private bool GetNewPasswordExpiry(GOUserDataObject user, out DateTime?expiry)
{
expiry = null;
// Set new expiry date corresponding to the nearest role expiry days
int numDaysNearestExpiry = int.MaxValue;
if (user.UserRoleItems != null)
{
foreach (var userrole in user.UserRoleItems)
{
if (userrole != null && userrole.Role != null)
{
numDaysNearestExpiry = Math.Min(numDaysNearestExpiry, userrole.Role.PasswordExpiry ?? int.MaxValue);
}
}
}
if (numDaysNearestExpiry != int.MaxValue)
{
expiry = DateTime.UtcNow.Date.AddDays(numDaysNearestExpiry);
}
return(numDaysNearestExpiry != int.MaxValue);
}
public bool RequirePasswordChange(GOUserDataObject user)
{
// result
bool requirePasswordChange = false;
// If user.PasswordExpiry is not null and there is at least one Role with a non-null password expiry, then require a password change
// Otherwise, if there is no policy expiry date it is fine for user password expiry to be null.
if (user.PasswordExpiry == null)
{
foreach (var userrole in user.UserRoleItems)
{
if (userrole.Role != null && userrole.Role.PasswordExpiry != null)
{
// User lacks a password expiry date - correct this by requiring a password change
requirePasswordChange = true;
break;
}
}
}
else
{
// Check password expiry.
DateTime expiry = user.PasswordExpiry ?? DateTime.MaxValue;
if (expiry.Date < DateTime.UtcNow.Date)
{
requirePasswordChange = true;
}
}
return(requirePasswordChange);
}
/// <summary>
/// Gets a list of Claim from the provided GOUser
/// </summary>
public static IEnumerable <Claim> GetExtraUserClaims(GOUserDataObject user)
{
var claims = new List <Claim>();
// Handling GivenName claim
var givenNameString = user.UserName;
claims.Add(new Claim("GivenName", HttpUtility.UrlEncode(givenNameString)));
return(claims);
}
public bool AcceptPassword(GOUserDataObject user, string newPassword, out DateTime?expiry, out GORoleDataObject rejectingRole)
{
expiry = null;
rejectingRole = null;
// newPassword must satisfy password policy regex for each role the user is assigned to
foreach (var userrole in user.UserRoleItems)
{
if (userrole != null && userrole.Role != null && !String.IsNullOrEmpty(userrole.Role.PasswordRegEx))
{
if (!Regex.IsMatch(newPassword, userrole.Role.PasswordRegEx))
{
rejectingRole = userrole.Role;
return(false);
}
}
}
// If we get here, new password was accepted. Get password expiry info.
GetNewPasswordExpiry(user, out expiry);
return(true);
}
