public UpdatePasswordServices(IProcessQueries queryProcessor
     , IStorePasswords passwords
 )
 {
     QueryProcessor = queryProcessor;
     Passwords = passwords;
 }
Ejemplo n.º 2
0
 public HandleResetPasswordCommand(ICommandEntities entities
                                   , IStorePasswords passwords
                                   )
 {
     _entities  = entities;
     _passwords = passwords;
 }
Ejemplo n.º 3
0
 public CreatePasswordHandler(ICommandEntities entities
                              , IStorePasswords passwords
                              )
 {
     _entities  = entities;
     _passwords = passwords;
 }
Ejemplo n.º 4
0
 public IdentityController(ISignUsers userSigner
     , IStorePasswords passwords
 )
 {
     _userSigner = userSigner;
     _passwords = passwords;
 }
Ejemplo n.º 5
0
        public SignInValidator(IStorePasswords passwords)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;
            _passwords  = passwords;

            _session = HttpContext.Current != null && HttpContext.Current.Session != null
                ? new HttpSessionStateWrapper(HttpContext.Current.Session)
                : null;

            RuleFor(p => p.Password)
            // cannot be empty
            .NotEmpty()
            .WithMessage(FailedBecausePasswordWasEmpty)
            // account cannot be locked out
            .Must(ValidateIsNotLockedOut)
            .WithMessage(FailedBecauseIsLockedOut,
                         p => _passwords.MaximumPasswordAttempts)
            // validate the password
            .Must(ValidatePasswordIsCorrect)
            .WithMessage(FailedBecausePasswordWasIncorrect,
                         p => _passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts(),
                         p => (_passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts() == 1) ? string.Empty : "s")
            // check lockout again, this may be last attempt
            .Must(ValidateIsNotLockedOut)
            .WithMessage(FailedBecauseIsLockedOut,
                         p => _passwords.MaximumPasswordAttempts)
            ;
        }
Ejemplo n.º 6
0
 public UpdatePasswordServices(IProcessQueries queryProcessor
                               , IStorePasswords passwords
                               )
 {
     QueryProcessor = queryProcessor;
     Passwords      = passwords;
 }
Ejemplo n.º 7
0
 public SignInServices(IProcessQueries queryProcessor
                       , ISignUsers userSigner
                       , IStorePasswords passwords
                       )
 {
     QueryProcessor = queryProcessor;
     UserSigner     = userSigner;
     Passwords      = passwords;
 }
Ejemplo n.º 8
0
 public SignInServices(IProcessQueries queryProcessor
     , ISignUsers userSigner
     , IStorePasswords passwords
 )
 {
     QueryProcessor = queryProcessor;
     UserSigner = userSigner;
     Passwords = passwords;
 }
        public ValidateSendConfirmEmailMessageCommand(IQueryEntities entities, IStorePasswords passwords)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;

            RuleFor(x => x.EmailAddress)
            //cannot be empty
            .NotEmpty()
            .WithMessage(MustNotHaveEmptyEmailAddress.FailMessage)

            // must be valid against email address regular expression
            .EmailAddress()
            .WithMessage(MustBeValidEmailAddressFormat.FailMessageFormat, x => x.EmailAddress)

            // must match a person
            .MustFindPersonByEmail(entities, _person)
            .WithMessage(MustFindPersonByEmail.FailMessageFormat, x => x.EmailAddress)

            // must match an establishment
            .MustFindEstablishmentByEmail(entities, _establishment)
            .WithMessage(MustFindEstablishmentByEmail.FailMessageFormat,
                         x => x.EmailAddress)

            // establishment must be a member
            .Must(x => _establishment.Entity.IsMember)
            .WithMessage(MustBeMemberEstablishment.FailMessageFormat,
                         x => _establishment.Entity.RevisionId)
            ;

            // when person is not null and intent is to reset password,
            When(x => _person.Entity != null && x.Intent == EmailConfirmationIntent.ResetPassword, () =>
                 RuleFor(x => x.EmailAddress)
                 // the establishment must not have saml sign on
                 .Must(x => !_establishment.Entity.HasSamlSignOn())
                 .WithMessage(MustNotHaveSamlIntegration.FailMessageFormat,
                              x => _establishment.Entity.RevisionId)

