public UpdatePasswordServices(IProcessQueries queryProcessor
, IStorePasswords passwords
)
{
QueryProcessor = queryProcessor;
Passwords = passwords;
}
public HandleResetPasswordCommand(ICommandEntities entities
, IStorePasswords passwords
)
{
_entities = entities;
_passwords = passwords;
}
public CreatePasswordHandler(ICommandEntities entities
, IStorePasswords passwords
)
{
_entities = entities;
_passwords = passwords;
}
public IdentityController(ISignUsers userSigner
, IStorePasswords passwords
)
{
_userSigner = userSigner;
_passwords = passwords;
}
public SignInValidator(IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
_passwords = passwords;
_session = HttpContext.Current != null && HttpContext.Current.Session != null
? new HttpSessionStateWrapper(HttpContext.Current.Session)
: null;
RuleFor(p => p.Password)
// cannot be empty
.NotEmpty()
.WithMessage(FailedBecausePasswordWasEmpty)
// account cannot be locked out
.Must(ValidateIsNotLockedOut)
.WithMessage(FailedBecauseIsLockedOut,
p => _passwords.MaximumPasswordAttempts)
// validate the password
.Must(ValidatePasswordIsCorrect)
.WithMessage(FailedBecausePasswordWasIncorrect,
p => _passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts(),
p => (_passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts() == 1) ? string.Empty : "s")
// check lockout again, this may be last attempt
.Must(ValidateIsNotLockedOut)
.WithMessage(FailedBecauseIsLockedOut,
p => _passwords.MaximumPasswordAttempts)
;
}
public UpdatePasswordServices(IProcessQueries queryProcessor
, IStorePasswords passwords
)
{
QueryProcessor = queryProcessor;
Passwords = passwords;
}
public SignInServices(IProcessQueries queryProcessor
, ISignUsers userSigner
, IStorePasswords passwords
)
{
QueryProcessor = queryProcessor;
UserSigner = userSigner;
Passwords = passwords;
}
public SignInServices(IProcessQueries queryProcessor
, ISignUsers userSigner
, IStorePasswords passwords
)
{
QueryProcessor = queryProcessor;
UserSigner = userSigner;
Passwords = passwords;
}
public ValidateSendConfirmEmailMessageCommand(IQueryEntities entities, IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
RuleFor(x => x.EmailAddress)
//cannot be empty
.NotEmpty()
.WithMessage(MustNotHaveEmptyEmailAddress.FailMessage)
// must be valid against email address regular expression
.EmailAddress()
.WithMessage(MustBeValidEmailAddressFormat.FailMessageFormat, x => x.EmailAddress)
// must match a person
.MustFindPersonByEmail(entities, _person)
.WithMessage(MustFindPersonByEmail.FailMessageFormat, x => x.EmailAddress)
// must match an establishment
.MustFindEstablishmentByEmail(entities, _establishment)
.WithMessage(MustFindEstablishmentByEmail.FailMessageFormat,
x => x.EmailAddress)
// establishment must be a member
.Must(x => _establishment.Entity.IsMember)
.WithMessage(MustBeMemberEstablishment.FailMessageFormat,
x => _establishment.Entity.RevisionId)
;
// when person is not null and intent is to reset password,
When(x => _person.Entity != null && x.Intent == EmailConfirmationIntent.ResetPassword, () =>
RuleFor(x => x.EmailAddress)
// the establishment must not have saml sign on
.Must(x => !_establishment.Entity.HasSamlSignOn())
.WithMessage(MustNotHaveSamlIntegration.FailMessageFormat,
x => _establishment.Entity.RevisionId)
// the matched person must have a user
.Must(x => _person.Entity.User != null)
.WithMessage(MustNotHaveNullUser.FailMessageFormat,
x => _person.Entity.DisplayName)
// the user must not have a SAML account
.Must(x => string.IsNullOrWhiteSpace(_person.Entity.User.EduPersonTargetedId))
.WithMessage(MustNotHaveSamlMembershipAccount.FailMessageFormat,
x => _person.Entity.User.Name)
// the email address' person's user's name must match a local member account
.Must(x => passwords.Exists(_person.Entity.User.Name))
.WithMessage(MustHaveLocalMembershipAccount.FailMessageFormat,
x => _person.Entity.User.Name)
// the email address must be confirmed
.Must(x => _person.Entity.Emails.ByValue(x).IsConfirmed)
.WithMessage(MustBeConfirmedEmailAddress.FailMessageFormat,
x => x.EmailAddress)
);
}
public UpdatePasswordValidator(IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
_passwords = passwords;
_httpContext = HttpContext.Current != null ? new HttpContextWrapper(HttpContext.Current) : null;
_session = _httpContext != null && _httpContext.Session != null
? _httpContext.Session
: null;
RuleFor(p => p.CurrentPassword)
// cannot be empty
.NotEmpty()
.WithMessage(FailedBecauseOldPasswordWasEmpty)
// account cannot be locked out
.Must(ValidateIsNotLockedOut)
.WithMessage(FailedBecauseIsLockedOut,
p => _passwords.MaximumPasswordAttempts)
// validate the password
.Must(ValidatePasswordIsCorrect)
.WithMessage(FailedBecauseCurrentPasswordWasIncorrect,
p => _passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts(),
p => (_passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts() == 1) ? string.Empty : "s")
// check lockout again, this may be last attempt
.Must(ValidateIsNotLockedOut)
.WithMessage(FailedBecauseIsLockedOut,
p => _passwords.MaximumPasswordAttempts)
