static void ChangePassword(string incomingphonenumber, string incomingtext) { string mailbody = $"Received request from: {incomingphonenumber}<br>SMS Text: {incomingtext}<br>Result: "; _logger.Info("Received SMS"); _logger.Info($"Phone number: {incomingphonenumber}"); _logger.Info($"Incoming text: {incomingtext}"); //Check if this is a valid phone number. This check let us ignore messages from short/text numbers PhoneNumber phoneNumber = null; try { phoneNumber = _phoneNumberUtil.Parse(incomingphonenumber, _currentPhoneRegion); } catch (Exception ex) { _logger.Error($"Exception during phone number parsing: {ex.Message} ({ex.GetType()})"); } if (phoneNumber == null || !_phoneNumberUtil.IsValidNumber(phoneNumber) || incomingtext.Count(f => f == ' ') > 2) { _logger.Warn("Ignoring SMS, Reason: Invalid phone number"); SendMail("SMS Self Service - Invalid SMS received", mailbody + "Invalid (Operator/Advertisement) SMS, ignoring..."); return; } if (_config.GetValue("Protection/Bruteforce/Enabled", true) && _intrusionsList.ContainsKey(incomingphonenumber) && _intrusionsList[incomingphonenumber] > _config.GetValue("Protection/Bruteforce/MaximumRetries", 5)) { _logger.Warn("Ignoring SMS, Reason: possible account name bruteforcing."); return; } //Generate new password string newpass = Regex.Replace(Membership.GeneratePassword(8, 0), @"[^a-zA-Z0-9]", m => "9"); try { //Get the username from various formats string login = incomingtext.Replace("/", "\\").ToLower(); if (login.Contains("@")) // [email protected] { login = login.Split('@')[0]; } if (login.Contains("\\")) // domain.com\username { login = login.Split('\\')[1]; } login = login.Trim(); PasswordChangeResult result = _activeDirectory.ChangeUserPassword(login, newpass, phoneNumber.NationalNumber.ToString()); string message; if (result == PasswordChangeResult.Success) { _logger.Info($"Successfully changed password for {login}"); message = _config.GetValue("Messages/Success", "Your temporary password:"******" " + newpass; } mailbody += "Successfully changed password"; } else if (result == PasswordChangeResult.UserNotFound) { _logger.Error($"User \"{login}\" not found"); message = _config.GetValue("Messages/UserNotFound", "Incorrect username"); mailbody += "User not found"; } else if (result == PasswordChangeResult.DisabledAccount) { _logger.Error("Account is disabled: " + login); message = _config.GetValue("Messages/AccountDisabled", "Account for this user is currently disabled"); mailbody += "Account is disabled"; } else if (result == PasswordChangeResult.NoFingerprintAttached) { _logger.Error($"No phone number attached to account: {login}"); message = _config.GetValue("Messages/NoPhoneAttached", "This service cannot be used by this user"); mailbody += "No phone number attached"; } else if (result == PasswordChangeResult.InvalidFingerprint) { _logger.Warn($"INTRUSION? PHONE NUMBER DIFFERS FROM ONE ASSOCIATED WITH THIS ACCOUNT! Incoming number: {incomingphonenumber}, incoming text: {incomingtext}"); message = _config.GetValue("Messages/IncorrectNumber", ""); mailbody += "<font color=\"red\">This phone number is not the one associated with this account.</font>"; if (!_intrusionsList.ContainsKey(incomingphonenumber)) { _intrusionsList[incomingphonenumber] = 0; } _intrusionsList[incomingphonenumber] += 1; } else { _logger.Fatal($"Error while when fulfilling password change request: {result}"); message = _config.GetValue("Messages/InternalError", "Service temporary not available"); mailbody += $"<font color=\"red\">ERROR WHILE FULFILLING REQUEST: {result}</font>"; } if (!string.IsNullOrEmpty(message)) { Utils.SendMessage(_comm, incomingphonenumber, message); } SendMail("SMS Self Service - Password Change Request", mailbody); } catch (Exception ex) { _logger.Fatal($"Error while changing user password: {ex.Message} ({ex.GetType()}) | {ex}"); } }