/// <summary>
/// Changes the users password
/// </summary>
/// <param name="data"></param>
/// <returns>
/// If the password is being reset it will return the newly reset password, otherwise will return an empty value
/// </returns>
public ModelWithNotifications <string> PostChangePassword(ChangingPasswordModel data)
{
var userProvider = Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider();
//TODO: WE need to support this! - requires UI updates, etc...
if (userProvider.RequiresQuestionAndAnswer)
{
throw new NotSupportedException("Currently the user editor does not support providers that have RequiresQuestionAndAnswer specified");
}
var passwordChangeResult = Members.ChangePassword(Security.CurrentUser.Username, data, userProvider);
if (passwordChangeResult.Success)
{
//even if we weren't resetting this, it is the correct value (null), otherwise if we were resetting then it will contain the new pword
var result = new ModelWithNotifications <string>(passwordChangeResult.Result.ResetPassword);
result.AddSuccessNotification(ui.Text("user", "password"), ui.Text("user", "passwordChanged"));
return(result);
}
//it wasn't successful, so add the change error to the model state, we've name the property alias _umb_password on the form
// so that is why it is being used here.
ModelState.AddPropertyError(
passwordChangeResult.Result.ChangeError,
string.Format("{0}password", Constants.PropertyEditors.InternalGenericPropertiesPrefix));
throw new HttpResponseException(Request.CreateValidationErrorResponse(ModelState));
}
public ActionResult PerformChangePassword(ChangePasswordModel model)
{
if (ModelState.IsValid == false)
{
return(CurrentUmbracoPage());
}
var changingPasswordModel = new ChangingPasswordModel()
{
NewPassword = model.NewPassword,
OldPassword = model.OldPassword
};
var attempt = Members.ChangePassword(Members.CurrentUserName, changingPasswordModel, UmbConstants.Conventions.Member.UmbracoMemberProviderName);
if (attempt.Success == false)
{
if (attempt.Exception != null)
{
ModelState.AddModelError("Model", attempt.Exception);
LogHelper.Error <ChangePasswordFormSurfaceController>("Unable to change password", attempt.Exception);
}
else
{
ModelState.AddModelError("Model", "Unable to change password at this time. Ensure your credentials are correct.");
}
return(CurrentUmbracoPage());
}
TempData.SetSuccessFlag();
return(RedirectToCurrentUmbracoPage());
}
private void UmbracoChangePassword(CustomerUpdateViewModel profileModel, Umbraco.Core.Models.IPublishedContent user)
{
if (profileModel.ConfirmPassword == profileModel.Password && !string.IsNullOrWhiteSpace(profileModel.Password))
{
var result = Members.ChangePassword(user.Name, new Umbraco.Web.Models.ChangingPasswordModel()
{
NewPassword = profileModel.Password,
OldPassword = profileModel.CurrentPassword,
Reset = false
}, UMBRACOMEMBERSHIPPROVIDER);
if (!result.Success)
{
throw new Exception(string.Format("Forkert nuværende adgangskode. Prøv igen (Fejlkode: {0})", result.Result.ChangeError.ErrorMessage));
}
}
}
/// <summary>
/// Update the membership user using the membership provider (for things like email, etc...)
/// If a password change is detected then we'll try that too.
/// </summary>
/// <param name="contentItem"></param>
/// <returns>
/// If the password has been reset then this method will return the reset/generated password, otherwise will return null.
/// </returns>
private string UpdateWithMembershipProvider(MemberSave contentItem)
{
//Get the member from the provider
var membershipUser = _provider.GetUser(contentItem.PersistedContent.Key, false);
if (membershipUser == null)
{
//This should never happen! so we'll let it YSOD if it does.
throw new InvalidOperationException("Could not get member from membership provider " + _provider.Name + " with key " + contentItem.PersistedContent.Key);
}
var shouldReFetchMember = false;
var providedUserName = contentItem.PersistedContent.Username;
//if the user doesn't have access to sensitive values, then we need to check if any of the built in member property types
//have been marked as sensitive. If that is the case we cannot change these persisted values no matter what value has been posted.
//There's only 3 special ones we need to deal with that are part of the MemberSave instance
if (Security.CurrentUser.HasAccessToSensitiveData() == false)
{
var memberType = Services.MemberTypeService.Get(contentItem.PersistedContent.ContentTypeId);
var sensitiveProperties = memberType
.PropertyTypes.Where(x => memberType.IsSensitiveProperty(x.Alias))
.ToList();
foreach (var sensitiveProperty in sensitiveProperties)
{
//if found, change the value of the contentItem model to the persisted value so it remains unchanged
switch (sensitiveProperty.Alias)
{
case Constants.Conventions.Member.Comments:
contentItem.Comments = contentItem.PersistedContent.Comments;
break;
case Constants.Conventions.Member.IsApproved:
contentItem.IsApproved = contentItem.PersistedContent.IsApproved;
break;
case Constants.Conventions.Member.IsLockedOut:
contentItem.IsLockedOut = contentItem.PersistedContent.IsLockedOut;
break;
}
}
}
//Update the membership user if it has changed
try
{
var requiredUpdating = Members.UpdateMember(membershipUser, _provider,
contentItem.Email.Trim(),
contentItem.IsApproved,
comment: contentItem.Comments);
if (requiredUpdating.Success)
{
//re-map these values
shouldReFetchMember = true;
}
}
catch (Exception ex)
{
Logger.Warn <MemberController>(ex, "Could not update member, the provider returned an error");
ModelState.AddPropertyError(
//specify 'default' just so that it shows up as a notification - is not assigned to a property
new ValidationResult("Could not update member, the provider returned an error: " + ex.Message + " (see log for full details)"), "default");
}
//if they were locked but now they are trying to be unlocked
if (membershipUser.IsLockedOut && contentItem.IsLockedOut == false)
{
try
{
var result = _provider.UnlockUser(membershipUser.UserName);
if (result == false)
{
//it wasn't successful - but it won't really tell us why.
