Beispiel #1
0
        public ActionResult SetPassword(PasswordManagementModel objPwdMgmtModel)
        {
            bool   bErrorOccurred = false;
            string i_ErrorMessage = "";
            string NewPassword    = null;

            InsiderTradingDAL.CompanyDTO objSelectedCompany = new CompanyDTO();
            UserInfoDTO      objUserInfoDTO      = new UserInfoDTO();
            LoginUserDetails objLoginUserDetails = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);

            try
            {
                if (objLoginUserDetails == null)
                {
                    objLoginUserDetails = new LoginUserDetails();
                }

                if (objPwdMgmtModel.CompanyID == null || objPwdMgmtModel.CompanyID == "")
                {
                    i_ErrorMessage = "Company is required field.";
                    bErrorOccurred = true;
                }
                else if (objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "")
                {
                    i_ErrorMessage = "Please enter new password and confirm password.";
                    bErrorOccurred = true;
                }
                else if (objPwdMgmtModel.NewPassword != objPwdMgmtModel.ConfirmNewPassword)
                {
                    i_ErrorMessage = "New password and Confirm password are not matching.";
                    bErrorOccurred = true;
                }

                if (System.Configuration.ConfigurationManager.AppSettings["CompanyType"] == "Textbox")
                {
                    Dictionary <string, string> objCompaniesDictionary = null;

                    objCompaniesDictionary = new Dictionary <string, string>();

                    using (CompaniesSL objCompanySL = new CompaniesSL())
                    {
                        foreach (InsiderTradingDAL.CompanyDTO objCompanyDTO in objCompanySL.getAllCompanies(Common.Common.getSystemConnectionString()))
                        {
                            objCompaniesDictionary.Add(objCompanyDTO.sCompanyDatabaseName, objCompanyDTO.sCompanyName.ToLower());
                        }
                    }

                    if (objCompaniesDictionary.ContainsValue(objPwdMgmtModel.CompanyID.ToLower()))
                    {
                        objPwdMgmtModel.CompanyID = (from entry in objCompaniesDictionary
                                                     where entry.Value.ToLower() == objPwdMgmtModel.CompanyID.ToLower()
                                                     select entry.Key).FirstOrDefault();
                    }
                    else
                    {
                        objLoginUserDetails.ErrorMessage = "Invalid Company Name";
                        Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                        return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue }));
                    }
                }

                //hashed password to check password history
                InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity();

                string saltValue = string.Empty;
                if (objPwdMgmtModel.NewPassword != null)
                {
                    //NewPassword = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword);
                    string sPasswordHashWithSalt = objPwdHash.CreateSaltandHash(objPwdMgmtModel.NewPassword);
                    NewPassword = sPasswordHashWithSalt.Split('~')[0].ToString();
                    saltValue   = sPasswordHashWithSalt.Split('~')[1].ToString();
                }
                using (CompaniesSL objCompanySL = new CompaniesSL())
                {
                    objSelectedCompany = objCompanySL.getSingleCompanies(Common.Common.getSystemConnectionString(), objPwdMgmtModel.CompanyID);
                }
                //Check if the new password follows Password policy
                if (!bErrorOccurred)
                {
                    Common.Common         objCommon = new Common.Common();
                    PasswordManagementDTO objPasswordManagementUserFromHashCodeDTO = new PasswordManagementDTO();

                    using (UserInfoSL objUserInfoSL = new UserInfoSL())
                    {
                        objPasswordManagementUserFromHashCodeDTO = objUserInfoSL.GetUserFromHashCode(objSelectedCompany.CompanyConnectionString, objPwdMgmtModel.HashValue);
                        objUserInfoDTO = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPasswordManagementUserFromHashCodeDTO.UserInfoID);
                    }
                    bool isPasswordValid = objCommon.ValidatePassword(objSelectedCompany.CompanyConnectionString, objUserInfoDTO.LoginID, objPwdMgmtModel.NewPassword, NewPassword, objUserInfoDTO.UserInfoId, out i_ErrorMessage);
                    if (!isPasswordValid)
                    {
                        bErrorOccurred = true;
                    }
                }
                if (bErrorOccurred)
                {
                    //ModelState.AddModelError("Error", i_ErrorMessage);
                    if (objLoginUserDetails == null)
                    {
                        objLoginUserDetails = new LoginUserDetails();
                    }
                    objLoginUserDetails.ErrorMessage = i_ErrorMessage;
                    objLoginUserDetails.CompanyName  = objPwdMgmtModel.CompanyID;
                    Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);

