionsMock.Object);
 
             validator.Setup(x => x.ValidateAsync(userManager, It.IsAny<ApplicationUser>()))
                 .ReturnsAsync(IdentityResult.Success).Verifiable();

From 7a2993e9fc7cbd26499143390d42782a34daf338 Mon Sep 17 00:00:00 2001
From: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
Date: Tue, 13 Apr 2021 13:54:59 +0200
Subject: [PATCH 63/70] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 530273bd19c..548d741766f 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 [![Share on Facebook](https://img.shields.io/badge/facebook--blue.svg?style=social&label=Share&logo=data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48IURPQ1RZUEUgc3ZnIFBVQkxJQyAiLS8vVzNDLy9EVEQgU1ZHIDEuMS8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9HcmFwaGljcy9TVkcvMS4xL0RURC9zdmcxMS5kdGQiPjxzdmcgdmVyc2lvbj0iMS4xIiBpZD0iTGF5ZXJfMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIgeD0iMHB4IiB5PSIwcHgiIHdpZHRoPSIyNjYuODkzcHgiIGhlaWdodD0iMjY2Ljg5NXB4IiB2aWV3Qm94PSIwIDAgMjY2Ljg5MyAyNjYuODk1IiBlbmFibGUtYmFja2dyb3VuZD0ibmV3IDAgMCAyNjYuODkzIDI2Ni44OTUiIHhtbDpzcGFjZT0icHJlc2VydmUiPjxwYXRoIGlkPSJCbHVlXzFfIiBmaWxsPSIjM0M1QTk5IiBkPSJNMjQ4LjA4MiwyNjIuMzA3YzcuODU0LDAsMTQuMjIzLTYuMzY5LDE0LjIyMy0xNC4yMjVWMTguODEyYzAtNy44NTctNi4zNjgtMTQuMjI0LTE0LjIyMy0xNC4yMjRIMTguODEyYy03Ljg1NywwLTE0LjIyNCw2LjM2Ny0xNC4yMjQsMTQuMjI0djIyOS4yN2MwLDcuODU1LDYuMzY2LDE0LjIyNSwxNC4yMjQsMTQuMjI1SDI0OC4wODJ6Ii8%2BPHBhdGggaWQ9ImYiIGZpbGw9IiNGRkZGRkYiIGQ9Ik0xODIuNDA5LDI2Mi4zMDd2LTk5LjgwM2gzMy40OTlsNS4wMTYtMzguODk1aC0zOC41MTVWOTguNzc3YzAtMTEuMjYxLDMuMTI3LTE4LjkzNSwxOS4yNzUtMTguOTM1bDIwLjU5Ni0wLjAwOVY0NS4wNDVjLTMuNTYyLTAuNDc0LTE1Ljc4OC0xLjUzMy0zMC4wMTItMS41MzNjLTI5LjY5NSwwLTUwLjAyNSwxOC4xMjYtNTAuMDI1LDUxLjQxM3YyOC42ODRoLTMzLjU4NXYzOC44OTVoMzMuNTg1djk5LjgwM0gxODIuNDA5eiIvPjwvc3ZnPg%3D%3D)](https://www.facebook.com/sharer.php?u=https://virtocommerce.com)&nbsp;[![Tweet](https://img.shields.io/twitter/url/https/virtocommerce.com.svg?style=social)](https://twitter.com/intent/tweet?text=%23VirtoCommerce%20puts%20the%20best%20of%20MS%20Azure%20Cloud%2C%20open%20source%20.Net%20code%20and%20agile%20development%20in%20a%20single%20enterprise%20%23ecommerce%20platform.) [![Latest release](https://img.shields.io/github/release/VirtoCommerce/vc-platform.svg)](https://github.com/VirtoCommerce/vc-platform/releases/latest) [![Total downloads](https://img.shields.io/github/downloads/VirtoCommerce/vc-platform/total.svg?colorB=007ec6)](https://github.com/VirtoCommerce/vc-platform/releases) [![License](https://img.shields.io/badge/license-VC%20OSL-blue.svg)](https://virtocommerce.com/open-source-license)
 
