private bool CheckPassword(NotificatorEntities db, string username, string password, bool updateLastLoginActivityDate, bool failIfNotApproved, out string salt, out int passwordFormat, out User usr)
{
var user = GetDBUser(db, username);
usr = user;
if (user == null)
{
salt = null;
passwordFormat = -1;
return(false);
}
var enc = EncodePassword(password, user.PasswordFormat, user.PasswordSalt);
passwordFormat = user.PasswordFormat;
salt = user.PasswordSalt;
if (enc == user.Password)
{
if (updateLastLoginActivityDate)
{
user.LastActivityDate = DateTime.Now;
user.LastLoginDate = DateTime.Now;
db.SaveChanges();
}
return(true);
}
else
{
return(false);
}
}
private bool CheckPassword(NotificatorEntities db, string username, string password, bool updateLastLoginActivityDate, bool failIfNotApproved, out User usr)
{
string salt;
int passwordFormat;
return(CheckPassword(db, username, password, updateLastLoginActivityDate, failIfNotApproved, out salt, out passwordFormat, out usr));
}
public override string GetUserNameByEmail(string email)
{
using (var db = new NotificatorEntities())
{
var usr = (from u in db.Users where u.Email == email && u.Application.Id == applicationId select u.Username).FirstOrDefault();
return(usr);
}
}
public override void UpdateUser(System.Web.Security.MembershipUser user)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
string temp = user.UserName;
SecurityUtils.CheckParameter(ref temp, true, true, true, 256, "UserName");
temp = user.Email;
SecurityUtils.CheckParameter(ref temp,
RequiresUniqueEmail,
RequiresUniqueEmail,
false,
256,
"Email");
user.Email = temp;
using (var db = new NotificatorEntities())
{
var query = from u in db.Users
where u.Id == (int)user.ProviderUserKey && u.Application.Id == applicationId
select u;
var usr = query.FirstOrDefault();
if (usr == null)
{
throw new ProviderException(GetExceptionText(1));
}
if (RequiresUniqueEmail)
{
var q = from u in db.Users
where u.Id != (int)user.ProviderUserKey &&
u.Email == user.Email && u.Application.Id == applicationId
select u;
if (q.Any())
{
throw new ProviderException(GetExceptionText(7));
}
}
usr.Email = user.Email;
usr.Comment = user.Comment;
usr.IsApproved = user.IsApproved;
usr.LastLoginDate = user.LastLoginDate;
db.SaveChanges();
}
}
public override System.Web.Security.MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
{
using (var db = new NotificatorEntities())
{
totalRecords = db.Users.Count();
var col = new MembershipUserCollection();
foreach (var item in db.Users.Where(u => u.Application.Id == applicationId).OrderBy(o => o.Id).Skip(pageSize * pageIndex).Take(pageSize))
{
col.Add(UserMapper.Map(this.Name, item));
}
return(col);
}
}
internal static int GetApplicationId(this NotificatorEntities data, string applicationName)
{
var application = data.GetApplicationByName(applicationName).FirstOrDefault();
if (application == null)
{
application = new Application {
Name = applicationName
};
data.Applications.AddObject(application);
data.SaveChanges();
}
return(application.Id);
}
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
using (var db = new NotificatorEntities())
{
var user = db.Users.FirstOrDefault(u => u.Username == username && u.Application.Id == applicationId);
if (user == null)
{
return(false);
}
db.DeleteObject(user);
db.SaveChanges();
return(true);
}
}
public override System.Web.Security.MembershipUser GetUser(string username, bool userIsOnline)
{
using (var db = new NotificatorEntities())
{
var usr = GetDBUser(db, username);
if (usr == null)
{
return(null);
}
if (userIsOnline)
{
usr.LastActivityDate = DateTime.UtcNow;
db.SaveChanges();
}
return(UserMapper.Map(this.Name, usr));
}
}
public override string GetPassword(string username, string answer)
{
using (var db = new NotificatorEntities())
{
var usr = GetDBUser(db, username);
if (usr == null)
{
return(null);
}
if (usr.PasswordAnswer == answer)
{
return(UnEncodePassword(usr.Password, usr.PasswordFormat));
}
}
return(null);
}
public override bool ValidateUser(string username, string password)
{
using (var db = new NotificatorEntities())
{
var usr = default(User);
if (ValidateParameter(ref username, true, true, true, 256) &&
ValidateParameter(ref password, true, true, false, 128) &&
