/// <summary>
/// Resets a user's password to a new, automatically generated password.
/// </summary>
/// <returns>
/// The new password for the specified user.
/// </returns>
/// <param name="username">The user to reset the password for. </param><param name="answer">The password answer for the specified user. </param>
public override string ResetPassword(string username, string answer)
{
if (!PasswordPolicy.IsPasswordResetEnabled)
{
throw new NotSupportedException("Password reset is not supported.");
}
var user = AccountRepository.Get(username);
if (PasswordPolicy.IsPasswordQuestionRequired && answer == null)
{
throw new MembershipPasswordException("Password answer is empty and question/answer is required.");
}
if (PasswordPolicy.IsPasswordQuestionRequired &&
!user.PasswordAnswer.Equals(answer, StringComparison.OrdinalIgnoreCase))
{
return(null);
}
var newPassword = PasswordStrategy.GeneratePassword(PasswordPolicy);
ValidatePassword(username, newPassword);
var info = new AccountPasswordInfo(username, newPassword);
user.Password = PasswordStrategy.Encrypt(info);
user.PasswordSalt = info.PasswordSalt;
AccountRepository.Update(user);
return(newPassword);
}
/// <summary>
/// Processes a request to update the password question and answer for a membership user.
/// </summary>
/// <returns>
/// true if the password question and answer are updated successfully; otherwise, false.
/// </returns>
/// <param name="username">The user to change the password question and answer for. </param><param name="password">The password for the specified user. </param><param name="newPasswordQuestion">The new password question for the specified user. </param><param name="newPasswordAnswer">The new password answer for the specified user. </param>
public override bool ChangePasswordQuestionAndAnswer(string username, string password,
string newPasswordQuestion, string newPasswordAnswer)
{
var account = AccountRepository.Get(username);
if (account == null)
{
return(false);
}
var info = new AccountPasswordInfo(username, account.Password)
{
PasswordSalt = account.PasswordSalt
};
if (PasswordStrategy.Compare(info, password))
{
return(false);
}
account.PasswordQuestion = newPasswordAnswer;
account.PasswordAnswer = newPasswordAnswer;
AccountRepository.Update(account);
return(true);
}
//Demander un unique email... e préremplir du provider si Oauth et disponible... (exemple Facebook).. comme il semble faire pour le username (a voir)
public IUser CreateOrUpdateUser(IUser user)
{
if (String.IsNullOrEmpty(user.Name))
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidUserName);
}
//if (String.IsNullOrEmpty(user.Password)) throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
if (String.IsNullOrEmpty(user.Email))
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidEmail);
}
if (user.Id.IsNullOrEmpty()) // New user...
{
if (UserQueries.GetUserNameByEmail(user.Email) != null)
{
throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateEmail);
}
if (UserQueries.Get(user.Name) != null)
{
throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateUserName);
}
user.CreatedAt = _dateTimeManager.Now();
}
if (!user.ThirdPartyAuthenticationUserAccounts.Any() || !user.Password.IsNullOrEmpty())
{
try
{
ValidatePassword(user.Name, user.Password);
}
catch
{
// not the smoothest approach, but the best
// considering the inconsistent password failure handling.
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
}
}
var passwordInfo = new AccountPasswordInfo(user.Name, user.Password);
user.Password = PasswordStrategy.Encrypt(passwordInfo);
user.PasswordSalt = passwordInfo.PasswordSalt;
var status = UserCommands.Register(user);
if (status != MembershipCreateStatus.Success)
{
throw new MembershipCreateUserException(status);
}
return(user);
}
public string CreatePassword(string password, PasswordStrategy strategy)
{
if (CheckValidation(password, strategy.GenerateRegex()))
{
_password = password;
return(password);
}
else
{
return("Password isn't strong enough");
}
}
public int SumValidPasswords(PasswordStrategy passwordStrategy)
{
var amount = 0;
foreach (var passwordAndPolicyString in _passwordsAndPolicy)
{
if (PasswordValid(passwordStrategy, passwordAndPolicyString))
{
amount++;
}
}
return(amount);
}
///// <summary>
///// Processes a request to update the password question and answer for a membership user.
///// </summary>
///// <returns>
///// true if the password question and answer are updated successfully; otherwise, false.