-[![CI status](https://github.com/VirtoCommerce/vc-platform/workflows/Platform%20CI/badge.svg?branch=dev)](https://github.com/VirtoCommerce/vc-platform/actions?query=workflow%3A"Platform+CI") [![Quality gate](https://sonarcloud.io/api/project_badges/measure?project=VirtoCommerce_vc-platform&metric=alert_status&branch=dev)](https://sonarcloud.io/dashboard?id=VirtoCommerce_vc-platform) [![Reliability rating](https://sonarcloud.io/api/project_badges/measure?project=VirtoCommerce_vc-platform&metric=reliability_rating&branch=dev)](https://sonarcloud.io/dashboard?id=VirtoCommerce_vc-platform) [![Security rating](https://sonarcloud.io/api/project_badges/measure?project=VirtoCommerce_vc-platform&metric=security_rating&branch=dev)](https://sonarcloud.io/dashboard?id=VirtoCommerce_vc-platform) [![Sqale rating](https://sonarcloud.io/api/project_badges/measure?project=VirtoCommerce_vc-platform&metric=sqale_rating&branch=dev)](https://sonarcloud.io/dashboard?id=VirtoCommerce_vc-platform) [![Lines of code](https://sonarcloud.io/api/project_badges/measure?project=VirtoCommerce_vc-platform&metric=ncloc&branch=dev)](https://sonarcloud.io/dashboard?id=VirtoCommerce_vc-platform)&emsp;
+[![CI status](https://github.com/VirtoCommerce/vc-platform/workflows/Platform%20CI/badge.svg?branch=master)](https://github.com/VirtoCommerce/vc-platform/actions?query=workflow%3A"Platform+CI") [![Quality gate](https://sonarcloud.io/api/project_badges/measure?project=VirtoCommerce_vc-platform&metric=alert_status&branch=dev)](https://sonarcloud.io/dashboard?id=VirtoCommerce_vc-platform) [![Reliability rating](https://sonarcloud.io/api/project_badges/measure?project=VirtoCommerce_vc-platform&metric=reliability_rating&branch=dev)](https://sonarcloud.io/dashboard?id=VirtoCommerce_vc-platform) [![Security rating](https://sonarcloud.io/api/project_badges/measure?project=VirtoCommerce_vc-platform&metric=security_rating&branch=dev)](https://sonarcloud.io/dashboard?id=VirtoCommerce_vc-platform) [![Sqale rating](https://sonarcloud.io/api/project_badges/measure?project=VirtoCommerce_vc-platform&metric=sqale_rating&branch=dev)](https://sonarcloud.io/dashboard?id=VirtoCommerce_vc-platform) [![Lines of code](https://sonarcloud.io/api/project_badges/measure?project=VirtoCommerce_vc-platform&metric=ncloc&branch=dev)](https://sonarcloud.io/dashboard?id=VirtoCommerce_vc-platform)&emsp;
 
 [![Documentation](https://img.shields.io/badge/docs-read-brightgreen.svg)](https://virtocommerce.com/docs)&nbsp;[![Discourse topics](https://img.shields.io/discourse/topics?label=community&logo=community&server=http%3A%2F%2Fcommunity.virtocommerce.com)](https://community.virtocommerce.com) [![Contributors](https://img.shields.io/github/contributors/VirtoCommerce/vc-platform.svg)](https://github.com/VirtoCommerce/vc-platform/graphs/contributors)
 

From 61375473af1792aceacbfb5a7bad91be32638c21 Mon Sep 17 00:00:00 2001
From: Egis <em@virtoway.com>
Date: Tue, 13 Apr 2021 21:49:49 +0300
Subject: [PATCH 64/70] PT-207: Enable Source link support (#2210)

---
 build/_build.csproj                           |  5 ++++
 ...ce.Platform.Assets.AzureBlobStorage.csproj |  7 ++++-
 ...Commerce.Platform.Assets.FileSystem.csproj |  9 +++++--
 .../VirtoCommerce.Platform.Caching.csproj     |  9 +++++--
 .../VirtoCommerce.Platform.Core.csproj        |  9 +++++--
 .../VirtoCommerce.Platform.Data.csproj        |  5 ++++
 .../VirtoCommerce.Platform.Hangfire.csproj    |  7 ++++-
 .../VirtoCommerce.Platform.Modules.csproj     |  5 ++++
 .../VirtoCommerce.Platform.Security.csproj    | 13 ++++++---
 .../VirtoCommerce.Testing.csproj              | 27 ++++++++++++-------
 10 files changed, 74 insertions(+), 22 deletions(-)