                 // the matched person must have a user
                 .Must(x => _person.Entity.User != null)
                 .WithMessage(MustNotHaveNullUser.FailMessageFormat,
                              x => _person.Entity.DisplayName)

                 // the user must not have a SAML account
                 .Must(x => string.IsNullOrWhiteSpace(_person.Entity.User.EduPersonTargetedId))
                 .WithMessage(MustNotHaveSamlMembershipAccount.FailMessageFormat,
                              x => _person.Entity.User.Name)

                 // the email address' person's user's name must match a local member account
                 .Must(x => passwords.Exists(_person.Entity.User.Name))
                 .WithMessage(MustHaveLocalMembershipAccount.FailMessageFormat,
                              x => _person.Entity.User.Name)

                 // the email address must be confirmed
                 .Must(x => _person.Entity.Emails.ByValue(x).IsConfirmed)
                 .WithMessage(MustBeConfirmedEmailAddress.FailMessageFormat,
                              x => x.EmailAddress)
                 );
        }
Ejemplo n.º 10
0
        public UpdatePasswordValidator(IStorePasswords passwords)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;
            _passwords  = passwords;

            _httpContext = HttpContext.Current != null ? new HttpContextWrapper(HttpContext.Current) : null;
            _session     = _httpContext != null && _httpContext.Session != null
                ? _httpContext.Session
                : null;

            RuleFor(p => p.CurrentPassword)
            // cannot be empty
            .NotEmpty()
            .WithMessage(FailedBecauseOldPasswordWasEmpty)
            // account cannot be locked out
            .Must(ValidateIsNotLockedOut)
            .WithMessage(FailedBecauseIsLockedOut,
                         p => _passwords.MaximumPasswordAttempts)
            // validate the password
            .Must(ValidatePasswordIsCorrect)
            .WithMessage(FailedBecauseCurrentPasswordWasIncorrect,
                         p => _passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts(),
                         p => (_passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts() == 1) ? string.Empty : "s")
            // check lockout again, this may be last attempt
            .Must(ValidateIsNotLockedOut)
            .WithMessage(FailedBecauseIsLockedOut,
                         p => _passwords.MaximumPasswordAttempts)
            ;

            RuleFor(p => p.NewPassword)
            // cannot be empty
            .NotEmpty()
            .WithMessage(FailedBecauseNewPasswordWasEmpty)
            // at least 6 characters long
            .Length(passwords.MinimumPasswordLength, int.MaxValue)
            .WithMessage(FailedBecauseNewPasswordWasTooShort,
                         p => passwords.MinimumPasswordLength)
            ;

            RuleFor(p => p.ConfirmPassword)
            // can never be empty
            .NotEmpty()
            .WithMessage(FailedBecauseNewPasswordConfirmationWasEmpty)
            ;

            RuleFor(p => p.ConfirmPassword)
            // equals password unless empty or password failed validation
            .Equal(p => p.NewPassword)
            .Unless(p =>
                    string.IsNullOrWhiteSpace(p.ConfirmPassword) ||
                    string.IsNullOrWhiteSpace(p.NewPassword) ||
                    p.NewPassword.Length < passwords.MinimumPasswordLength)
            .WithMessage(FailedBecauseNewPasswordConfirmationDidNotEqualPassword)
            ;
        }
Ejemplo n.º 11
0
 public ReceiveSamlAuthnResponseHandler(ICommandEntities entities
                                        , ISignUsers userSigner
                                        , IStorePasswords passwords
                                        , IUnitOfWork unitOfWork
                                        )
 {
     _entities   = entities;
     _userSigner = userSigner;
     _passwords  = passwords;
     _unitOfWork = unitOfWork;
 }
 public ReceiveSamlAuthnResponseHandler(ICommandEntities entities
                                        , ISignUsers userSigner
                                        , IStorePasswords passwords
                                        , IHandleCommands <CreateEmailAddress> createEmailAddress
                                        , IUnitOfWork unitOfWork
                                        )
 {
     _entities           = entities;
     _userSigner         = userSigner;
     _passwords          = passwords;
     _createEmailAddress = createEmailAddress;
     _unitOfWork         = unitOfWork;
 }
        public ValidateSendCreatePasswordMessageCommand(IQueryEntities entities, IStorePasswords passwords)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;

