Ejemplo n.º 1
0
        /// <summary>
        /// Change Users password Question and Answer
        /// </summary>
        /// <param name="username">Username to change Q&A for</param>
        /// <param name="password">Password</param>
        /// <param name="newPasswordQuestion">New question</param>
        /// <param name="newPasswordAnswer">New answer</param>
        /// <returns> Boolean depending on whether the change was successful</returns>
        public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
        {
            // Check arguments for null values
            if ((username == null) || (password == null) || (newPasswordQuestion == null) || (newPasswordAnswer == null))
            {
                throw new ArgumentException("Username, Password, Password Question or Password Answer cannot be null");
            }

            UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);

            newPasswordAnswer = YafMembershipProvider.EncodeString(newPasswordAnswer, currentPasswordInfo.PasswordFormat, currentPasswordInfo.PasswordSalt, this.UseSalt);

            if (currentPasswordInfo != null && currentPasswordInfo.IsCorrectPassword(password))
            {
                try
                {
                    DB.ChangePasswordQuestionAndAnswer(this.ApplicationName, username, newPasswordQuestion, newPasswordAnswer);
                    return(true);
                }
                catch
                {
                    // will return false...
                }
            }

            return(false);            // Invalid password return false
        }
Ejemplo n.º 2
0
        /// <summary>
        /// Reset a users password - *
        /// </summary>
        /// <param name="username">User to be found based by Name</param>
        /// <param name="answer">Verifcation that it is them</param>
        /// <returns>Username as string</returns>
        public override string ResetPassword(string username, string answer)
        {
            string newPassword = string.Empty, newPasswordEnc = string.Empty, newPasswordSalt = string.Empty, newPasswordAnswer = string.Empty;

            /// Check Password reset is enabled
            if (!(this.EnablePasswordReset))
            {
                ExceptionReporter.ThrowNotSupported("MEMBERSHIP", "RESETNOTSUPPORTED");
            }

            // Check arguments for null values
            if (username == null)
            {
                ExceptionReporter.ThrowArgument("MEMBERSHIP", "USERNAMEPASSWORDNULL");
            }

            // get an instance of the current password information class
            UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);

            if (currentPasswordInfo != null)
            {
                if (UseSalt && String.IsNullOrEmpty(currentPasswordInfo.PasswordSalt))
                {
                    // get a new password salt...
                    newPasswordSalt = YafMembershipProvider.GenerateSalt();
                }
                else
                {
                    // use existing salt...
                    newPasswordSalt = currentPasswordInfo.PasswordSalt;
                }

                if (!String.IsNullOrEmpty(answer))
                {
                    // verify answer is correct...
                    if (!currentPasswordInfo.IsCorrectAnswer(answer))
                    {
                        return(null);
                    }
                }

                // create a new password
                newPassword = YafMembershipProvider.GeneratePassword(this.MinRequiredPasswordLength, this.MinRequiredNonAlphanumericCharacters);
                // encode it...
                newPasswordEnc = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt);
                // save to the database
                DB.ResetPassword(this.ApplicationName, username, newPasswordEnc, newPasswordSalt, ( int )this.PasswordFormat, this.MaxInvalidPasswordAttempts, this.PasswordAttemptWindow);
                // Return unencrypted password
                return(newPassword);
            }

            return(null);
        }
Ejemplo n.º 3
0
 /// <summary>
 /// Checks the password against the one provided for validity
 /// </summary>
 /// <param name="passwordToCheck">
 /// </param>
 /// <returns>
 /// The is correct password.
 /// </returns>
 public bool IsCorrectPassword(string passwordToCheck)
 {
     return
         (this.Password.Equals(
              YafMembershipProvider.EncodeString(
                  passwordToCheck,
                  this.PasswordFormat,
                  this.PasswordSalt,
                  this.UseSalt,
                  this.HashHex,
                  this.hashCase,
                  this.hashRemoveChars,
                  this.msCompliant)));
 }
Ejemplo n.º 4
0
        /// <summary>
        /// Change Users password
        /// </summary>
        /// <param name="username">Username to change password for</param>
        /// <param name="oldpassword">Password</param>
        /// <param name="newPassword">New question</param>
        /// <returns> Boolean depending on whether the change was successful</returns>
        public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            string newPasswordSalt = string.Empty;
            string newEncPassword  = string.Empty;