///// </returns>
///// <param name="username">The user to change the password question and answer for. </param><param name="password">The password for the specified user. </param><param name="newPasswordQuestion">The new password question for the specified user. </param><param name="newPasswordAnswer">The new password answer for the specified user. </param>
//public bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
//{
// var account = UserQueries.Get(username);
// if (account == null)
// return false;
// var info = new AccountPasswordInfo(username, account.Password)
// {
// PasswordSalt = account.PasswordSalt
// };
// if (PasswordStrategy.Compare(info, password))
// return false;
// account.PasswordQuestion = newPasswordAnswer;
// account.PasswordAnswer = newPasswordAnswer;
// AccountRepository.Update(account);
// return true;
//}
///// <summary>
///// Gets the password for the specified user name from the data source.
///// </summary>
///// <returns>
///// The password for the specified user name.
///// </returns>
///// <param name="username">The user to retrieve the password for. </param><param name="answer">The password answer for the user. </param>
//public string GetPassword(string username, string answer)
//{
// if (!PasswordPolicy.IsPasswordRetrievalEnabled || !PasswordStrategy.IsPasswordsDecryptable)
// throw new ProviderException("Password retrieval is not supported");
// var account = UserQueries.Get(username);
// if (!account.PasswordAnswer.Equals(answer, StringComparison.OrdinalIgnoreCase))
// throw new MembershipPasswordException("Answer to Password question was incorrect.");
// return PasswordStrategy.Decrypt(account.Password);
//}
///// <summary>
///// Resets a user's password to a new, automatically generated password.
///// </summary>
///// <returns>
///// The new password for the specified user.
///// </returns>
///// <param name="username">The user to reset the password for. </param><param name="answer">The password answer for the specified user. </param>
//public string ResetPassword(string username, string answer)
//{
// if (!PasswordPolicy.IsPasswordResetEnabled)
// throw new NotSupportedException("Password reset is not supported.");
// var user = UserQueries.Get(username);
// if (PasswordPolicy.IsPasswordQuestionRequired && answer == null)
// throw new MembershipPasswordException("Password answer is empty and question/answer is required.");
// if (!user.PasswordAnswer.Equals(answer, StringComparison.OrdinalIgnoreCase))
// return null;
// var newPassword = PasswordStrategy.GeneratePassword(PasswordPolicy);
// ValidatePassword(username, newPassword);
// var info = new AccountPasswordInfo(username, newPassword);
// user.Password = PasswordStrategy.Encrypt(info);
// user.PasswordSalt = info.PasswordSalt;
// AccountRepository.Update(user);
// return newPassword;
//}
private void ValidatePassword(string username, string clearTextPassword)
{
if (!PasswordStrategy.IsValid(clearTextPassword, PasswordPolicy))
{
throw new MembershipPasswordException("Password failed validation");
}
var args = new ValidatePasswordEventArgs(username, clearTextPassword, false);
if (args.FailureInformation != null)
{
throw args.FailureInformation;
}
}
///// <summary>
///// Updates information about a user in the data source.
///// </summary>
///// <param name="user">A <see cref="T:System.Web.Security.IUser"/> object that represents the user to update and the updated information for the user. </param>
//public void UpdateUser(IUser user)
//{
// var account = UserQueries.Get(user.UserName);
// Merge(user, account);
// AccountRepository.Update(account);
//}
//private void Merge(IUser user, IUser account)
//{
// account.Comment = user.Comment;
// account.IsApproved = user.IsApproved;
// account.Email = user.Email;
// account.PasswordQuestion = user.PasswordQuestion;
// account.IsLockedOut = user.IsLockedOut;
// //account.IsOnline = user.IsOnline;
// account.LastActivityAt = user.LastActivityDate;
// account.LastLockedOutAt = user.LastLockoutDate;
// account.LastPasswordChangeAt = user.LastPasswordChangedDate;
// account.ProviderUserKey = user.ProviderUserKey;
// account.Name = user.UserName;
//}
/// <summary>
/// Verifies that the specified user name and password exist in the data source.
/// </summary>
/// <returns>
/// true if the specified username and password are valid; otherwise, false.