diff --git a/build/_build.csproj b/build/_build.csproj
index a053254b648..b5f6a2a5e29 100644
--- a/build/_build.csproj
+++ b/build/_build.csproj
@@ -17,10 +17,15 @@
         <StartupObject>Build</StartupObject>
         <NoDefaultLaunchSettingsFile>true</NoDefaultLaunchSettingsFile>
         <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+        <PublishRepositoryUrl>true</PublishRepositoryUrl>
+        <EmbedUntrackedSources>true</EmbedUntrackedSources>
+        <IncludeSymbols>true</IncludeSymbols>
+        <SymbolPackageFormat>snupkg</SymbolPackageFormat>
     </PropertyGroup>
 
     <ItemGroup>
         <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.14" />
+        <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
         <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
         <PackageReference Include="Octokit" Version="0.48.0" />
         <PackageReference Include="System.Data.SqlClient" Version="4.8.2" />
diff --git a/src/VirtoCommerce.Platform.Assets.AzureBlobStorage/VirtoCommerce.Platform.Assets.AzureBlobStorage.csproj b/src/VirtoCommerce.Platform.Assets.AzureBlobStorage/VirtoCommerce.Platform.Assets.AzureBlobStorage.csproj
index 0bb160b5a76..afa28e712cc 100644
--- a/src/VirtoCommerce.Platform.Assets.AzureBlobStorage/VirtoCommerce.Platform.Assets.AzureBlobStorage.csproj
+++ b/src/VirtoCommerce.Platform.Assets.AzureBlobStorage/VirtoCommerce.Platform.Assets.AzureBlobStorage.csproj
@@ -4,7 +4,11 @@
         <TargetFramework>netcoreapp3.1</TargetFramework>
         <noWarn>1591</noWarn>
         <OutputType>Library</OutputType>
-		<IsPackable>True</IsPackable>
+        <IsPackable>True</IsPackable>
+        <PublishRepositoryUrl>true</PublishRepositoryUrl>
+        <EmbedUntrackedSources>true</EmbedUntrackedSources>
+        <IncludeSymbols>true</IncludeSymbols>
+        <SymbolPackageFormat>snupkg</SymbolPackageFormat>
     </PropertyGroup>
 
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
@@ -12,6 +16,7 @@
     </PropertyGroup>
 
     <ItemGroup>
+        <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
         <PackageReference Include="Microsoft.Azure.Storage.Blob" Version="11.2.2" />
         <PackageReference Include="Microsoft.Extensions.Options" Version="3.1.8" />
     </ItemGroup>
diff --git a/src/VirtoCommerce.Platform.Assets.FileSystem/VirtoCommerce.Platform.Assets.FileSystem.csproj b/src/VirtoCommerce.Platform.Assets.FileSystem/VirtoCommerce.Platform.Assets.FileSystem.csproj
index 31e32f88721..315d0fdca74 100644
--- a/src/VirtoCommerce.Platform.Assets.FileSystem/VirtoCommerce.Platform.Assets.FileSystem.csproj
+++ b/src/VirtoCommerce.Platform.Assets.FileSystem/VirtoCommerce.Platform.Assets.FileSystem.csproj
@@ -4,7 +4,11 @@
         <TargetFramework>netcoreapp3.1</TargetFramework>
         <noWarn>1591</noWarn>
         <OutputType>Library</OutputType>
-		<IsPackable>True</IsPackable>
+        <IsPackable>True</IsPackable>
+        <PublishRepositoryUrl>true</PublishRepositoryUrl>
+        <EmbedUntrackedSources>true</EmbedUntrackedSources>
+        <IncludeSymbols>true</IncludeSymbols>
+        <SymbolPackageFormat>snupkg</SymbolPackageFormat>
     </PropertyGroup>
 
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
@@ -12,7 +16,8 @@
     </PropertyGroup>
 
     <ItemGroup>
-           <PackageReference Include="Microsoft.Extensions.Options" Version="3.1.8" />
+        <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
+        <PackageReference Include="Microsoft.Extensions.Options" Version="3.1.8" />
     </ItemGroup>
 