            RuleFor(x => x.EmailAddress)
            // email address cannot be empty
            .NotEmpty()
            .WithMessage(MustNotHaveEmptyEmailAddress.FailMessage)

            // must be valid against email address regular expression
            .EmailAddress()
            .WithMessage(MustBeValidEmailAddressFormat.FailMessageFormat, x => x.EmailAddress)

            // the email address must match an establishment
            .MustFindEstablishmentByEmail(entities, _establishment)
            .WithMessage(MustFindEstablishmentByEmail.FailMessageFormat,
                         x => x.EmailAddress)

            // establishment must be a member
            .Must(x => _establishment.Entity.IsMember)
            .WithMessage(MustBeMemberEstablishment.FailMessageFormat,
                         x => _establishment.Entity.RevisionId)

            // establishment must not have saml sign on
            .Must(x => !_establishment.Entity.HasSamlSignOn())
            .WithMessage(MustNotHaveSamlIntegration.FailMessageFormat,
                         x => _establishment.Entity.RevisionId)

            // the email address MAY match a person
            .Must((command, x, context) =>
            {
                var validator = new MustFindPersonByEmail(entities, _person);
                validator.Validate(context);
                return(true);
            })
            ;

            // when person is not null,
            When(x => _person.Entity != null, () =>
                 RuleFor(x => x.EmailAddress)
                 // it must not have a registered user
                 .Must(x => _person.Entity.User == null || !_person.Entity.User.IsRegistered)
                 .WithMessage(MustNotBeRegisteredUser.FailMessageFormat,
                              x => _person.Entity.DisplayName)

                 // it must not have a local member account
                 .Must(x => _person.Entity.User == null || !passwords.Exists(_person.Entity.User.Name))
                 .WithMessage(MustNotHaveLocalMembershipAccount.FailMessageFormat,
                              x => _person.Entity.User.Name)
                 );
        }
Ejemplo n.º 14
0
 public IdentityController(ISignUsers userSigner
     , IStorePasswords passwords
     , IProcessQueries queryProcessor
     , IHandleCommands<UpdateSamlSignOnMetadata> updateSamlMetadata
     //, IProvideSaml2Service samlServiceProvider
     , IManageConfigurations configurationManager
 )
 {
     _userSigner = userSigner;
     _passwords = passwords;
     _queryProcessor = queryProcessor;
     _updateSamlMetadata = updateSamlMetadata;
     //_samlServiceProvider = samlServiceProvider;
     _configurationManager = configurationManager;
 }
Ejemplo n.º 15
0
        public ResetPasswordValidator(IQueryEntities entities, IStorePasswords passwords)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;

            RuleFor(p => p.Token)
            // cannot be empty guid
            .NotEmpty()
            .WithMessage(ValidateEmailConfirmation.FailedBecauseTokenWasEmpty,
                         p => p.Token)
            // matches email confirmation entity
            .Must(p => ValidateEmailConfirmation.TokenMatchesEntity(p, entities))
            .WithMessage(ValidateEmailConfirmation.FailedBecauseTokenMatchedNoEntity,
                         p => p.Token)
            ;

            RuleFor(p => p.Password)
            // cannot be empty
            .NotEmpty()
            .WithMessage(FailedBecausePasswordWasEmpty)
            // at least 6 characters long
            .Length(passwords.MinimumPasswordLength, int.MaxValue)
            .WithMessage(FailedBecausePasswordWasTooShort,
                         p => passwords.MinimumPasswordLength)
            ;

            RuleFor(p => p.PasswordConfirmation)
            // can never be empty
            .NotEmpty()
            .WithMessage(FailedBecausePasswordConfirmationWasEmpty)
            ;

            RuleFor(p => p.PasswordConfirmation)
            // equals password unless empty or password failed validation
            .Equal(p => p.Password)
            .Unless(p =>
                    string.IsNullOrWhiteSpace(p.PasswordConfirmation) ||
                    string.IsNullOrWhiteSpace(p.Password) ||
                    p.Password.Length < passwords.MinimumPasswordLength)
            .WithMessage(FailedBecausePasswordConfirmationDidNotEqualPassword)
            ;
        }
Ejemplo n.º 16
0
        public ForgotPasswordValidator(IQueryEntities entities, IStorePasswords passwords)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;