CheckPassword(db, username, password, true, true, out usr))
{
return(true);
}
else
{
return(false);
}
}
}
public override System.Web.Security.MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
using (var db = new NotificatorEntities())
{
var uid = (int)providerUserKey;
var usr = db.GetUserById(uid, applicationId).FirstOrDefault();
if (usr == null)
{
return(null);
}
if (userIsOnline)
{
usr.LastActivityDate = DateTime.UtcNow;
db.SaveChanges();
}
return(UserMapper.Map(this.Name, usr));
}
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
using (var db = new NotificatorEntities())
{
var user = default(User);
string salt; int passwordFormat;
if (!CheckPassword(db, username, password, false, false, out salt, out passwordFormat, out user))
{
return(false);
}
user.PasswordQuestion = newPasswordQuestion;
user.PasswordAnswer = newPasswordAnswer;
db.SaveChanges();
return(true);
}
}
public override System.Web.Security.MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
using (var db = new NotificatorEntities())
{
var query = from user in db.Users
where user.Username.Contains(usernameToMatch) && user.Application.Id == applicationId
orderby user.Id
select user;
totalRecords = query.Count();
var col = new MembershipUserCollection();
foreach (var item in query.Skip(pageSize * pageIndex).Take(pageSize))
{
col.Add(UserMapper.Map(this.Name, item));
}
return(col);
}
}
public override bool UnlockUser(string userName)
{
SecurityUtils.CheckParameter(ref userName, true, true, true, 256, "username");
try
{
using (var db = new NotificatorEntities())
{
var user = GetDBUser(db, userName);
if (user == null)
{
return(false);
}
user.Status = (byte)UserStatus.Approved;
user.LastLockoutDate = DateTime.UtcNow;
db.SaveChanges();
return(true);
}
}
catch { return(false); }
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
var salt = string.Empty;
var passwordFormat = 1;
using (var db = new NotificatorEntities())
{
var user = default(User);
if (!CheckPassword(db, username, oldPassword, false, false, out salt, out passwordFormat, out user))
{
return(false);
}
user.Password = EncodePassword(newPassword, passwordFormat, salt);
user.LastPasswordChangedDate = DateTime.Now;
user.FailedPasswordAnswerAttemptCount = 0;
user.FailedPasswordAttemptCount = 0;
db.SaveChanges();
}
return(true);
}
public override string ResetPassword(string username, string answer)
{
if (!EnablePasswordReset)
{
throw new NotSupportedException("Not_configured_to_support_password_resets");
}
SecurityUtils.CheckParameter(ref username, true, true, true, 256, "username");
using (var db = new NotificatorEntities())
{
var user = GetDBUser(db, username);
var passwordAnswer = user.PasswordAnswer;
string encodedPasswordAnswer;
if (passwordAnswer != null)
{
passwordAnswer = passwordAnswer.Trim();
}
if (!string.IsNullOrEmpty(passwordAnswer))
{
encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), user.PasswordFormat, user.PasswordSalt);
}
else
{
encodedPasswordAnswer = passwordAnswer;
}
SecurityUtils.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "passwordAnswer");
string newPassword = GeneratePassword();
ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, newPassword, false);
OnValidatingPassword(e);
if (e.Cancel)
{
if (e.FailureInformation != null)
{
throw e.FailureInformation;
}
else
{
throw new ProviderException("Membership_Custom_Password_Validation_Failure");
}
}
var utc = DateTime.UtcNow;
if (encodedPasswordAnswer != user.PasswordAnswer)
{
if (utc > user.FailedPasswordAnswerAttemptWindowStart.AddMinutes(PasswordAttemptWindow))
{
user.FailedPasswordAnswerAttemptCount = 1;
}
else
{
user.FailedPasswordAnswerAttemptCount++;
}
user.FailedPasswordAnswerAttemptWindowStart = utc;
if (user.FailedPasswordAnswerAttemptCount > MaxInvalidPasswordAttempts)
{
user.LastLockoutDate = DateTime.UtcNow;
user.Status = (byte)UserStatus.Locked;
}
db.SaveChanges();
return(null);
}
else
{
user.FailedPasswordAnswerAttemptCount = 0;
user.FailedPasswordAnswerAttemptWindowStart = new DateTime(1754, 01, 01);
user.FailedPasswordAttemptCount = 0;
user.FailedPasswordAttemptWindowStart = user.FailedPasswordAnswerAttemptWindowStart;
}
user.Password = EncodePassword(newPassword, user.PasswordFormat, user.PasswordSalt);