     <ItemGroup>
diff --git a/src/VirtoCommerce.Platform.Caching/VirtoCommerce.Platform.Caching.csproj b/src/VirtoCommerce.Platform.Caching/VirtoCommerce.Platform.Caching.csproj
index 5470f6dc6f9..078906a29ba 100644
--- a/src/VirtoCommerce.Platform.Caching/VirtoCommerce.Platform.Caching.csproj
+++ b/src/VirtoCommerce.Platform.Caching/VirtoCommerce.Platform.Caching.csproj
@@ -4,7 +4,11 @@
         <TargetFramework>netcoreapp3.1</TargetFramework>
         <noWarn>1591</noWarn>
         <OutputType>Library</OutputType>
-		<IsPackable>True</IsPackable>
+        <IsPackable>True</IsPackable>
+        <PublishRepositoryUrl>true</PublishRepositoryUrl>
+        <EmbedUntrackedSources>true</EmbedUntrackedSources>
+        <IncludeSymbols>true</IncludeSymbols>
+        <SymbolPackageFormat>snupkg</SymbolPackageFormat>
     </PropertyGroup>
 
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
@@ -18,12 +22,13 @@
         <PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="3.1.8" />
         <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="3.1.8" />
         <PackageReference Include="Microsoft.Extensions.Options.DataAnnotations" Version="3.1.8" />
+        <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
         <PackageReference Include="Polly" Version="7.2.1" />
         <PackageReference Include="StackExchange.Redis" Version="2.1.58" />
     </ItemGroup>
 
     <ItemGroup>
-      <ProjectReference Include="..\VirtoCommerce.Platform.Core\VirtoCommerce.Platform.Core.csproj" />
+        <ProjectReference Include="..\VirtoCommerce.Platform.Core\VirtoCommerce.Platform.Core.csproj" />
     </ItemGroup>
 
 </Project>
diff --git a/src/VirtoCommerce.Platform.Core/VirtoCommerce.Platform.Core.csproj b/src/VirtoCommerce.Platform.Core/VirtoCommerce.Platform.Core.csproj
index 00b75dc116e..9e5e3a740d9 100644
--- a/src/VirtoCommerce.Platform.Core/VirtoCommerce.Platform.Core.csproj
+++ b/src/VirtoCommerce.Platform.Core/VirtoCommerce.Platform.Core.csproj
@@ -6,6 +6,10 @@
         <ApplicationIcon />
         <OutputType>Library</OutputType>
         <IsPackable>True</IsPackable>
+        <PublishRepositoryUrl>true</PublishRepositoryUrl>
+        <EmbedUntrackedSources>true</EmbedUntrackedSources>
+        <IncludeSymbols>true</IncludeSymbols>
+        <SymbolPackageFormat>snupkg</SymbolPackageFormat>
         <StartupObject />
     </PropertyGroup>
 
@@ -19,8 +23,8 @@
         <Folder Include="Specifications\" />
     </ItemGroup>
 
-    <ItemGroup>       
-        <PackageReference Include="Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel" Version="2.15.0" />       
+    <ItemGroup>
+        <PackageReference Include="Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel" Version="2.15.0" />
         <PackageReference Include="Microsoft.AspNetCore.Mvc.Abstractions" Version="2.2.0" />
         <PackageReference Include="Microsoft.Extensions.Caching.Abstractions" Version="3.1.8" />
         <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="3.1.8" />
@@ -29,6 +33,7 @@
         <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="3.1.8" />
         <PackageReference Include="Microsoft.Extensions.Options.DataAnnotations" Version="3.1.8" />
         <PackageReference Include="Microsoft.Extensions.Primitives" Version="3.1.8" />
+        <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
         <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
         <PackageReference Include="OpenIddict.Abstractions" Version="2.0.1" />
         <PackageReference Include="System.IO.Abstractions" Version="11.0.18" />
diff --git a/src/VirtoCommerce.Platform.Data/VirtoCommerce.Platform.Data.csproj b/src/VirtoCommerce.Platform.Data/VirtoCommerce.Platform.Data.csproj
index 30dccddfcdb..6469aeeac04 100644
--- a/src/VirtoCommerce.Platform.Data/VirtoCommerce.Platform.Data.csproj
+++ b/src/VirtoCommerce.Platform.Data/VirtoCommerce.Platform.Data.csproj
@@ -5,6 +5,10 @@
         <noWarn>1591</noWarn>
         <OutputType>Library</OutputType>
         <IsPackable>True</IsPackable>
+        <PublishRepositoryUrl>true</PublishRepositoryUrl>
+        <EmbedUntrackedSources>true</EmbedUntrackedSources>
+        <IncludeSymbols>true</IncludeSymbols>
+        <SymbolPackageFormat>snupkg</SymbolPackageFormat>
     </PropertyGroup>
 
