private TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest GetPasswordResetRequest(Guid accountID)
{
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordResetRequest = null;
//get the user by username first then we can figure out if the password is ok
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordRequestCriteria =
new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME])
{
AccountID = accountID
};
TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest searchReturned =
new TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]);
searchReturned.FillByCriteriaExact(foundPasswordRequestCriteria);
if (searchReturned != null && searchReturned.Count > 0)
{
//there should only be one
if (searchReturned.Count == 1)
{
foundPasswordResetRequest = (TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest)searchReturned[0];
}
else
{
throw new ApplicationException("There should only be one email address with this profile, but there is more than one, contact administrator");
}
}
return(foundPasswordResetRequest);
}
public bool ResetPassword(string username, string email, string passwordResetRequestCode, string newPassword)
{
bool success = false;
//1) Find the passwordResetRequestCode Record if it exists, which gives the account id
//2) Get the AccountRecord
//3) Update the Password = newPassword and the Deleted flag = true, call update on bo to update in database
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordResetRequest = null;
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest passwordResetSearchCriteria =
new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME])
{
PasswordResetCode = passwordResetRequestCode
};
TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest passwordResetSearchReturned =
new TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]);
passwordResetSearchReturned.FillByCriteriaExact(passwordResetSearchCriteria);
if (passwordResetSearchReturned != null && passwordResetSearchReturned.Count > 0)
{
if (passwordResetSearchReturned.Count == 1)
{
foundPasswordResetRequest = (TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest)passwordResetSearchReturned[0];
//make sure that the email or username is valid
TestSprocGenerator.Business.SingleTable.Bo.Account foundAccount = null;
string emailAddress = DetermineEmailGetAccountByEmailOrUsername(username, email, out foundAccount);
if (foundAccount != null)
{
//account is valid if the accountid of the returned record and the password request record accountID match
if (foundAccount.AccountID == foundPasswordResetRequest.AccountID)
{
//TODO: should probably do this in a transaction instead of having the possibility of one of these
//failing
foundAccount.Deleted = false;
foundAccount.AccountPassword = HashSaltHelper.CreatePasswordHash(newPassword,
HashSaltHelper.CreateSalt());
foundAccount.Update();
foundPasswordResetRequest.Delete();
success = true;
}
else
{
throw new ApplicationException("Email or Username provided does not match the Password Reset Request code record");
}
}
else
{
throw new ApplicationException("Email or Username provided is not valid");
}
}
}
return(success);
}
