//Demander un unique email... e préremplir du provider si Oauth et disponible... (exemple Facebook).. comme il semble faire pour le username (a voir)
public IUser CreateOrUpdateUser(IUser user)
{
if (String.IsNullOrEmpty(user.Name))
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidUserName);
}
//if (String.IsNullOrEmpty(user.Password)) throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
if (String.IsNullOrEmpty(user.Email))
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidEmail);
}
if (user.Id.IsNullOrEmpty()) // New user...
{
if (UserQueries.GetUserNameByEmail(user.Email) != null)
{
throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateEmail);
}
if (UserQueries.Get(user.Name) != null)
{
throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateUserName);
}
user.CreatedAt = _dateTimeManager.Now();
}
if (!user.ThirdPartyAuthenticationUserAccounts.Any() || !user.Password.IsNullOrEmpty())
{
try
{
ValidatePassword(user.Name, user.Password);
}
catch
{
// not the smoothest approach, but the best
// considering the inconsistent password failure handling.
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
}
}
var passwordInfo = new AccountPasswordInfo(user.Name, user.Password);
user.Password = PasswordStrategy.Encrypt(passwordInfo);
user.PasswordSalt = passwordInfo.PasswordSalt;
var status = UserCommands.Register(user);
if (status != MembershipCreateStatus.Success)
{
throw new MembershipCreateUserException(status);
}
return(user);
}
private void UpdateOnlineState(bool userIsOnline, IUser user)
{
if (!userIsOnline)
{
return;
}
user.LastActivityAt = _dateTimeManager.Now();
user.IsOnline = true;
UserCommands.Update(user);
}
///// <summary>
///// Updates information about a user in the data source.
///// </summary>
///// <param name="user">A <see cref="T:System.Web.Security.IUser"/> object that represents the user to update and the updated information for the user. </param>
//public void UpdateUser(IUser user)
//{
// var account = UserQueries.Get(user.UserName);
// Merge(user, account);
// AccountRepository.Update(account);
//}
//private void Merge(IUser user, IUser account)
//{
// account.Comment = user.Comment;
// account.IsApproved = user.IsApproved;
// account.Email = user.Email;
// account.PasswordQuestion = user.PasswordQuestion;
// account.IsLockedOut = user.IsLockedOut;
// //account.IsOnline = user.IsOnline;
// account.LastActivityAt = user.LastActivityDate;
// account.LastLockedOutAt = user.LastLockoutDate;
// account.LastPasswordChangeAt = user.LastPasswordChangedDate;
// account.ProviderUserKey = user.ProviderUserKey;
// account.Name = user.UserName;
//}
/// <summary>
/// Verifies that the specified user name and password exist in the data source.
/// </summary>
/// <returns>
/// true if the specified username and password are valid; otherwise, false.
/// </returns>
/// <param name="username">The name of the user to validate. </param><param name="password">The password for the specified user. </param>
public bool ValidateUser(string username, string password)
{
if (String.IsNullOrEmpty(username))
{
throw new ArgumentException("Value cannot be null or empty.", "username");
}
if (String.IsNullOrEmpty(password))
{
throw new ArgumentException("Value cannot be null or empty.", "password");
}
var user = UserQueries.Get(username);
if (user == null || user.IsLockedOut)
{
return(false);
}
var passwordInfo = user.CreatePasswordInfo();
var validated = PasswordStrategy.Compare(passwordInfo, password);
var now = _dateTimeManager.Now();
if (validated)
{
user.LastLoginAt = now;
user.FailedPasswordWindowStartedAt = null;
user.FailedPasswordWindowAttemptCount = 0;
UserCommands.Update(user);
return(true);
}
user.FailedPasswordWindowAttemptCount += 1;
if (!user.FailedPasswordWindowStartedAt.HasValue)
{
user.FailedPasswordAnswerWindowStartedAt = now;
}
else if (now.Subtract(user.FailedPasswordAnswerWindowStartedAt.Value).TotalMinutes >
PasswordPolicy.PasswordAttemptWindow)
{
user.IsLockedOut = true;
user.LastLockedOutAt = now;
UserCommands.Update(user);
}
return(false);
}
public bool ChangePassword(string username, string oldPassword, string newPassword)
{
if (String.IsNullOrEmpty(username))
{
throw new ArgumentException("Value cannot be null or empty.", "username");
}
if (String.IsNullOrEmpty(oldPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "oldPassword");
}
if (String.IsNullOrEmpty(newPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "newPassword");
}
// The underlying ChangePassword() will throw an exception rather
// than return false in certain failure scenarios.
try
{
var account = UserQueries.Get(username);
var pwInfo = account.CreatePasswordInfo();
if (!PasswordStrategy.Compare(pwInfo, oldPassword))
{
return(false);
}
ValidatePassword(username, newPassword);
account.Password = newPassword;
pwInfo = account.CreatePasswordInfo();
account.Password = PasswordStrategy.Encrypt(pwInfo);
UserCommands.Update(account);
return(true);
}
catch (ArgumentException)
{
return(false);
}
catch (MembershipPasswordException)
{
return(false);
}
}