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
@@ -22,6 +26,7 @@
         <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="3.1.8" />
         <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="3.1.8" />
         <PackageReference Include="Microsoft.Extensions.Options.DataAnnotations" Version="3.1.8" />
+        <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
         <PackageReference Include="Serialize.Linq" Version="1.8.1" />
     </ItemGroup>
 
diff --git a/src/VirtoCommerce.Platform.Hangfire/VirtoCommerce.Platform.Hangfire.csproj b/src/VirtoCommerce.Platform.Hangfire/VirtoCommerce.Platform.Hangfire.csproj
index 3a8bd38ef3f..b2c6b84fe32 100644
--- a/src/VirtoCommerce.Platform.Hangfire/VirtoCommerce.Platform.Hangfire.csproj
+++ b/src/VirtoCommerce.Platform.Hangfire/VirtoCommerce.Platform.Hangfire.csproj
@@ -7,6 +7,10 @@
         <OutputType>Library</OutputType>
         <IsPackable>True</IsPackable>
         <StartupObject />
+        <PublishRepositoryUrl>true</PublishRepositoryUrl>
+        <EmbedUntrackedSources>true</EmbedUntrackedSources>
+        <IncludeSymbols>true</IncludeSymbols>
+        <SymbolPackageFormat>snupkg</SymbolPackageFormat>
     </PropertyGroup>
 
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
@@ -20,10 +24,11 @@
         <PackageReference Include="Hangfire.MemoryStorage" Version="1.7.0" />
         <PackageReference Include="HangFire.SqlServer" Version="1.7.14" />
         <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="3.1.8" />
+        <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
     </ItemGroup>
 
     <ItemGroup>
-      <ProjectReference Include="..\VirtoCommerce.Platform.Core\VirtoCommerce.Platform.Core.csproj" />
+        <ProjectReference Include="..\VirtoCommerce.Platform.Core\VirtoCommerce.Platform.Core.csproj" />
     </ItemGroup>
 
 </Project>
diff --git a/src/VirtoCommerce.Platform.Modules/VirtoCommerce.Platform.Modules.csproj b/src/VirtoCommerce.Platform.Modules/VirtoCommerce.Platform.Modules.csproj
index f015d0665ef..44de9b93619 100644
--- a/src/VirtoCommerce.Platform.Modules/VirtoCommerce.Platform.Modules.csproj
+++ b/src/VirtoCommerce.Platform.Modules/VirtoCommerce.Platform.Modules.csproj
@@ -5,6 +5,10 @@
         <noWarn>1591</noWarn>
         <OutputType>Library</OutputType>
         <IsPackable>True</IsPackable>
+        <PublishRepositoryUrl>true</PublishRepositoryUrl>
+        <EmbedUntrackedSources>true</EmbedUntrackedSources>
+        <IncludeSymbols>true</IncludeSymbols>
+        <SymbolPackageFormat>snupkg</SymbolPackageFormat>
     </PropertyGroup>
 
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
@@ -17,6 +21,7 @@
         <PackageReference Include="Microsoft.Extensions.DependencyModel" Version="3.1.6" />
         <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.8" />
         <PackageReference Include="Microsoft.Extensions.Options" Version="3.1.8" />
+        <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
         <PackageReference Include="System.Runtime.Loader" Version="4.3.0" />
     </ItemGroup>
 