            Establishment establishment     = null;
            var           loadEstablishment = new Expression <Func <Establishment, object> >[]
            {
                e => e.SamlSignOn,
            };

            Person person     = null;
            var    loadPerson = new Expression <Func <Person, object> >[]
            {
                p => p.Emails,
                p => p.User
            };

            RuleFor(p => p.EmailAddress)

            // cannot be empty
            .NotEmpty()
            .WithMessage(FailedBecauseEmailAddressWasEmpty)

            // must be valid against email address regular expression
            .EmailAddress()
            .WithMessage(FailedBecauseEmailAddressWasNotValidEmailAddress)

            // must match an establishment
            .Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
            .WithMessage(FailedBecauseUserNameMatchedNoLocalMember,
                         p => p.EmailAddress)

            // establishment must be a member
            .Must(p => establishment.IsMember)
            .WithMessage(FailedBecauseUserNameMatchedNoLocalMember,
                         p => p.EmailAddress)

            // establishment cannot have saml integration
            .Must(p => !establishment.HasSamlSignOn())
            .WithMessage(FailedBecauseEduPersonTargetedIdWasNotEmpty,
                         p => p.EmailAddress.GetEmailDomain())

            // must match a person
            .Must(p => ValidateEmailAddress.ValueMatchesPerson(p, entities, loadPerson, out person))
            .WithMessage(FailedBecauseUserNameMatchedNoLocalMember,
                         p => p.EmailAddress)

            // the matched person must have a user
            .Must(p => ValidatePerson.UserIsNotNull(person))
            .WithMessage(FailedBecauseUserNameMatchedNoLocalMember,
                         p => p.EmailAddress)

            // the user must not have a SAML account
            .Must(p => ValidateUser.EduPersonTargetedIdIsEmpty(person.User))
            .WithMessage(FailedBecauseEduPersonTargetedIdWasNotEmpty,
                         p => p.EmailAddress.GetEmailDomain())

            // the email address' person's user's name must match a local member account
            .Must(p => ValidateUser.NameMatchesLocalMember(person.User.Name, passwords))
            .WithMessage(FailedBecauseUserNameMatchedNoLocalMember,
                         p => p.EmailAddress)

            // the email address must be confirmed
            .Must(p => ValidateEmailAddress.IsConfirmed(person.GetEmail(p)))
            .WithMessage(ValidateEmailAddress.FailedBecauseIsNotConfirmed,
                         p => p.EmailAddress)
            ;
        }
Ejemplo n.º 17
0
        public ValidateResetPasswordCommand(IQueryEntities entities, IStorePasswords passwords)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;

            RuleFor(x => x.Token)
            // token cannot be an empty guid
            .NotEmpty()
            .WithMessage(MustNotHaveEmptyConfirmationToken.FailMessageFormat, x => x.Token)

            // token must match a confirmation
            .MustFindConfirmationByToken(entities, _confirmation)
            .WithMessage(MustFindConfirmationByToken.FailMessageFormat, x => x.Token)

            // its intent must be to reset password
            .Must(x => _confirmation.Entity.Intent == EmailConfirmationIntent.ResetPassword)
            .WithMessage(MustHaveCorrectConfirmationIntent.FailMessageFormat,
                         x => _confirmation.Entity.Intent, x => x.Token)

            // it cannot be expired
            .Must(x => !_confirmation.Entity.IsExpired)
            .WithMessage(MustNotBeExpiredConfirmation.FailMessageFormat,
                         x => x.Token, x => _confirmation.Entity.ExpiresOnUtc)

            // it cannot be retired
            .Must(x => !_confirmation.Entity.IsRetired)
            .WithMessage(MustNotBeRetiredConfirmation.FailMessageFormat,
                         x => x.Token, x => _confirmation.Entity.RetiredOnUtc)

            // it must be redeemed
            .Must(x => _confirmation.Entity.IsRedeemed)
            .WithMessage(MustBeRedeemedConfirmation.FailMessageFormat,
                         x => x.Token)

            // email address must be confirmed
            .Must(x => _confirmation.Entity.EmailAddress.IsConfirmed)
            .WithMessage(MustBeConfirmedEmailAddress.FailMessageFormat,
                         x => _confirmation.Entity.EmailAddress.Value)