db.SaveChanges();
return(newPassword);
//user.FailedPasswordAnswerAttemptCount = 0;
}
}
public EventRepository(NotificatorEntities context) : base(context)
{
}
public override void Initialize(string name, NameValueCollection config)
{
if (config == null)
{
throw new ArgumentNullException("config");
}
if (String.IsNullOrEmpty(name))
{
name = "SqlMembershipProvider";
}
if (string.IsNullOrEmpty(config["description"]))
{
config.Remove("description");
config.Add("description", "MembershipSqlProvider_description");
}
base.Initialize(name, config);
schemaVersionCheck = 0;
enablePasswordRetrieval = SecurityUtils.GetBooleanValue(config, "enablePasswordRetrieval", false);
enablePasswordReset = SecurityUtils.GetBooleanValue(config, "enablePasswordReset", true);
requiresQuestionAndAnswer = SecurityUtils.GetBooleanValue(config, "requiresQuestionAndAnswer", true);
requiresUniqueEmail = SecurityUtils.GetBooleanValue(config, "requiresUniqueEmail", true);
maxInvalidPasswordAttempts = SecurityUtils.GetIntValue(config, "maxInvalidPasswordAttempts", 5, false, 0);
passwordAttemptWindow = SecurityUtils.GetIntValue(config, "passwordAttemptWindow", 10, false, 0);
minRequiredPasswordLength = SecurityUtils.GetIntValue(config, "minRequiredPasswordLength", 7, false, 128);
minRequiredNonalphanumericCharacters = SecurityUtils.GetIntValue(config, "minRequiredNonalphanumericCharacters", 1, true, 128);
passwordStrengthRegularExpression = config["passwordStrengthRegularExpression"];
if (passwordStrengthRegularExpression != null)
{
passwordStrengthRegularExpression = passwordStrengthRegularExpression.Trim();
if (passwordStrengthRegularExpression.Length != 0)
{
try
{
Regex regex = new Regex(passwordStrengthRegularExpression);
}
catch (ArgumentException e)
{
throw new ProviderException(e.Message, e);
}
}
}
else
{
passwordStrengthRegularExpression = string.Empty;
}
if (minRequiredNonalphanumericCharacters > minRequiredPasswordLength)
{
throw new HttpException("MinRequiredNonalphanumericCharacters_can_not_be_more_than_MinRequiredPasswordLength");
}
string temp = config["connectionStringName"];
if (temp == null || temp.Length < 1)
{
throw new ProviderException("Connection_name_not_specified");
}
sqlConnectionString = temp;
if (sqlConnectionString == null || sqlConnectionString.Length < 1)
{
throw new ProviderException("Connection_string_not_found");
}
commandTimeout = SecurityUtils.GetIntValue(config, "commandTimeout", 30, true, 0);
appName = config["applicationName"];
if (string.IsNullOrEmpty(appName))
{
appName = "/";
}
if (appName.Length > 256)
{
throw new ProviderException("Provider_application_name_too_long");
}
using (var db = new NotificatorEntities())
{
applicationId = db.GetApplicationId(appName);
}
string strTemp = config["passwordFormat"];
if (strTemp == null)
{
strTemp = "Hashed";
}
switch (strTemp)
{
case "Clear":
passwordFormat = MembershipPasswordFormat.Clear;
break;
case "Encrypted":
passwordFormat = MembershipPasswordFormat.Encrypted;
break;
case "Hashed":
passwordFormat = MembershipPasswordFormat.Hashed;
break;
default:
throw new ProviderException("Provider_bad_password_format");
}
if (PasswordFormat == MembershipPasswordFormat.Hashed && EnablePasswordRetrieval)
{
throw new ProviderException("Provider_can_not_retrieve_hashed_password");
}
//if (_PasswordFormat == MembershipPasswordFormat.Encrypted && MachineKeySection.IsDecryptionKeyAutogenerated)
// throw new ProviderException(SR.GetString(SR.Can_not_use_encrypted_passwords_with_autogen_keys));
config.Remove("connectionStringName");
config.Remove("enablePasswordRetrieval");
config.Remove("enablePasswordReset");
config.Remove("requiresQuestionAndAnswer");
config.Remove("applicationName");
config.Remove("requiresUniqueEmail");
config.Remove("maxInvalidPasswordAttempts");
config.Remove("passwordAttemptWindow");
config.Remove("commandTimeout");
config.Remove("passwordFormat");
config.Remove("name");
config.Remove("minRequiredPasswordLength");
config.Remove("minRequiredNonalphanumericCharacters");
config.Remove("passwordStrengthRegularExpression");
if (config.Count > 0)
{
string attribUnrecognized = config.GetKey(0);
if (!String.IsNullOrEmpty(attribUnrecognized))
{
throw new ProviderException("Provider_unrecognized_attribute, attribUnrecognized");