diff --git a/src/VirtoCommerce.Platform.Security/VirtoCommerce.Platform.Security.csproj b/src/VirtoCommerce.Platform.Security/VirtoCommerce.Platform.Security.csproj
index 877c79c78f8..4c59b5f5a89 100644
--- a/src/VirtoCommerce.Platform.Security/VirtoCommerce.Platform.Security.csproj
+++ b/src/VirtoCommerce.Platform.Security/VirtoCommerce.Platform.Security.csproj
@@ -6,6 +6,10 @@
         <OutputType>Library</OutputType>
         <IsPackable>True</IsPackable>
         <UserSecretsId>ebac378d-6c55-4b03-aa82-57643b6e7a0f</UserSecretsId>
+        <PublishRepositoryUrl>true</PublishRepositoryUrl>
+        <EmbedUntrackedSources>true</EmbedUntrackedSources>
+        <IncludeSymbols>true</IncludeSymbols>
+        <SymbolPackageFormat>snupkg</SymbolPackageFormat>
     </PropertyGroup>
 
     <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
@@ -16,14 +20,15 @@
         <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="3.1.8" />
         <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.8" />
         <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="3.1.8">
-          <PrivateAssets>all</PrivateAssets>
-          <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+            <PrivateAssets>all</PrivateAssets>
+            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
         <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="3.1.8">
-          <PrivateAssets>all</PrivateAssets>
-          <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+            <PrivateAssets>all</PrivateAssets>
+            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
         <PackageReference Include="Microsoft.Extensions.Identity.Core" Version="3.1.8" />
+        <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
         <PackageReference Include="OpenIddict.EntityFrameworkCore" Version="2.0.1" />
         <PackageReference Include="OpenIddict.Mvc" Version="2.0.1" />
         <ProjectReference Include="..\VirtoCommerce.Platform.Core\VirtoCommerce.Platform.Core.csproj" />
diff --git a/tests/VirtoCommerce.Testing/VirtoCommerce.Testing.csproj b/tests/VirtoCommerce.Testing/VirtoCommerce.Testing.csproj
index 38deda5e9ac..7147d732153 100644
--- a/tests/VirtoCommerce.Testing/VirtoCommerce.Testing.csproj
+++ b/tests/VirtoCommerce.Testing/VirtoCommerce.Testing.csproj
@@ -1,11 +1,18 @@
 <Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
-    <noWarn>1591</noWarn>
-    <LangVersion>latest</LangVersion>
-    <IsPackable>True</IsPackable>
-  </PropertyGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\..\src\VirtoCommerce.Platform.Core\VirtoCommerce.Platform.Core.csproj" />
-  </ItemGroup>
-</Project>  
\ No newline at end of file
+    <PropertyGroup>
+        <TargetFramework>netcoreapp3.1</TargetFramework>
+        <noWarn>1591</noWarn>
+        <LangVersion>latest</LangVersion>
+        <IsPackable>True</IsPackable>
+        <PublishRepositoryUrl>true</PublishRepositoryUrl>
+        <EmbedUntrackedSources>true</EmbedUntrackedSources>
+        <IncludeSymbols>true</IncludeSymbols>
+        <SymbolPackageFormat>snupkg</SymbolPackageFormat>
+    </PropertyGroup>
+    <ItemGroup>
+        <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
+    </ItemGroup>
+    <ItemGroup>
+        <ProjectReference Include="..\..\src\VirtoCommerce.Platform.Core\VirtoCommerce.Platform.Core.csproj" />
+    </ItemGroup>
+</Project>

From 9de7692fc51656867653de0a2407f7061c869afb Mon Sep 17 00:00:00 2001
From: Maksim Kopnov <44946644+mvktsk@users.noreply.github.com>
Date: Wed, 14 Apr 2021 19:15:44 +0700
Subject: [PATCH 65/70] PT-802: Sync cherry-pick from the PR (#2211)

* PT-802: Add regression-pr workflow
* PT-802: Change PR_BRANCH to cherry-pick/PRNum
---
 .github/workflows/regression-pr.yml | 78 +++++++++++++++++++++++++++++
 .github/workflows/test.file         |  0
 2 files changed, 78 insertions(+)
 create mode 100644 .github/workflows/regression-pr.yml
 create mode 100644 .github/workflows/test.file