            // it must be attached to a user
            .Must(x => _confirmation.Entity.EmailAddress.Person.User != null)
            .WithMessage(MustNotHaveNullUser.FailMessageFormat,
                         x => _confirmation.Entity.EmailAddress.Person.DisplayName)

            // user cannot have a saml account
            .Must(x => string.IsNullOrWhiteSpace(_confirmation.Entity.EmailAddress.Person.User.EduPersonTargetedId))
            .WithMessage(MustNotHaveSamlMembershipAccount.FailMessageFormat,
                         x => _confirmation.Entity.EmailAddress.Person.User.Name)

            // user name must match local member account
            .Must(x => passwords.Exists(_confirmation.Entity.EmailAddress.Person.User.Name))
            .WithMessage(MustHaveLocalMembershipAccount.FailMessageFormat,
                         x => _confirmation.Entity.EmailAddress.Person.User.Name)
            ;

            RuleFor(x => x.Ticket)
            // ticket cannot be empty
            .NotEmpty()
            .WithMessage(MustNotHaveEmptyConfirmationTicket.FailMessage)

            // must match the entity ticket
            .Must(x => x == _confirmation.Entity.Ticket)
            .WithMessage(MustHaveCorrectConfirmationTicket.FailMessageFormat,
                         x => x.Ticket, x => x.Token)
            ;

            RuleFor(x => x.Password)
            // cannot be empty
            .NotEmpty()
            .WithMessage(MustNotHaveEmptyPassword.FailMessage)

            // length must be between 6 and 100 characters
            .Length(passwords.MinimumPasswordLength, int.MaxValue)
            .WithMessage(MustHaveMinimumPasswordLength.FormatFailMessage(passwords.MinimumPasswordLength))
            ;

            RuleFor(x => x.PasswordConfirmation)
            // cannot be empty
            .NotEmpty()
            .WithMessage(MustNotHaveEmptyPasswordConfirmation.FailMessage)

            // must match password
            .Equal(x => x.Password)
            .WithMessage(MustHaveTwoEqualPasswords.FailMessage)
            ;
        }
Ejemplo n.º 18
0
 public static bool NameMatchesLocalMember(string name, IStorePasswords passwords)
 {
     return(passwords.Exists(name));
 }
Ejemplo n.º 19
0
 public static bool NameMatchesLocalMember(string name, IStorePasswords passwords)
 {
     return passwords.Exists(name);
 }
        public SendConfirmEmailMessageValidator(IQueryEntities entities, IStorePasswords passwords)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;

            Person person     = null;
            var    loadPerson = new Expression <Func <Person, object> >[]
            {
                p => p.Emails,
                p => p.User
            };

            Establishment establishment     = null;
            var           loadEstablishment = new Expression <Func <Establishment, object> >[]
            {
                e => e.SamlSignOn,
            };

            RuleFor(p => p.EmailAddress)
            //cannot be empty
            .NotEmpty()
            .WithMessage(ValidateEmailAddress.FailedBecauseValueWasEmpty)
            // must be valid against email address regular expression
            .EmailAddress()
            .WithMessage(ValidateEmailAddress.FailedBecauseValueWasNotValidEmailAddress)
            // must match a person
            .Must(p => ValidateEmailAddress.ValueMatchesPerson(p, entities, loadPerson, out person))
            .WithMessage(ValidateEmailAddress.FailedBecauseValueMatchedNoPerson,
                         p => p.EmailAddress)
            // must match an establishment
            .Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
            .WithMessage(ValidateEstablishment.FailedBecauseEmailMatchedNoEntity,
                         p => p.EmailAddress)
            // establishment must be a member
            .Must(p => establishment.IsMember)
            .WithMessage(ValidateEstablishment.FailedBecauseEstablishmentIsNotMember,
                         p => establishment.RevisionId)
            ;