                    PasswordConfigSL  objPassConfigSL  = new PasswordConfigSL();
                    PasswordConfigDTO objPassConfigDTO = new PasswordConfigDTO();
                    objPassConfigDTO = objPassConfigSL.GetPasswordConfigDetails(objSelectedCompany.CompanyConnectionString);
                    PasswordConfigModel objPassConfigModel = new PasswordConfigModel();
                    InsiderTrading.Common.Common.CopyObjectPropertyByName(objPassConfigDTO, objPassConfigModel);
                    TempData["PasswordConfigModel"] = objPassConfigModel;
                    return(RedirectToAction("SetPassword", "Account", new { code = objPwdMgmtModel.HashValue }));
                    //return View("SetPassword", objPwdMgmtModel);
                }

                PasswordManagementDTO objPwdMgmtDTO = new PasswordManagementDTO();

                if (objLoginUserDetails == null)
                {
                    objLoginUserDetails = new LoginUserDetails();
                }
                if (objSelectedCompany == null)
                {
                    objLoginUserDetails.ErrorMessage = "Entered company is incorrect, please enter correct company and try again.";
                }
                else
                {
                    objPwdMgmtModel.NewPassword        = NewPassword;
                    objPwdMgmtModel.ConfirmNewPassword = NewPassword;
                    objPwdMgmtModel.SaltValue          = saltValue;
                    InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO);
                    using (UserInfoSL objUserInfoSL = new UserInfoSL())
                    {
                        objPwdMgmtDTO.UserInfoID = objUserInfoDTO.UserInfoId;
                        objUserInfoSL.ChangePassword(objSelectedCompany.CompanyConnectionString, ref objPwdMgmtDTO);
                    }
                    //InsiderTradingDAL.UserInfoDTO objUserInfo = objUserInfoSL.GetUserDetails(objSelectedCompany.CompanyConnectionString, objPwdMgmtDTO.UserInfoID);
                    objLoginUserDetails.SuccessMessage = Common.Common.getResourceForGivenCompany("usr_msg_11271", objSelectedCompany.sCompanyDatabaseName);
                }


                Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                return(RedirectToAction("Login", "Account"));
                //return RedirectToAction("Index", "Home", new { acid = Convert.ToString(Common.ConstEnum.UserActions.CRUSER_COUSERDASHBOARD_DASHBOARD) });
            }
            catch (Exception exp)
            {
                string sErrMessage = Common.Common.getResourceForGivenCompany(exp.InnerException.Data[0].ToString(), objSelectedCompany.sCompanyDatabaseName);
                if (objLoginUserDetails == null)
                {
                    objLoginUserDetails = new LoginUserDetails();
                }
                objLoginUserDetails.ErrorMessage = sErrMessage;
                Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);
                return(RedirectToAction("Login", "Account"));
                //ModelState.AddModelError("Error", sErrMessage);
                //return View("SetPassword", objPwdMgmtModel);
            }
            finally
            {
                objLoginUserDetails = null;
            }
        }
Beispiel #2
0
        public ActionResult ChangePassword(int formId, int acid, PasswordManagementModel objPwdMgmtModel)
        {
            bool                          bErrorOccurred               = false;
            string                        i_ErrorMessage               = "";
            LoginUserDetails              objLoginUserDetails          = (LoginUserDetails)Common.Common.GetSessionValue(ConstEnum.SessionValue.UserDetails);
            PasswordManagementDTO         objPwdMgmtDTO                = new PasswordManagementDTO();
            PasswordConfigModel           objPassConfigModel           = new PasswordConfigModel();
            UserInfoSL                    objUserInfoSL                = new UserInfoSL();
            UserPolicyDocumentEventLogDTO objChangePasswordEventLogDTO = null;
            PasswordExpiryReminderDTO     objPassExpiryReminderDTO     = null;


            InsiderTradingEncryption.DataSecurity objPwdHash = new InsiderTradingEncryption.DataSecurity();
            try
            {
                DataSecurity objDataSecurity         = new DataSecurity();
                string       sOldPassword            = string.Empty;
                string       sNewPassword            = string.Empty;
                string       sConfirmNewPassword     = string.Empty;
                string       sPasswordHash           = string.Empty;
                string       sPasswordHashWithSalt   = string.Empty;
                string       sSaltValue              = string.Empty;
                string       javascriptEncryptionKey = Common.ConstEnum.Javascript_Encryption_Key;
                string       userPasswordHashSalt    = Common.ConstEnum.User_Password_Encryption_Key;