diff --git a/.github/workflows/regression-pr.yml b/.github/workflows/regression-pr.yml
new file mode 100644
index 00000000000..0246942a088
--- /dev/null
+++ b/.github/workflows/regression-pr.yml
@@ -0,0 +1,78 @@
+name: Regression PR
+
+on: 
+  push:
+    paths-ignore:
+      - '.github/**'
+      - 'docs/**'
+      - 'build/**'
+      - 'README.md'
+      - 'LICENSE'
+    branches: [ dev ]
+
+jobs:
+  check-label:
+    runs-on: ubuntu-latest
+    outputs:
+      isLabeled: ${{ steps.checkLabel.outputs.isLabeled }}
+      pullNumber: ${{ steps.checkLabel.outputs.pullNumber }}
+      pullUrl: ${{ steps.checkLabel.outputs.pullUrl }}
+
+    steps:
+    - name: Check regression label
+      id: checkLabel
+      uses: VirtoCommerce/vc-github-actions/check-pr-regression-label@PT-802
+      with:
+        githubToken: ${{ secrets.REPO_TOKEN }}
+        label: regression
+        commitMessage: ${{ github.event.head_commit.message }}
+
+  cherry-pick:
+    needs: check-label
+    if: ${{ needs.check-label.outputs.isLabeled == 'true'}}
+    env: 
+      GITHUB_TOKEN: ${{ secrets.REPO_TOKEN }}
+      INPUT_TARGETBRANCH: "regression"
+      PR_BRANCH: ""
+      PR_TITLE: ""
+      PR_BODY: ""
+      TARGETBRANCH_EXISTS: "false"
+    runs-on: ubuntu-latest
+    steps:
+    - name: Set PR_BRANCH PR_TITLE PR_BODY
+      run: |
+        echo "PR_BRANCH=cherry-pick/${{ needs.check-label.outputs.pullNumber }}" >> $GITHUB_ENV
+        echo "PR_TITLE=PR-${{ needs.check-label.outputs.pullNumber }}-regression-cherry-pick" >> $GITHUB_ENV
+        echo "PR_BODY=Automated cherry-pick update from PR ${{ needs.check-label.outputs.pullUrl}}" >> $GITHUB_ENV
+
+    - name: checkout
+      uses: actions/checkout@v1
+
+    - uses: VirtoCommerce/vc-github-actions/setup-git-credentials-github@master
+      with:
+        githubToken: ${{ secrets.REPO_TOKEN }}
+
+    - name: Check INPUT_TARGETBRANCH exists
+      run: |
+          existed_in_remote=$(git ls-remote --heads origin "${INPUT_TARGETBRANCH}")
+          if [[ -z ${existed_in_remote} ]]; then
+            echo "TARGETBRANCH_EXISTS=false" >> $GITHUB_ENV
+          else
+            echo "TARGETBRANCH_EXISTS=true" >> $GITHUB_ENV
+          fi
+
+    - name: Cherry-pick and create PR
+      if: ${{env.TARGETBRANCH_EXISTS == 'true' }} 
+      run: |
+          echo "-remote update"
+          git remote update
+          echo "-fetch --all"
+          git fetch --all
+          echo "-checkout"
+          git checkout -b "${PR_BRANCH}" "origin/${INPUT_TARGETBRANCH}"
+          echo "-cherry-pick"
+          git cherry-pick "${GITHUB_SHA}"
+          echo "-push"
+          git push -u origin "${PR_BRANCH}"
+          echo "-Create PR"
+          hub pull-request -b "${INPUT_TARGETBRANCH}" -h "${PR_BRANCH}" -m "${PR_TITLE}" -m "${PR_BODY}"
diff --git a/.github/workflows/test.file b/.github/workflows/test.file
new file mode 100644
index 00000000000..e69de29bb2d

From 4346c04b5254f5e55f7036c682e2f0eb271edc2d Mon Sep 17 00:00:00 2001
From: Filipp Kuksov <47894313+Vectorfield4@users.noreply.github.com>
Date: Wed, 14 Apr 2021 14:17:42 +0200
Subject: [PATCH 66/70] Update en.VirtoCommerce.Platform.json (#2212)

---
 .../wwwroot/Localizations/en.VirtoCommerce.Platform.json       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
index 4f812d521e5..020f1531ab7 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
@@ -389,7 +389,8 @@
                     "name": "Name",
                     "account-type": "Account type",
                     "login": "Login",
-                    "state": "State"
+                    "state": "State",
+                    "status": "Status"
                 }
             },
             "account-api": {