            // Clean input

            // Check password meets requirements as set by Configuration settings
            if (!(this.IsPasswordCompliant(newPassword)))
            {
                return(false);
            }

            UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);

            // validate the correct user information was found...
            if (currentPasswordInfo == null)
            {
                return(false);
            }

            // validate the correct user password was entered...
            if (!currentPasswordInfo.IsCorrectPassword(oldPassword))
            {
                return(false);
            }

            // generate a salt if desired...
            if (UseSalt)
            {
                newPasswordSalt = YafMembershipProvider.GenerateSalt();
            }
            // encode new password
            newEncPassword = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt);

            // Call SQL Password to Change
            DB.ChangePassword(this.ApplicationName, username, newEncPassword, newPasswordSalt, ( int )this.PasswordFormat, currentPasswordInfo.PasswordAnswer);

            // Return True
            return(true);
        }
Ejemplo n.º 5
0
        /// <summary>
        /// Create user and add to provider
        /// </summary>
        /// <param name="username">Username</param>
        /// <param name="password">Password</param>
        /// <param name="email">Email Address</param>
        /// <param name="passwordQuestion">Password Question</param>
        /// <param name="passwordAnswer">Password Answer - used for password retrievals.</param>
        /// <param name="isApproved">Is the User approved?</param>
        /// <param name="providerUserKey">Provider User Key to identify the User</param>
        /// <param name="status">Out - MembershipCreateStatus object containing status of the Create User process</param>
        /// <returns> Boolean depending on whether the deletion was successful</returns>
        public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
        {
            // ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, password, true );
            // OnValidatingPassword( e );
            //
            //if ( e.Cancel )
            //{
            //	status = MembershipCreateStatus.InvalidPassword;
            //	return null;
            //}

            string salt = string.Empty, pass = string.Empty;

            // Check password meets requirements as set out in the web.config
            if (!(this.IsPasswordCompliant(password)))
            {
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            // Check password Question and Answer requirements.
            if (this.RequiresQuestionAndAnswer)
            {
                if (String.IsNullOrEmpty(passwordQuestion))
                {
                    status = MembershipCreateStatus.InvalidQuestion;
                    return(null);
                }
                if (String.IsNullOrEmpty(passwordAnswer))
                {
                    status = MembershipCreateStatus.InvalidAnswer;
                    return(null);
                }
            }

            // Check provider User Key
            if (!(providerUserKey == null))
            {
                // IS not a duplicate key
                if (!(this.GetUser(providerUserKey, false) == null))
                {
                    status = MembershipCreateStatus.DuplicateProviderUserKey;
                    return(null);
                }
            }

            // Check for unique email
            if (this.RequiresUniqueEmail)
            {
                if (!(String.IsNullOrEmpty(this.GetUserNameByEmail(email))))
                {
                    status = MembershipCreateStatus.DuplicateEmail;                     // Email exists
                    return(null);
                }
            }

            // Check for unique user name
            if (!(this.GetUser(username, false) == null))
            {
                status = MembershipCreateStatus.DuplicateUserName;                 // Username exists
                return(null);
            }

            if (UseSalt)
            {
                salt = YafMembershipProvider.GenerateSalt();
            }
            pass = YafMembershipProvider.EncodeString(password, ( int )this.PasswordFormat, salt, this.UseSalt);
            // Encode Password Answer
            string encodedPasswordAnswer = YafMembershipProvider.EncodeString(passwordAnswer, ( int )this.PasswordFormat, salt, this.UseSalt);

            // Process database user creation request
            DB.CreateUser(this.ApplicationName, username, pass, salt, ( int )this.PasswordFormat, email, passwordQuestion, encodedPasswordAnswer, isApproved, providerUserKey);

            status = MembershipCreateStatus.Success;

            return(this.GetUser(username, false));
        }