                if (objPwdMgmtModel.OldPassword == null || objPwdMgmtModel.OldPassword == "" || objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" ||
                    objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "")
                {
                    i_ErrorMessage = "All fields are required fields.";
                    bErrorOccurred = true;
                }
                else if (objPwdMgmtModel.NewPassword == null || objPwdMgmtModel.NewPassword == "" || objPwdMgmtModel.ConfirmNewPassword == null || objPwdMgmtModel.ConfirmNewPassword == "")
                {
                    i_ErrorMessage = "Please enter new password and confirm new password.";
                    bErrorOccurred = true;
                }
                else if (objPwdMgmtModel.NewPassword != objPwdMgmtModel.ConfirmNewPassword)
                {
                    i_ErrorMessage = "New password and Confirm password are not matching.";
                    bErrorOccurred = true;
                }
                else if (objPwdMgmtModel.OldPassword == objPwdMgmtModel.NewPassword)
                {
                    i_ErrorMessage = "New password should not be same as old password.";
                    bErrorOccurred = true;
                }

                else if (!string.IsNullOrEmpty(objPwdMgmtModel.OldPassword) && !string.IsNullOrEmpty(objPwdMgmtModel.NewPassword) &&
                         !string.IsNullOrEmpty(objPwdMgmtModel.ConfirmNewPassword))
                {
                    sOldPassword          = DecryptStringAES(objPwdMgmtModel.OldPassword, javascriptEncryptionKey, javascriptEncryptionKey);
                    sNewPassword          = DecryptStringAES(objPwdMgmtModel.NewPassword, javascriptEncryptionKey, javascriptEncryptionKey);
                    sConfirmNewPassword   = DecryptStringAES(objPwdMgmtModel.ConfirmNewPassword, javascriptEncryptionKey, javascriptEncryptionKey);
                    sPasswordHashWithSalt = objPwdHash.CreateSaltandHash(sNewPassword);
                    sPasswordHash         = sPasswordHashWithSalt.Split('~')[0].ToString();
                    sSaltValue            = sPasswordHashWithSalt.Split('~')[1].ToString();
                }

                //Check if the new password follows Password policy
                if (!bErrorOccurred)
                {
                    Common.Common objCommon       = new Common.Common();
                    bool          isPasswordValid = objCommon.ValidatePassword(objLoginUserDetails.CompanyDBConnectionString, objLoginUserDetails.UserName, sNewPassword, sPasswordHash, objLoginUserDetails.LoggedInUserID, out i_ErrorMessage);
                    if (!isPasswordValid)
                    {
                        bErrorOccurred = true;
                    }
                }
                if (bErrorOccurred)
                {
                    ViewBag.LoginError = i_ErrorMessage;
                    return(View("ChangePassword"));
                }

                objPwdMgmtModel.UserInfoID = objLoginUserDetails.LoggedInUserID;

                string saltValue  = string.Empty;
                string calledFrom = "ChangPwd";

                using (UserInfoSL ObjUserInfoSL = new UserInfoSL())
                {
                    List <AuthenticationDTO> lstUserDetails = ObjUserInfoSL.GetUserLoginDetails(objLoginUserDetails.CompanyDBConnectionString, Convert.ToString(objLoginUserDetails.LoggedInUserID), calledFrom);
                    foreach (var UserDetails in lstUserDetails)
                    {
                        saltValue = UserDetails.SaltValue;
                    }
                }

                string usrSaltValue = (saltValue == null || saltValue == string.Empty) ? userPasswordHashSalt : saltValue;

                if (saltValue != null && saltValue != "")
                {
                    objPwdMgmtModel.OldPassword = objPwdHash.CreateHashToVerify(sOldPassword, usrSaltValue);
                }
                else
                {
                    objPwdMgmtModel.OldPassword = objPwdHash.CreateHash(sOldPassword, usrSaltValue);
                }


                objPwdMgmtModel.NewPassword        = sPasswordHash;
                objPwdMgmtModel.ConfirmNewPassword = sPasswordHash;
                objPwdMgmtModel.SaltValue          = sSaltValue;
                InsiderTrading.Common.Common.CopyObjectPropertyByName(objPwdMgmtModel, objPwdMgmtDTO);
                objUserInfoSL.ChangePassword(objLoginUserDetails.CompanyDBConnectionString, ref objPwdMgmtDTO);
                objLoginUserDetails.PasswordChangeMessage = Common.Common.getResource("usr_msg_11271");
                Common.Common.SetSessionValue(ConstEnum.SessionValue.UserDetails, objLoginUserDetails);

                Common.Common.SetSessionValue("IsChangePassword", false);
            }
            catch (Exception exp)
            {
                string sErrMessage = Common.Common.getResource(exp.InnerException.Data[0].ToString());
                ViewBag.LoginError = sErrMessage;
                objPassConfigModel = GetPasswordConfigDetails();
                return(View("ChangePassword"));
            }
            finally
            {
                objLoginUserDetails = null;
                objPwdMgmtDTO       = null;
                objUserInfoSL       = null;
                objPwdHash          = null;
            }
            return(RedirectToAction("Index", "Home", new { acid = Convert.ToString(Common.ConstEnum.UserActions.CRUSER_COUSERDASHBOARD_DASHBOARD) }));
        }