}
}
}
public User GetDBUser(NotificatorEntities db, string username)
{
return(db.GetUserByName(username, applicationId).FirstOrDefault());
}
public override System.Web.Security.MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out System.Web.Security.MembershipCreateStatus status)
{
if (!ValidateParameter(ref password, true, true, false, 128))
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
var salt = GenerateSalt();
var pass = EncodePassword(password, (int)passwordFormat, salt);
if (pass.Length > 128)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
string encodedPasswordAnswer;
if (passwordAnswer != null)
{
passwordAnswer = passwordAnswer.Trim();
}
if (!string.IsNullOrEmpty(passwordAnswer))
{
if (passwordAnswer.Length > 128)
{
status = MembershipCreateStatus.InvalidAnswer;
return(null);
}
encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), (int)passwordFormat, salt);
}
else
{
encodedPasswordAnswer = passwordAnswer;
}
if (!ValidateParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, true, false, 128))
{
status = MembershipCreateStatus.InvalidAnswer;
return(null);
}
if (!ValidateParameter(ref username, true, true, true, 256))
{
status = MembershipCreateStatus.InvalidUserName;
return(null);
}
if (!ValidateParameter(ref email,
RequiresUniqueEmail,
RequiresUniqueEmail,
false,
256))
{
status = MembershipCreateStatus.InvalidEmail;
return(null);
}
if (!ValidateParameter(ref passwordQuestion, RequiresQuestionAndAnswer, true, false, 256))
{
status = MembershipCreateStatus.InvalidQuestion;
return(null);
}
if (providerUserKey != null)
{
//if (!(providerUserKey is Guid)) {
// status = MembershipCreateStatus.InvalidProviderUserKey;
// return null;
//}
status = MembershipCreateStatus.InvalidProviderUserKey;
return(null);
}
if (password.Length < MinRequiredPasswordLength)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
int count = 0;
for (int i = 0; i < password.Length; i++)
{
if (!char.IsLetterOrDigit(password, i))
{
count++;
}
}
if (count < MinRequiredNonAlphanumericCharacters)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
if (PasswordStrengthRegularExpression.Length > 0)
{
if (!Regex.IsMatch(password, PasswordStrengthRegularExpression))
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
}
ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(e);
if (e.Cancel)
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
using (var db = new NotificatorEntities())
{
if (RequiresUniqueEmail)
{
if (db.Users.Where(u => u.Email == email && u.Application.Id == applicationId).Any())
{
status = MembershipCreateStatus.DuplicateEmail;
return(null);
}
}
if (db.Users.Where(u => u.Username == username && u.Application.Id == applicationId).Any())
{
status = MembershipCreateStatus.DuplicateUserName;
return(null);
}
var utc = DateTime.UtcNow;
var user = new User()
{
Comment = "",
CreateOn = utc,
Email = email,
FailedPasswordAnswerAttemptCount = 0,
FailedPasswordAnswerAttemptWindowStart = utc,
FailedPasswordAttemptCount = 0,
FailedPasswordAttemptWindowStart = utc,
IsAnonymous = false,
IsApproved = isApproved,
LastActivityDate = utc,
LastLockoutDate = utc,
LastLoginDate = utc,
LastPasswordChangedDate = utc,
Password = pass,
PasswordAnswer = encodedPasswordAnswer,
PasswordFormat = (int)PasswordFormat,
PasswordQuestion = passwordQuestion,
PasswordSalt = salt,
TimeZone = 0,
Username = username,
Application = db.GetApplication(applicationId)
};
db.Users.AddObject(user);
try
{
db.SaveChanges();
}
catch
{
status = MembershipCreateStatus.UserRejected;
return(null);
}
status = MembershipCreateStatus.Success;
return(UserMapper.Map(this.Name, user));
}
}
public UserRepository(NotificatorEntities context) : base(context)
{
}
public override int GetNumberOfUsersOnline()
{
using (var db = new NotificatorEntities())
return(db.Users.Where(u => u.LastActivityDate > DateTime.Now.AddMinutes(Membership.UserIsOnlineTimeWindow) && u.Application.Id == applicationId).Count());
}
protected RepositoryBase(NotificatorEntities context)
{
this.context = context;
}
internal static Application GetApplication(this NotificatorEntities data, int applicationId)
{
return(data.GetApplicationById(applicationId).FirstOrDefault());
}