            // when person is not null and intent is to reset password,
            When(p => person != null && p.Intent == EmailConfirmationIntent.ResetPassword, () =>
                 RuleFor(p => p.EmailAddress)
                 // the establishment must not have saml sign on
                 .Must(p => !establishment.HasSamlSignOn())
                 .WithMessage(ValidateEstablishment.FailedBecauseEstablishmentHasSamlSignOn,
                              p => establishment.RevisionId)
                 // the matched person must have a user
                 .Must(p => ValidatePerson.UserIsNotNull(person))
                 .WithMessage(ValidatePerson.FailedBecauseUserWasNull,
                              p => person.DisplayName)
                 // the user must not have a SAML account
                 .Must(p => ValidateUser.EduPersonTargetedIdIsEmpty(person.User))
                 .WithMessage(ValidateUser.FailedBecauseEduPersonTargetedIdWasNotEmpty,
                              p => person.User.Name)
                 // the email address' person's user's name must match a local member account
                 .Must(p => ValidateUser.NameMatchesLocalMember(person.User.Name, passwords))
                 .WithMessage(ValidateUser.FailedBecauseNameMatchedNoLocalMember,
                              p => person.User.Name)
                 // the email address must be confirmed
                 .Must(p => ValidateEmailAddress.IsConfirmed(person.GetEmail(p)))
                 .WithMessage(ValidateEmailAddress.FailedBecauseIsNotConfirmed,
                              p => p.EmailAddress)
                 );
        }
Ejemplo n.º 21
0
        public SendCreatePasswordMessageValidator(IQueryEntities entities, IStorePasswords passwords)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;

            Establishment establishment     = null;
            var           loadEstablishment = new Expression <Func <Establishment, object> >[]
            {
                e => e.SamlSignOn,
            };

            Person person     = null;
            var    loadPerson = new Expression <Func <Person, object> >[]
            {
                p => p.Emails,
                p => p.User
            };

            RuleFor(p => p.EmailAddress)
            // email address cannot be empty
            .NotEmpty()
            .WithMessage(ValidateEmailAddress.FailedBecauseValueWasEmpty)
            // must be valid against email address regular expression
            .EmailAddress()
            .WithMessage(ValidateEmailAddress.FailedBecauseValueWasNotValidEmailAddress)
            // the email address must match a non-saml establishment
            .Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
            .WithMessage(ValidateEstablishment.FailedBecauseEmailMatchedNoEntity,
                         p => p.EmailAddress)
            // the email address must match a member establishment
            .Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
            .WithMessage(ValidateEstablishment.FailedBecauseEmailMatchedNoEntity,
                         p => p.EmailAddress)
            // the email address may match a person
            .Must(p =>
            {
                ValidateEmailAddress.ValueMatchesPerson(p, entities, loadPerson, out person);
                return(true);
            })
            ;

            // when establishment is not null,
            When(p => establishment != null, () =>
                 RuleFor(p => p.EmailAddress)
                 // it must not have saml sign on
                 .Must(p => !establishment.HasSamlSignOn())
                 .WithMessage(ValidateEstablishment.FailedBecauseEstablishmentHasSamlSignOn,
                              p => establishment.RevisionId)
                 // it must be a member
                 .Must(p => establishment.IsMember)
                 .WithMessage(ValidateEstablishment.FailedBecauseEstablishmentIsNotMember,
                              p => person.User.Name)
                 );

            // when person is not null,
            When(p => person != null, () =>
                 RuleFor(p => p.EmailAddress)
                 // it must not have a registered user
                 .Must(p => person.User == null || !person.User.IsRegistered)
                 .WithMessage(ValidatePerson.FailedBecauseUserIsRegistered,
                              p => person.DisplayName)
                 // it must not have a local member account
                 .Must(p => person.User == null || !passwords.Exists(person.User.Name))
                 .WithMessage(ValidateUser.FailedBecauseNameMatchedLocalMember,
                              p => person.User.Name)
                 );
        }
Ejemplo n.º 22
0
        public ResetPasswordValidator(IQueryEntities entities, IStorePasswords passwords)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;

            EmailConfirmation confirmation = null;

            RuleFor(p => p.Token)
            // token cannot be an empty guid
            .NotEmpty()
            .WithMessage(ValidateEmailConfirmation.FailedBecauseTokenWasEmpty,
                         p => p.Token)
            // token must match a confirmation
            .Must(p => ValidateEmailConfirmation.TokenMatchesEntity(p, entities, out confirmation))
            .WithMessage(ValidateEmailConfirmation.FailedBecauseTokenMatchedNoEntity,
                         p => p.Token)
            ;