/// </returns>
/// <param name="username">The name of the user to validate. </param><param name="password">The password for the specified user. </param>
public bool ValidateUser(string username, string password)
{
if (String.IsNullOrEmpty(username))
{
throw new ArgumentException("Value cannot be null or empty.", "username");
}
if (String.IsNullOrEmpty(password))
{
throw new ArgumentException("Value cannot be null or empty.", "password");
}
var user = UserQueries.Get(username);
if (user == null || user.IsLockedOut)
{
return(false);
}
var passwordInfo = user.CreatePasswordInfo();
var validated = PasswordStrategy.Compare(passwordInfo, password);
var now = _dateTimeManager.Now();
if (validated)
{
user.LastLoginAt = now;
user.FailedPasswordWindowStartedAt = null;
user.FailedPasswordWindowAttemptCount = 0;
UserCommands.Update(user);
return(true);
}
user.FailedPasswordWindowAttemptCount += 1;
if (!user.FailedPasswordWindowStartedAt.HasValue)
{
user.FailedPasswordAnswerWindowStartedAt = now;
}
else if (now.Subtract(user.FailedPasswordAnswerWindowStartedAt.Value).TotalMinutes >
PasswordPolicy.PasswordAttemptWindow)
{
user.IsLockedOut = true;
user.LastLockedOutAt = now;
UserCommands.Update(user);
}
return(false);
}
/// <summary>
/// Gets the password for the specified user name from the data source.
/// </summary>
/// <returns>
/// The password for the specified user name.
/// </returns>
/// <param name="username">The user to retrieve the password for. </param><param name="answer">The password answer for the user. </param>
public override string GetPassword(string username, string answer)
{
if (!PasswordPolicy.IsPasswordRetrievalEnabled || !PasswordStrategy.IsPasswordsDecryptable)
{
throw new ProviderException("Password retrieval is not supported");
}
var account = AccountRepository.Get(username);
if (!account.PasswordAnswer.Equals(answer, StringComparison.OrdinalIgnoreCase))
{
throw new MembershipPasswordException("Answer to Password question was incorrect.");
}
return(PasswordStrategy.Decrypt(account.Password));
}
public Sysuser(string loginName, string password)
{
if (string.IsNullOrEmpty(loginName))
{
throw new BaseException("登录名不能为空");
}
if (string.IsNullOrEmpty(password) || password.Length < 6)
{
throw new BaseException("登录名密码不能少于6位");
}
Salt = Guid.NewGuid().ToString();
LoginName = loginName;
PasswordHash = PasswordStrategy.CreateWithMD5(password + Salt + _passwordStr);
IsEnabled = true;
}
/// <summary>
/// Adds a new membership user to the data source.
/// </summary>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the information for the newly created user.
/// </returns>
/// <param name="username">The user name for the new user. </param><param name="password">The password for the new user. </param><param name="email">The e-mail address for the new user.</param><param name="passwordQuestion">The password question for the new user.</param><param name="passwordAnswer">The password answer for the new user</param><param name="isApproved">Whether or not the new user is approved to be validated.</param><param name="providerUserKey">The unique identifier from the membership data source for the user.</param><param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"/> enumeration value indicating whether the user was created successfully.</param>
public override MembershipUser CreateUser(string username, string password, string email,
string passwordQuestion, string passwordAnswer, bool isApproved,
object providerUserKey, out MembershipCreateStatus status)
{
if (AccountRepository.IsUniqueEmailRequired && AccountRepository.GetUserNameByEmail(email) != null)
{
status = MembershipCreateStatus.DuplicateEmail;
return(null);
}
if (AccountRepository.Get(username) != null)
{
status = MembershipCreateStatus.DuplicateUserName;
return(null);
}
try
{
ValidatePassword(username, password);
}
catch
{
// not the smoothest approach, but the best
// considering the inconsistent password failure handling.
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
var account = AccountRepository.Create(providerUserKey, ApplicationName, username, email);
var passwordInfo = new AccountPasswordInfo(username, password);
account.Password = PasswordStrategy.Encrypt(passwordInfo);
account.PasswordSalt = passwordInfo.PasswordSalt;
account.PasswordAnswer = passwordAnswer;
account.PasswordQuestion = passwordQuestion;
status = AccountRepository.Register(account);
if (status == MembershipCreateStatus.Success)
{
return(CloneUser(account));
}
return(null);
}
/// <summary>
/// Processes a request to update the password for a membership user.
