// public for testing, not part of interface
public void IncrementFailedCount( User User )
{
if ( User.LoginFailStartDate != null && User.LoginFailStartDate.Value.Add( this.settingRepository.LoginFailWindow ) > DateTime.Now ) {
User.LoginFailCount++;
} else {
User.LoginFailCount = 1;
User.LoginFailStartDate = DateTime.Now;
}
this.userRepository.Save( User );
}
// public for testing, not part of interface
public void ClearFailedCount( User User )
{
if ( User.LoginFailStartDate != null || User.LoginFailCount > 0 ) {
User.LoginFailStartDate = null;
User.LoginFailCount = 0;
this.userRepository.Save( User );
} else {
// Already clear
}
}
// public for testing, not part of interface
public bool HashedPassMatches( User User, string PasswordFromGui )
{
if ( string.IsNullOrEmpty( User.Salt ) || string.IsNullOrEmpty( User.Password ) ) {
throw new ArgumentNullException( "User", "UserId " + User.UserId + " has a blank password or salt" );
}
if ( string.IsNullOrEmpty( User.Salt ) || string.IsNullOrEmpty( User.Password ) ) {
throw new ArgumentNullException( "User", "UserId " + User.UserId + " has a blank password or salt" );
}
string hashedPass = this.hashHelper.GenerateHash( this.settingRepository.HashType, PasswordFromGui, User.Salt );
return (hashedPass == User.Password);
}
public void EnsureAdminExists()
{
// TODO: Check for at least 1 active admin account?
if ( !this.userRepository.Any() ) {
User user = new User {
Email = "*****@*****.**",
FirstName = "Admin",
LastName = "Admin",
IsAdmin = true
};
this.loginService.SaveEmailPasswordChanges( user, "Admin", "@dm1n" );
}
}
public bool UserHasRole( User User, Role Role )
{
bool result = false;
if ( User != null ) {
switch ( Role ) {
case Role.Admin:
result = User.IsAdmin;
break;
default:
throw new ArgumentOutOfRangeException( "Role", Role, Role + " is not a " + typeof( Role ).Name );
}
}
return result;
}
// public for testing, not part of interface
public bool IsLockedOut( User User )
{
if ( User == null ) {
throw new ArgumentNullException( "User" );
}
if ( User.LoginFailCount <= this.settingRepository.MaxLoginFailCount ) {
return false;
}
if ( User.LoginFailStartDate == null ) {
return false;
}
if ( User.LoginFailStartDate.Value.Add( this.settingRepository.LoginFailWindow ) <= DateTime.Now ) {
return false;
}
return true;
}
public void SetPassword( User User, string PasswordFromGui )
{
User.Salt = this.hashHelper.GenerateSalt( this.settingRepository.MinSaltLength, this.settingRepository.MaxSaltLength );
User.Password = this.hashHelper.GenerateHash( this.settingRepository.HashType, PasswordFromGui, User.Salt );
}
public void SaveEmailPasswordChanges( User User, string EmailFromGui, string PasswordFromGui )
{
if ( string.IsNullOrEmpty( EmailFromGui ) ) {
throw new ArgumentNullException( "EmailFromGui" );
}
if ( !string.Equals( User.Email, EmailFromGui, StringComparison.InvariantCultureIgnoreCase ) || !string.IsNullOrEmpty( PasswordFromGui ) ) {
User.AuthenticationToken = Guid.NewGuid().ToString( "N" ); // Reset authentication token, effectively kill their cookie
}
User.Email = EmailFromGui;
if ( !string.IsNullOrEmpty( PasswordFromGui ) ) {
this.SetPassword( User, PasswordFromGui );
}
this.userRepository.Save( User );
}
public bool UserIsAdmin( User User )
{
return User != null && User.IsAdmin;
}
public ActionResult Edit(int id, UserModel Model)
{
if (Model == null) {
return this.RedirectToAction("Edit", new {id});
}
if (this.ModelState.IsValid && id < 1) {
if (string.IsNullOrEmpty(Model.Email)) {
this.ModelState.AddModelError("Email", "Email is required to create a new user");
}
if (string.IsNullOrEmpty(Model.Password)) {
this.ModelState.AddModelError("Password", "Password is required for new users");
}
}
if (!this.userRepository.EmailAvailable(id, Model.Email)) {
this.ModelState.AddModelError("Email", "Email is in use, please choose a new username");
}
// TODO: Validate that the password is complex enough
if (this.ModelState.IsValid) {
User user = this.userRepository.GetById(id);
if (user == null) {
if (id > 0) {
return this.View("NotFound");
}
user = new User {
Email = Model.Email,
Salt = "notnull",
Password = "******"
};
}
this.UserFromModel(user, Model);
this.userRepository.Save(user);
this.loginService.SaveEmailPasswordChanges(user, Model.Email, Model.Password);
return this.RedirectToAction("Index"); // Success
}
return this.View(Model); // Fix your errors
}
private UserModel UserToModel(User User)
{
UserModel model = new UserModel {
UserId = User.UserId,
Email = User.Email,
FirstName = User.FirstName,
LastName = User.LastName,
IsAdmin = User.IsAdmin,
IsElectable = User.IsElectable,
IsActive = User.IsActive,
};
return model;
}
private void UserFromModel(User User, UserModel Model)
{
User.FirstName = Model.FirstName;
User.LastName = Model.LastName;
User.IsAdmin = Model.IsAdmin;
User.IsElectable = Model.IsElectable;
User.IsActive = Model.IsActive;
// Specifically don't set Email and Password -- those are set differently
}