private bool GetNewPasswordExpiry(GOUserDataObject user, out DateTime?expiry) { expiry = null; // Set new expiry date corresponding to the nearest role expiry days int numDaysNearestExpiry = int.MaxValue; if (user.UserRoleItems != null) { foreach (var userrole in user.UserRoleItems) { if (userrole != null && userrole.Role != null) { numDaysNearestExpiry = Math.Min(numDaysNearestExpiry, userrole.Role.PasswordExpiry ?? int.MaxValue); } } } if (numDaysNearestExpiry != int.MaxValue) { expiry = DateTime.UtcNow.Date.AddDays(numDaysNearestExpiry); } return(numDaysNearestExpiry != int.MaxValue); }
public bool RequirePasswordChange(GOUserDataObject user) { // result bool requirePasswordChange = false; // If user.PasswordExpiry is not null and there is at least one Role with a non-null password expiry, then require a password change // Otherwise, if there is no policy expiry date it is fine for user password expiry to be null. if (user.PasswordExpiry == null) { foreach (var userrole in user.UserRoleItems) { if (userrole.Role != null && userrole.Role.PasswordExpiry != null) { // User lacks a password expiry date - correct this by requiring a password change requirePasswordChange = true; break; } } } else { // Check password expiry. DateTime expiry = user.PasswordExpiry ?? DateTime.MaxValue; if (expiry.Date < DateTime.UtcNow.Date) { requirePasswordChange = true; } } return(requirePasswordChange); }
/// <summary> /// Gets a list of Claim from the provided GOUser /// </summary> public static IEnumerable <Claim> GetExtraUserClaims(GOUserDataObject user) { var claims = new List <Claim>(); // Handling GivenName claim var givenNameString = user.UserName; claims.Add(new Claim("GivenName", HttpUtility.UrlEncode(givenNameString))); return(claims); }
public bool AcceptPassword(GOUserDataObject user, string newPassword, out DateTime?expiry, out GORoleDataObject rejectingRole) { expiry = null; rejectingRole = null; // newPassword must satisfy password policy regex for each role the user is assigned to foreach (var userrole in user.UserRoleItems) { if (userrole != null && userrole.Role != null && !String.IsNullOrEmpty(userrole.Role.PasswordRegEx)) { if (!Regex.IsMatch(newPassword, userrole.Role.PasswordRegEx)) { rejectingRole = userrole.Role; return(false); } } } // If we get here, new password was accepted. Get password expiry info. GetNewPasswordExpiry(user, out expiry); return(true); }