Example #1
0
        /// <summary>
        /// Validates and saves the existing user
        /// </summary>
        public static void Update(User user)
        {
            if (user.IsNew)
            {
                throw new SystemException("This method cannot be used to save new users");
            }

            // Validate standard business object requirements
            ErrorList errors = ValidateUser(user);

            // Throw an error if the user fields are not all valid
            if (errors.Count > 0)
            {
                throw new InvalidUserException(errors, user);
            }

            // NB: Do not inline as PasswordChanged is reset in SaveUser()
            bool passwordChanged = user.ChangedProperties.ContainsKey(User.Columns.Password.ToString());

            // Save the user
            SaveUser(user);

            // Update the password history if the password was changed
            if (passwordChanged)
            {
                PasswordHistory.UpdateUserPasswordHistory(user);
            }
        }
Example #2
0
        public static void ChangePassword(User user, string existingPassword, string newPassword, string newPasswordConfirmation)
        {
            // First make sure that the existing password the user has entered is valid
            if (!user.CheckPassword(existingPassword))
            {
                throw new ChangePasswordException("Old password is incorrect");
            }

            // Ensure that they entered a new password
            if (StringUtils.IsBlank(newPassword))
            {
                throw new ChangePasswordException("New password cannot be blank");
            }

            // Ensure that the new password and confirm new password match
            if (newPassword.Trim() != newPasswordConfirmation.Trim())
            {
                throw new ChangePasswordException("New password does not match confirmed password");
            }

            // Ensure that the user has not used the new password recently
            if (PasswordHistory.IsRecentPassword(user, newPassword))
            {
                throw new ChangePasswordException("New password has been used recently and cannot be used again");
            }

            // Validate the new password, ensuring it meets all password criteria
            ErrorList e = PasswordGenerator.ValidatePassword(newPassword);

            if (e.Count > 0)
            {
                throw new ChangePasswordException(e[0].ToString());
            }

            // Everything has password.  Set the new password and update the user's
            // password expiry date.  Then save the user back to the database.
            user.SetPassword(newPassword);
            user.PasswordExpiryDate = DateTime.Now.AddDays(PasswordExpiryDays);
            User.Update(user);

            // Update the user's password history (this is so that we can stop the same
            // password from being used again in future).
            PasswordHistory.UpdateUserPasswordHistory(user);

            // Update the audit log
            AuditLogManager.LogUserAction(user, AuditUserAction.ChangePassword, "Changed password");
        }
Example #3
0
        private static ErrorList ValidateUser(User user)
        {
            ErrorList errors = new ErrorList();

            if (StringUtils.IsBlank(user.FirstName))
            {
                errors.Add("First name is required");
            }

            if (StringUtils.IsBlank(user.LastName))
            {
                errors.Add("Last name is required");
            }

            if (StringUtils.IsBlank(user.Email))
            {
                errors.Add("Email address is required");
            }
            else if (!StringUtils.IsEmail(user.Email))
            {
                errors.Add("Invalid email address");
            }
            else
            {
                Company company = UserSecurityManager.GetCompanyByDomain(user.Email);

                if (company.IsNull)
                {
                    switch (RegistrationEmailFormat)
                    {
                    case RegistrationEmailFormatType.InternalUsers:
                    {
                        if (user.IsEmployee && company.IsNull)
                        {
                            errors.Add("Email address is not valid for external users");
                        }

                        break;
                    }

                    case RegistrationEmailFormatType.AllUsers:
                    {
                        if (company.IsNull)
                        {
                            errors.Add("Email address must belong to approved domain");
                        }

                        break;
                    }
                    }
                }
                else
                {
                    User u = User.GetByEmail(user.Email);

                    if (!u.IsNull && !u.UserId.Equals(user.UserId))
                    {
                        errors.Add("Email address is already in use");
                    }
                }
            }

            if (StringUtils.IsBlank(user.CompanyName))
            {
                errors.Add("Company name is required");
            }

            if (StringUtils.IsBlank(user.Password))
            {
                errors.Add("Password is required");
            }

            if (user.PasswordChanged)
            {
                if (user.UnencryptedPassword.Length == 0)
                {
                    errors.Add("Password confirmation is required");
                }
                else if (user.UnencryptedPassword != user.UnencryptedConfirmPassword)
                {
                    errors.Add("Password and confirm password do not match");
                }
                else
                {
                    ErrorList e = PasswordGenerator.ValidatePassword(user.UnencryptedPassword);

                    if (e.Count > 0)
                    {
                        errors.AddRange(e);
                    }
                    else if (!user.IsNew && PasswordHistory.IsRecentPassword(user, user.Password))
                    {
                        errors.Add("Password has been used recently and cannot be used again");
                    }
                }
            }

            if (user.Brands.Count == 0)
            {
                errors.Add("User must be assigned to at least one brand");
            }
            else
            {
                if (user.PrimaryBrandId <= 0)
                {
                    errors.Add("One brand must be select as the main brand");
                }
                else if (user.Brands.FindIndex(b => b.BrandId == user.PrimaryBrandId) < 0)
                {
                    errors.Add("The main brand must be selected");
                }
            }

            if (StringUtils.IsBlank(user.CompanyName))
            {
                errors.Add("Company name is required");
            }

            if (user.UserRoleId == 0)
            {
                errors.Add("System Error : User role must be specified");
            }

            if (user.UserRole == UserRole.BrandAdministrator)
            {
                // Only one brand admin per business-unit
                UserFinder finder = new UserFinder {
                    UserRole = UserRole.BrandAdministrator, PrimaryBrandId = user.PrimaryBrandId
                };
                User u = User.FindOne(finder);

                // Found a user, and user id is different from this user, so don't allow change
                if (!u.IsNull && !u.UserId.Equals(user.UserId))
                {
                    string message = string.Format("The user {0} is already assigned to the Brand Administrator role for the selected brand(s)", u.FullName);
                    errors.Add(message);
                }
            }

            return(errors);
        }