public SignInValidator(IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
_passwords = passwords;
_session = HttpContext.Current != null && HttpContext.Current.Session != null
? new HttpSessionStateWrapper(HttpContext.Current.Session)
: null;
RuleFor(p => p.Password)
// cannot be empty
.NotEmpty()
.WithMessage(FailedBecausePasswordWasEmpty)
// account cannot be locked out
.Must(ValidateIsNotLockedOut)
.WithMessage(FailedBecauseIsLockedOut,
p => _passwords.MaximumPasswordAttempts)
// validate the password
.Must(ValidatePasswordIsCorrect)
.WithMessage(FailedBecausePasswordWasIncorrect,
p => _passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts(),
p => (_passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts() == 1) ? string.Empty : "s")
// check lockout again, this may be last attempt
.Must(ValidateIsNotLockedOut)
.WithMessage(FailedBecauseIsLockedOut,
p => _passwords.MaximumPasswordAttempts)
;
}
public UpdatePasswordValidator(IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
_passwords = passwords;
_httpContext = HttpContext.Current != null ? new HttpContextWrapper(HttpContext.Current) : null;
_session = _httpContext != null && _httpContext.Session != null
? _httpContext.Session
: null;
RuleFor(p => p.CurrentPassword)
// cannot be empty
.NotEmpty()
.WithMessage(FailedBecauseOldPasswordWasEmpty)
// account cannot be locked out
.Must(ValidateIsNotLockedOut)
.WithMessage(FailedBecauseIsLockedOut,
p => _passwords.MaximumPasswordAttempts)
// validate the password
.Must(ValidatePasswordIsCorrect)
.WithMessage(FailedBecauseCurrentPasswordWasIncorrect,
p => _passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts(),
p => (_passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts() == 1) ? string.Empty : "s")
// check lockout again, this may be last attempt
.Must(ValidateIsNotLockedOut)
.WithMessage(FailedBecauseIsLockedOut,
p => _passwords.MaximumPasswordAttempts)
;
RuleFor(p => p.NewPassword)
// cannot be empty
.NotEmpty()
.WithMessage(FailedBecauseNewPasswordWasEmpty)
// at least 6 characters long
.Length(passwords.MinimumPasswordLength, int.MaxValue)
.WithMessage(FailedBecauseNewPasswordWasTooShort,
p => passwords.MinimumPasswordLength)
;
RuleFor(p => p.ConfirmPassword)
// can never be empty
.NotEmpty()
.WithMessage(FailedBecauseNewPasswordConfirmationWasEmpty)
;
RuleFor(p => p.ConfirmPassword)
// equals password unless empty or password failed validation
.Equal(p => p.NewPassword)
.Unless(p =>
string.IsNullOrWhiteSpace(p.ConfirmPassword) ||
string.IsNullOrWhiteSpace(p.NewPassword) ||
p.NewPassword.Length < passwords.MinimumPasswordLength)
.WithMessage(FailedBecauseNewPasswordConfirmationDidNotEqualPassword)
;
}
public static void FailedPasswordAttempt(this HttpSessionStateBase session)
{
if (session == null)
{
return;
}
session[FailedPasswordAttemptsKey] = session.FailedPasswordAttempts() + 1;
}
private bool ValidateIsNotLockedOut(UpdatePasswordForm model, string password)
{
var isLockedOut = _passwords.IsLockedOut(_httpContext.User.Identity.Name);
if (isLockedOut)
{
_session.FailedPasswordAttempts(false);
}
return(!isLockedOut);
}
private bool ValidateIsNotLockedOut(SignInForm model, string password)
{
var isLockedOut = _passwords.IsLockedOut(model.EmailAddress);
if (isLockedOut)
{
_session.FailedPasswordAttempts(false);
}
return(!isLockedOut);
}