            RuleFor(p => p.Ticket)
            // ticket cannot be empty
            .NotEmpty()
            .WithMessage(ValidateEmailConfirmation.FailedBecauseTicketWasEmpty)
            ;

            RuleFor(p => p.Password)
            // cannot be empty
            .NotEmpty()
            .WithMessage(ValidatePassword.FailedBecausePasswordWasEmpty)
            // length must be between 6 and 100 characters
            .Length(passwords.MinimumPasswordLength, int.MaxValue)
            .WithMessage(ValidatePassword.FailedBecausePasswordWasTooShort(passwords.MinimumPasswordLength))
            ;

            RuleFor(p => p.PasswordConfirmation)
            // cannot be empty
            .NotEmpty()
            .WithMessage(ValidatePassword.FailedBecausePasswordConfirmationWasEmpty)
            ;

            RuleFor(p => p.PasswordConfirmation)
            // must match password unless password is invalid or password confirmation is empty
            .Equal(p => p.Password)
            .Unless(p =>
                    string.IsNullOrWhiteSpace(p.PasswordConfirmation) ||
                    string.IsNullOrWhiteSpace(p.Password) ||
                    p.Password.Length < passwords.MinimumPasswordLength)
            .WithMessage(ValidatePassword.FailedBecausePasswordConfirmationDidNotEqualPassword)
            ;

            // when confirmation is not null,
            When(p => confirmation != null, () =>
            {
                RuleFor(p => p.Token)
                // its intent must be to reset password
                .Must(p => confirmation.Intent == EmailConfirmationIntent.ResetPassword)
                .WithMessage(ValidateEmailConfirmation.FailedBecauseIntentWasIncorrect,
                             p => confirmation.Intent, p => confirmation.Token)
                // it cannot be expired
                .Must(p => !confirmation.IsExpired)
                .WithMessage(ValidateEmailConfirmation.FailedBecauseIsExpired,
                             p => confirmation.Token, p => confirmation.ExpiresOnUtc)
                // it cannot be retired
                .Must(p => !confirmation.IsRetired)
                .WithMessage(ValidateEmailConfirmation.FailedBecauseIsRetired,
                             p => confirmation.Token, p => confirmation.RetiredOnUtc)
                // it must be redeemed
                .Must(p => confirmation.IsRedeemed)
                .WithMessage(ValidateEmailConfirmation.FailedBecauseIsNotRedeemed,
                             p => confirmation.Token)
                // email address must be confirmed
                .Must(p => ValidateEmailAddress.IsConfirmed(confirmation.EmailAddress))
                .WithMessage(ValidateEmailAddress.FailedBecauseIsNotConfirmed,
                             p => confirmation.EmailAddress.Value)
                // it must be attached to a user
                .Must(p => ValidatePerson.UserIsNotNull(confirmation.EmailAddress.Person))
                .WithMessage(ValidatePerson.FailedBecauseUserWasNull,
                             p => confirmation.EmailAddress.Person.DisplayName)
                // user cannot have a saml account
                .Must(p => ValidateUser.EduPersonTargetedIdIsEmpty(confirmation.EmailAddress.Person.User))
                .WithMessage(ValidateUser.FailedBecauseEduPersonTargetedIdWasNotEmpty,
                             p => confirmation.EmailAddress.Person.User.Name)
                // user name must match local member account
                .Must(p => ValidateUser.NameMatchesLocalMember(confirmation.EmailAddress.Person.User.Name, passwords))
                .WithMessage(ValidateUser.FailedBecauseNameMatchedNoLocalMember,
                             p => confirmation.EmailAddress.Person.User.Name)
                ;

                RuleFor(p => p.Ticket)
                // its ticket must match the command ticket
                .Must(p => ValidateEmailConfirmation.TicketIsCorrect(confirmation, p))
                .WithMessage(ValidateEmailConfirmation.FailedBecauseTicketWasIncorrect,
                             p => p.Ticket, p => p.Token)
                ;
            });
        }
 private static ResetPasswordValidator CreateValidator(IQueryEntities entities = null, IStorePasswords passwords = null)
 {
     return new ResetPasswordValidator(entities, passwords);
 }
 private static ResetPasswordValidator CreateValidator(IStorePasswords passwords)
 {
     return new ResetPasswordValidator(null, passwords);
 }