/// <summary>
/// Resets a user's password to a new, automatically generated password.
/// </summary>
/// <returns>
/// The new password for the specified user.
/// </returns>
/// <param name="username">The user to reset the password for. </param><param name="answer">The password answer for the specified user. </param>
public override string ResetPassword(string username, string answer)
{
if (!PasswordPolicy.IsPasswordResetEnabled)
{
throw new NotSupportedException("Password reset is not supported.");
}
var user = AccountRepository.Get(username);
if (PasswordPolicy.IsPasswordQuestionRequired && answer == null)
{
throw new MembershipPasswordException("Password answer is empty and question/answer is required.");
}
if (PasswordPolicy.IsPasswordQuestionRequired &&
!user.PasswordAnswer.Equals(answer, StringComparison.OrdinalIgnoreCase))
{
return(null);
}
var newPassword = PasswordStrategy.GeneratePassword(PasswordPolicy);
ValidatePassword(username, newPassword);
var info = new AccountPasswordInfo(username, newPassword);
user.Password = PasswordStrategy.Encrypt(info);
user.PasswordSalt = info.PasswordSalt;
AccountRepository.Update(user);
return(newPassword);
}
//Demander un unique email... e préremplir du provider si Oauth et disponible... (exemple Facebook).. comme il semble faire pour le username (a voir)
public IUser CreateOrUpdateUser(IUser user)
{
if (String.IsNullOrEmpty(user.Name))
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidUserName);
}
//if (String.IsNullOrEmpty(user.Password)) throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
if (String.IsNullOrEmpty(user.Email))
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidEmail);
}
if (user.Id.IsNullOrEmpty()) // New user...
{
if (UserQueries.GetUserNameByEmail(user.Email) != null)
{
throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateEmail);
}
if (UserQueries.Get(user.Name) != null)
{
throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateUserName);
}
user.CreatedAt = _dateTimeManager.Now();
}
if (!user.ThirdPartyAuthenticationUserAccounts.Any() || !user.Password.IsNullOrEmpty())
{
try
{
ValidatePassword(user.Name, user.Password);
}
catch
{
// not the smoothest approach, but the best
// considering the inconsistent password failure handling.
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
}
}
var passwordInfo = new AccountPasswordInfo(user.Name, user.Password);
user.Password = PasswordStrategy.Encrypt(passwordInfo);
user.PasswordSalt = passwordInfo.PasswordSalt;
var status = UserCommands.Register(user);
if (status != MembershipCreateStatus.Success)
{
throw new MembershipCreateUserException(status);
}
return(user);
}
/// <summary>
/// Adds a new membership user to the data source.
/// </summary>
/// <returns>
/// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the information for the newly created user.
/// </returns>
/// <param name="username">The user name for the new user. </param><param name="password">The password for the new user. </param><param name="email">The e-mail address for the new user.</param><param name="passwordQuestion">The password question for the new user.</param><param name="passwordAnswer">The password answer for the new user</param><param name="isApproved">Whether or not the new user is approved to be validated.</param><param name="providerUserKey">The unique identifier from the membership data source for the user.</param><param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"/> enumeration value indicating whether the user was created successfully.</param>
public override MembershipUser CreateUser(string username, string password, string email,
string passwordQuestion, string passwordAnswer, bool isApproved,
object providerUserKey, out MembershipCreateStatus status)
{
if (AccountRepository.IsUniqueEmailRequired && AccountRepository.GetUserNameByEmail(email) != null)
{
status = MembershipCreateStatus.DuplicateEmail;
return(null);
}
if (AccountRepository.Get(username) != null)
{
status = MembershipCreateStatus.DuplicateUserName;
return(null);
}
try
{
ValidatePassword(username, password);
}
catch
{
// not the smoothest approach, but the best
// considering the inconsistent password failure handling.
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
var account = AccountRepository.Create(providerUserKey, ApplicationName, username, email);
var passwordInfo = new AccountPasswordInfo(username, password);
account.Password = PasswordStrategy.Encrypt(passwordInfo);
account.PasswordSalt = passwordInfo.PasswordSalt;
account.PasswordAnswer = passwordAnswer;
account.PasswordQuestion = passwordQuestion;
status = AccountRepository.Register(account);
if (status == MembershipCreateStatus.Success)
{
return(CloneUser(account));
}
return(null);
}
/// <summary>
/// Processes a request to update the password for a membership user.
/// </summary>
/// <returns>
/// true if the password was updated successfully; otherwise, false.
/// </returns>
/// <param name="username">The user to update the password for. </param><param name="oldPassword">The current password for the specified user. </param><param name="newPassword">The new password for the specified user. </param>
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
var account = AccountRepository.Get(username);
var pwInfo = account.CreatePasswordInfo();
if (!PasswordStrategy.Compare(pwInfo, oldPassword))
{
return(false);
}
ValidatePassword(username, newPassword);
account.Password = newPassword;
pwInfo = account.CreatePasswordInfo();
account.Password = PasswordStrategy.Encrypt(pwInfo);
AccountRepository.Update(account);
return(true);
}
public bool ChangePassword(string username, string oldPassword, string newPassword)
{
if (String.IsNullOrEmpty(username))
{
throw new ArgumentException("Value cannot be null or empty.", "username");
}
if (String.IsNullOrEmpty(oldPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "oldPassword");
}
if (String.IsNullOrEmpty(newPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "newPassword");
}
// The underlying ChangePassword() will throw an exception rather
// than return false in certain failure scenarios.
try
{
var account = UserQueries.Get(username);
var pwInfo = account.CreatePasswordInfo();
if (!PasswordStrategy.Compare(pwInfo, oldPassword))
{
return(false);
}
ValidatePassword(username, newPassword);
account.Password = newPassword;
pwInfo = account.CreatePasswordInfo();
account.Password = PasswordStrategy.Encrypt(pwInfo);
UserCommands.Update(account);
return(true);
}
catch (ArgumentException)
{
return(false);
}
catch (MembershipPasswordException)
{
return(false);
}
}