From c6cd2c4f8cf2d5c70c96398bf6eba59553d04c4b Mon Sep 17 00:00:00 2001
From: Egidijus Mazeika <em@virtoway.com>
Date: Wed, 14 Apr 2021 20:06:56 +0300
Subject: [PATCH 67/70] PT-1161: Update warning message

---
 .../wwwroot/Localizations/en.VirtoCommerce.Platform.json        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
index 020f1531ab7..9272ac6c1c8 100644
--- a/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
+++ b/src/VirtoCommerce.Platform.Web/wwwroot/Localizations/en.VirtoCommerce.Platform.json
@@ -353,7 +353,7 @@
                     "passwordRequiresUpper": "Passwords must have at least one uppercase ('A'-'Z')",
                     "passwordRequiresDigit": "Passwords must have at least one digit ('0'-'9')",
                     "passwordRequiresNonAlphanumeric": "Passwords must have at least one non alphanumeric character",
-                     "recentPasswordUsed": "This password has been used in recent history. Please choose a different password."
+                    "recentPasswordUsed": "You have used this password in the past. Choose another one."
                 },
                 "placeholders": {
                     "new-password": "Enter new password",

From f99e3cecdc14026bd1734b1942fad0e636d9788a Mon Sep 17 00:00:00 2001
From: Maksim Kopnov <44946644+mvktsk@users.noreply.github.com>
Date: Thu, 15 Apr 2021 17:39:09 +0700
Subject: [PATCH 68/70] Delete test.file

---
 .github/workflows/test.file | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 .github/workflows/test.file

diff --git a/.github/workflows/test.file b/.github/workflows/test.file
deleted file mode 100644
index e69de29bb2d..00000000000

From 7aa163129f559dca2fe85ebf6ce6675ce6921836 Mon Sep 17 00:00:00 2001
From: Filip Kuksov <vectorfield4@gmail.com>
Date: Thu, 15 Apr 2021 13:05:57 +0200
Subject: [PATCH 69/70] 3.54.0

---
 Directory.Build.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 6eda9aa0aa1..35b26cb4806 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -9,7 +9,7 @@
     </PropertyGroup>
 
     <PropertyGroup>
-        <VersionPrefix>3.53.0</VersionPrefix>
+        <VersionPrefix>3.54.0</VersionPrefix>
         <VersionSuffix></VersionSuffix>
         <VersionSuffix Condition=" '$(VersionSuffix)' != '' AND '$(BuildNumber)' != '' ">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
         <NoWarn>$(NoWarn);S3875</NoWarn>

From 3354153ee1369a280d23ebbc36fbe76715fbb661 Mon Sep 17 00:00:00 2001
From: Andrei Kolchanov <akak1977@users.noreply.github.com>
Date: Thu, 15 Apr 2021 16:35:48 +0500
Subject: [PATCH 70/70] PT-198: Turn back use of setting
 "PushNotifications:RedisBackplane:ChannelName" (#2213)

---
 .../PushNotifications/SignalRBuilderExtensions.cs             | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/VirtoCommerce.Platform.Web/PushNotifications/SignalRBuilderExtensions.cs b/src/VirtoCommerce.Platform.Web/PushNotifications/SignalRBuilderExtensions.cs
index e12eccea31b..d95c4bed32b 100644
--- a/src/VirtoCommerce.Platform.Web/PushNotifications/SignalRBuilderExtensions.cs
+++ b/src/VirtoCommerce.Platform.Web/PushNotifications/SignalRBuilderExtensions.cs
@@ -49,11 +49,13 @@ public static ISignalRServerBuilder AddPushNotifications(this ISignalRServerBuil
                 else
                 {
                     var redisConnectionString = configuration.GetConnectionString("RedisConnectionString");
+                    var redisChannelName = configuration["PushNotifications:RedisBackplane:ChannelName"];
+                    redisChannelName = string.IsNullOrEmpty(redisChannelName) ? "VirtoCommerceChannel" : redisChannelName;
                     if (string.IsNullOrEmpty(redisConnectionString))
                     {
                         throw new InvalidOperationException($"RedisConnectionString must be set");
                     }
-                    builder.AddStackExchangeRedis(redisConnectionString);
+                    builder.AddStackExchangeRedis(redisConnectionString, o => o.Configuration.ChannelPrefix = redisChannelName);
                 }
             }
             else