public ActionResult ChangePassword([Bind(Include = "CurrentPassword,Password,ConfirmPassword")] PasswordChange passwordChange)
{
// convnention for making it easier to pass messages between controllers
if (TempData["Message"] != null)
{
ViewBag.Message += (" " + TempData["Message"].ToString());
}
OrcaContext db = new OrcaContext();
if (ModelState.IsValid)
{
// change password for logged in user and get the success status
PasswordChangeStatus status = OrcaHelper.ChangePassword(Convert.ToInt32(Session["OrcaUserID"].ToString()), passwordChange);
switch (status)
{
case PasswordChangeStatus.SUCCESS:
ViewBag.Message += " Your password has been changed.";
break;
case PasswordChangeStatus.INVALID_PASSWORD:
ViewBag.Message += " The Current Password you entered was incorrect. Please try again";
break;
case PasswordChangeStatus.INVALID_USER:
default:
ViewBag.Message += " Something went wrong. This may suggest an Invalid User login.";
break;
}
}
return(View());
}
public async Task <IActionResult> ChangePassword([FromBody] User model)
{
if ((model.userPassNew != model.userPassConfirm))
{
return(StatusCode(StatusCodes.Status404NotFound));
}
PasswordChangeStatus _status = await dal.changeUserPassword(model);
return(Ok(_status));
}
/// <summary>
/// Change password if it meets certain conditions, example with test PanoptoDBDataContext from constructor.
/// </summary>
/// <param name="newPassword">The new password</param>
/// <returns>PasswordChangeStatus indicating success or failure based on conditions</returns>
public PasswordChangeStatus ChangePassword(string newPassword)
{
PasswordChangeStatus status = PasswordChangeStatus.Success;
if (newPassword.Length < MinimumPasswordLength)
{
status |= PasswordChangeStatus.LengthRequirement;
}
if (newPassword == newPassword.ToLower())
{
status |= PasswordChangeStatus.UpperCaseLetterRequirement;
}
if (newPassword.IndexOfAny(Numbers) < 0)
{
status |= PasswordChangeStatus.NumberRequirement;
}
if (newPassword.IndexOfAny(SpecialCharacters) < 0)
{
status |= PasswordChangeStatus.SpecialCharacterRequirement;
}
// Really at this point you don't need the using statement, let the caller or a container control disposing
using (IPanoptoDBDataContext db = DB ?? new PanoptoDBDataContext())
{
if (db.PasswordHistoryMatches(newPassword, PasswordHistoryMax))
{
status |= PasswordChangeStatus.HistoryRequirement;
}
// must meet all requirements or miss only one of uppercase letter, number, or special character
if (status == PasswordChangeStatus.Success ||
status == PasswordChangeStatus.UpperCaseLetterRequirement ||
status == PasswordChangeStatus.NumberRequirement ||
status == PasswordChangeStatus.SpecialCharacterRequirement)
{
db.SetPassword(newPassword);
status = PasswordChangeStatus.Success;
}
}
return(status);
}
/// <summary>
/// Change password if it meets certain conditions
/// </summary>
/// <param name="newPassword">The new password</param>
/// <returns>PasswordChangeStatus indicating success or failure based on conditions</returns>
public PasswordChangeStatus ChangePassword(IPanoptoDBDataContext db, string newPassword)
{
PasswordChangeStatus status = PasswordChangeStatus.Success;
if (newPassword.Length < MinimumPasswordLength)
{
status |= PasswordChangeStatus.LengthRequirement;
}
if (newPassword == newPassword.ToLower())
{
status |= PasswordChangeStatus.UpperCaseLetterRequirement;
}
if (newPassword.IndexOfAny(Numbers) < 0)
{
status |= PasswordChangeStatus.NumberRequirement;
}
if (newPassword.IndexOfAny(SpecialCharacters) < 0)
{
status |= PasswordChangeStatus.SpecialCharacterRequirement;
}
if (db.PasswordHistoryMatches(newPassword, PasswordHistoryMax))
{
status |= PasswordChangeStatus.HistoryRequirement;
}
// must meet all requirements or miss only one of uppercase letter, number, or special character
if (status == PasswordChangeStatus.Success ||
status == PasswordChangeStatus.UpperCaseLetterRequirement ||
status == PasswordChangeStatus.NumberRequirement ||
status == PasswordChangeStatus.SpecialCharacterRequirement)
{
db.SetPassword(newPassword);
db.SubmitChanges();
status = PasswordChangeStatus.Success;
}
return(status);
}
public async Task <PasswordChangeStatus> changeUserPassword(User model)
{
PasswordChangeStatus _status = new PasswordChangeStatus();
using (SqlConnection con = SqlCon())
{
SqlCommand cmd = SqlCmd(con);
cmd.CommandText = "ChangeUserPassword";
cmd.Parameters.AddWithValue("@userName", model.userName);
cmd.Parameters.AddWithValue("@userPass", model.userPassOld);
cmd.Parameters.AddWithValue("@userPassNew", model.userPassNew);
SqlParameter prm1 = new SqlParameter
{
ParameterName = "@status",
SqlDbType = SqlDbType.NVarChar,
Size = 50,
Direction = ParameterDirection.Output
};
cmd.Parameters.Add(prm1);
SqlParameter prm2 = new SqlParameter
{
ParameterName = "@message",
SqlDbType = SqlDbType.NVarChar,
Size = 50,
Direction = ParameterDirection.Output
};
cmd.Parameters.Add(prm2);
DataTable dt = new DataTable();
SqlDataAdapter da = new SqlDataAdapter(cmd);
try
{
con.Open();
da.Fill(dt);
_status.validateResult = (string)prm1.Value;
//if (dt.Rows.Count > 0)
//{
// User user = new User();
// DataRow dr = dt.Rows[0];
// user.userName = (string)dr[nameof(user.userName)];
// user.userFullName = (string)dr[nameof(user.userFullName)];
// user.userTitleCode = (string)dr[nameof(user.userTitleCode)];
// user.userDeptCode = (string)dr[nameof(user.userDeptCode)];
// user.userEnabled = (bool)dr[nameof(user.userEnabled)];
// user.userFailedLoginCount = (int)dr[nameof(user.userFailedLoginCount)];
// user.titleDesc = (string)dr[nameof(user.titleDesc)];
// user.deptDesc = (string)dr[nameof(user.deptDesc)];
// _userInfo.user = user;
//}
}
catch (SqlException ex)
{
_status.validateResult = ex.Number.ToString();
}
finally
{
if (con.State == System.Data.ConnectionState.Open)
{
con.Close();
}
cmd.Dispose();
}
}
return(_status);
}