/// </summary>
/// <returns>
/// true if the password was updated successfully; otherwise, false.
/// </returns>
/// <param name="username">The user to update the password for. </param><param name="oldPassword">The current password for the specified user. </param><param name="newPassword">The new password for the specified user. </param>
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
var account = AccountRepository.Get(username);
var pwInfo = account.CreatePasswordInfo();
if (!PasswordStrategy.Compare(pwInfo, oldPassword))
{
return(false);
}
ValidatePassword(username, newPassword);
account.Password = newPassword;
pwInfo = account.CreatePasswordInfo();
account.Password = PasswordStrategy.Encrypt(pwInfo);
AccountRepository.Update(account);
return(true);
}
public bool ChangePassword(string username, string oldPassword, string newPassword)
{
if (String.IsNullOrEmpty(username))
{
throw new ArgumentException("Value cannot be null or empty.", "username");
}
if (String.IsNullOrEmpty(oldPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "oldPassword");
}
if (String.IsNullOrEmpty(newPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "newPassword");
}
// The underlying ChangePassword() will throw an exception rather
// than return false in certain failure scenarios.
try
{
var account = UserQueries.Get(username);
var pwInfo = account.CreatePasswordInfo();
if (!PasswordStrategy.Compare(pwInfo, oldPassword))
{
return(false);
}
ValidatePassword(username, newPassword);
account.Password = newPassword;
pwInfo = account.CreatePasswordInfo();
account.Password = PasswordStrategy.Encrypt(pwInfo);
UserCommands.Update(account);
return(true);
}
catch (ArgumentException)
{
return(false);
}
catch (MembershipPasswordException)
{
return(false);
}
}
private static bool PasswordValid(PasswordStrategy passwordStrategy, string passwordAndPolicyString)
{
var passwordAndPolicy = new PasswordAndPolicy(passwordAndPolicyString);
var policyLeast = passwordAndPolicy.PolicyLeast;
var policyMost = passwordAndPolicy.PolicyMost;
var character = passwordAndPolicy.Character;
var password = passwordAndPolicy.Password;
switch (passwordStrategy)
{
case PasswordStrategy.CharacterPosition:
return
((password[policyLeast - 1] == character && password[policyMost - 1] != character) ||
(password[policyLeast - 1] != character && password[policyMost - 1] == character));
case PasswordStrategy.MinMaxCharacters:
var count = password.Count(s => s == character);
return(count >= policyLeast && count <= policyMost);
default:
throw new ArgumentOutOfRangeException(nameof(passwordStrategy));
}
}
/// <summary>
/// Verifies that the specified user name and password exist in the data source.
/// </summary>
/// <returns>
/// true if the specified username and password are valid; otherwise, false.
/// </returns>
/// <param name="username">The name of the user to validate. </param><param name="password">The password for the specified user. </param>
public override bool ValidateUser(string username, string password)
{
var user = AccountRepository.Get(username);
if (user == null || user.IsLockedOut)
{
return(false);
}
var passwordInfo = user.CreatePasswordInfo();
var validated = PasswordStrategy.Compare(passwordInfo, password);
if (validated)
{
user.LastLoginAt = DateTime.Now;
user.FailedPasswordWindowStartedAt = DateTime.MinValue;
user.FailedPasswordWindowAttemptCount = 0;
AccountRepository.Update(user);
return(true);
}
user.FailedPasswordWindowAttemptCount += 1;
if (user.FailedPasswordWindowStartedAt == DateTime.MinValue)
{
user.FailedPasswordAnswerWindowStartedAt = DateTime.Now;
}
else if (DateTime.Now.Subtract(user.FailedPasswordAnswerWindowStartedAt).TotalMinutes >
PasswordPolicy.PasswordAttemptWindow)
{
user.IsLockedOut = true;
user.LastLockedOutAt = DateTime.Now;
AccountRepository.Update(user);
}
return(false);
}
/// <summary>
/// 检查密码是否正确
/// </summary>
/// <param name="password">密码</param>
/// <returns></returns>
public bool CheckPassword(string password)
{
return(PasswordStrategy.CreateWithMD5(password + Salt + _passwordStr) == PasswordHash);
}