ModelState.AddModelError("custom", "Could not unlock the user");
}
else
{
shouldReFetchMember = true;
}
}
catch (Exception ex)
{
ModelState.AddModelError("custom", ex);
}
}
else if (membershipUser.IsLockedOut == false && contentItem.IsLockedOut)
{
//NOTE: This should not ever happen unless someone is mucking around with the request data.
//An admin cannot simply lock a user, they get locked out by password attempts, but an admin can un-approve them
ModelState.AddModelError("custom", "An admin cannot lock a user");
}
//password changes ?
if (contentItem.Password == null)
{
//If the provider has changed some values, these values need to be reflected in the member object
//that will get mapped to the display object
if (shouldReFetchMember)
{
RefetchMemberData(contentItem, LookupType.ByKey);
RestoreProvidedUserName(contentItem, providedUserName);
}
return(null);
}
var passwordChangeResult = Members.ChangePassword(membershipUser.UserName, contentItem.Password, _provider);
if (passwordChangeResult.Success)
{
//If the provider has changed some values, these values need to be reflected in the member object
//that will get mapped to the display object
if (shouldReFetchMember)
{
RefetchMemberData(contentItem, LookupType.ByKey);
RestoreProvidedUserName(contentItem, providedUserName);
}
//even if we weren't resetting this, it is the correct value (null), otherwise if we were resetting then it will contain the new pword
return(passwordChangeResult.Result.ResetPassword);
}
//it wasn't successful, so add the change error to the model state
ModelState.AddPropertyError(
passwordChangeResult.Result.ChangeError,
string.Format("{0}password", Constants.PropertyEditors.InternalGenericPropertiesPrefix));
return(null);
}
/// <summary>
/// Update the membership user using the membership provider (for things like email, etc...)
/// If a password change is detected then we'll try that too.
/// </summary>
/// <param name="contentItem"></param>
/// <returns>
/// If the password has been reset then this method will return the reset/generated password, otherwise will return null.
/// </returns>
private string UpdateWithMembershipProvider(MemberSave contentItem)
{
//Get the member from the provider
var membershipUser = _provider.GetUser(contentItem.PersistedContent.Key, false);
if (membershipUser == null)
{
//This should never happen! so we'll let it YSOD if it does.
throw new InvalidOperationException("Could not get member from membership provider " + _provider.Name + " with key " + contentItem.PersistedContent.Key);
}
var shouldReFetchMember = false;
var providedUserName = contentItem.PersistedContent.Username;
//Update the membership user if it has changed
try
{
var requiredUpdating = Members.UpdateMember(membershipUser, _provider,
contentItem.Email.Trim(),
contentItem.IsApproved,
comment: contentItem.Comments);
if (requiredUpdating.Success)
{
//re-map these values
shouldReFetchMember = true;
}
}
catch (Exception ex)
{
LogHelper.WarnWithException <MemberController>("Could not update member, the provider returned an error", ex);
ModelState.AddPropertyError(
//specify 'default' just so that it shows up as a notification - is not assigned to a property
new ValidationResult("Could not update member, the provider returned an error: " + ex.Message + " (see log for full details)"), "default");
}
//if they were locked but now they are trying to be unlocked
if (membershipUser.IsLockedOut && contentItem.IsLockedOut == false)
{
try
{
var result = _provider.UnlockUser(membershipUser.UserName);
if (result == false)
{
//it wasn't successful - but it won't really tell us why.
ModelState.AddModelError("custom", "Could not unlock the user");
}
else
{
shouldReFetchMember = true;
}
}
catch (Exception ex)
{
ModelState.AddModelError("custom", ex);
}
}
else if (membershipUser.IsLockedOut == false && contentItem.IsLockedOut)
{
//NOTE: This should not ever happen unless someone is mucking around with the request data.
//An admin cannot simply lock a user, they get locked out by password attempts, but an admin can un-approve them
ModelState.AddModelError("custom", "An admin cannot lock a user");
}
//password changes ?
if (contentItem.Password == null)
{
//If the provider has changed some values, these values need to be reflected in the member object
//that will get mapped to the display object
if (shouldReFetchMember)
{
RefetchMemberData(contentItem, LookupType.ByKey);
RestoreProvidedUserName(contentItem, providedUserName);
}
return(null);
}
var passwordChangeResult = Members.ChangePassword(membershipUser.UserName, contentItem.Password, _provider);
if (passwordChangeResult.Success)
{
//If the provider has changed some values, these values need to be reflected in the member object
//that will get mapped to the display object
if (shouldReFetchMember)
{
RefetchMemberData(contentItem, LookupType.ByKey);
RestoreProvidedUserName(contentItem, providedUserName);
}
//even if we weren't resetting this, it is the correct value (null), otherwise if we were resetting then it will contain the new pword
return(passwordChangeResult.Result.ResetPassword);
}
//it wasn't successful, so add the change error to the model state
ModelState.AddPropertyError(
passwordChangeResult.Result.ChangeError,
string.Format("{0}password", Constants.PropertyEditors.InternalGenericPropertiesPrefix));
return(null);
}