;
RuleFor(p => p.NewPassword)
// cannot be empty
.NotEmpty()
.WithMessage(FailedBecauseNewPasswordWasEmpty)
// at least 6 characters long
.Length(passwords.MinimumPasswordLength, int.MaxValue)
.WithMessage(FailedBecauseNewPasswordWasTooShort,
p => passwords.MinimumPasswordLength)
;
RuleFor(p => p.ConfirmPassword)
// can never be empty
.NotEmpty()
.WithMessage(FailedBecauseNewPasswordConfirmationWasEmpty)
;
RuleFor(p => p.ConfirmPassword)
// equals password unless empty or password failed validation
.Equal(p => p.NewPassword)
.Unless(p =>
string.IsNullOrWhiteSpace(p.ConfirmPassword) ||
string.IsNullOrWhiteSpace(p.NewPassword) ||
p.NewPassword.Length < passwords.MinimumPasswordLength)
.WithMessage(FailedBecauseNewPasswordConfirmationDidNotEqualPassword)
;
}
public ReceiveSamlAuthnResponseHandler(ICommandEntities entities
, ISignUsers userSigner
, IStorePasswords passwords
, IUnitOfWork unitOfWork
)
{
_entities = entities;
_userSigner = userSigner;
_passwords = passwords;
_unitOfWork = unitOfWork;
}
public ReceiveSamlAuthnResponseHandler(ICommandEntities entities
, ISignUsers userSigner
, IStorePasswords passwords
, IHandleCommands <CreateEmailAddress> createEmailAddress
, IUnitOfWork unitOfWork
)
{
_entities = entities;
_userSigner = userSigner;
_passwords = passwords;
_createEmailAddress = createEmailAddress;
_unitOfWork = unitOfWork;
}
public ValidateSendCreatePasswordMessageCommand(IQueryEntities entities, IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
RuleFor(x => x.EmailAddress)
// email address cannot be empty
.NotEmpty()
.WithMessage(MustNotHaveEmptyEmailAddress.FailMessage)
// must be valid against email address regular expression
.EmailAddress()
.WithMessage(MustBeValidEmailAddressFormat.FailMessageFormat, x => x.EmailAddress)
// the email address must match an establishment
.MustFindEstablishmentByEmail(entities, _establishment)
.WithMessage(MustFindEstablishmentByEmail.FailMessageFormat,
x => x.EmailAddress)
// establishment must be a member
.Must(x => _establishment.Entity.IsMember)
.WithMessage(MustBeMemberEstablishment.FailMessageFormat,
x => _establishment.Entity.RevisionId)
// establishment must not have saml sign on
.Must(x => !_establishment.Entity.HasSamlSignOn())
.WithMessage(MustNotHaveSamlIntegration.FailMessageFormat,
x => _establishment.Entity.RevisionId)
// the email address MAY match a person
.Must((command, x, context) =>
{
var validator = new MustFindPersonByEmail(entities, _person);
validator.Validate(context);
return(true);
})
;
// when person is not null,
When(x => _person.Entity != null, () =>
RuleFor(x => x.EmailAddress)
// it must not have a registered user
.Must(x => _person.Entity.User == null || !_person.Entity.User.IsRegistered)
.WithMessage(MustNotBeRegisteredUser.FailMessageFormat,
x => _person.Entity.DisplayName)
// it must not have a local member account
.Must(x => _person.Entity.User == null || !passwords.Exists(_person.Entity.User.Name))
.WithMessage(MustNotHaveLocalMembershipAccount.FailMessageFormat,
x => _person.Entity.User.Name)
);
}
public IdentityController(ISignUsers userSigner
, IStorePasswords passwords
, IProcessQueries queryProcessor
, IHandleCommands<UpdateSamlSignOnMetadata> updateSamlMetadata
//, IProvideSaml2Service samlServiceProvider
, IManageConfigurations configurationManager
)
{
_userSigner = userSigner;
_passwords = passwords;
_queryProcessor = queryProcessor;
_updateSamlMetadata = updateSamlMetadata;
//_samlServiceProvider = samlServiceProvider;
_configurationManager = configurationManager;
}
public ResetPasswordValidator(IQueryEntities entities, IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
RuleFor(p => p.Token)
// cannot be empty guid
.NotEmpty()
.WithMessage(ValidateEmailConfirmation.FailedBecauseTokenWasEmpty,
p => p.Token)
// matches email confirmation entity
.Must(p => ValidateEmailConfirmation.TokenMatchesEntity(p, entities))
.WithMessage(ValidateEmailConfirmation.FailedBecauseTokenMatchedNoEntity,
p => p.Token)
;
RuleFor(p => p.Password)
// cannot be empty
.NotEmpty()
.WithMessage(FailedBecausePasswordWasEmpty)
// at least 6 characters long
.Length(passwords.MinimumPasswordLength, int.MaxValue)
.WithMessage(FailedBecausePasswordWasTooShort,
p => passwords.MinimumPasswordLength)
;
RuleFor(p => p.PasswordConfirmation)
// can never be empty
.NotEmpty()
.WithMessage(FailedBecausePasswordConfirmationWasEmpty)
;
RuleFor(p => p.PasswordConfirmation)
// equals password unless empty or password failed validation
.Equal(p => p.Password)
.Unless(p =>
string.IsNullOrWhiteSpace(p.PasswordConfirmation) ||
string.IsNullOrWhiteSpace(p.Password) ||
p.Password.Length < passwords.MinimumPasswordLength)
.WithMessage(FailedBecausePasswordConfirmationDidNotEqualPassword)
;
}
public ForgotPasswordValidator(IQueryEntities entities, IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
Establishment establishment = null;
var loadEstablishment = new Expression <Func <Establishment, object> >[]
{
e => e.SamlSignOn,
};
Person person = null;
var loadPerson = new Expression <Func <Person, object> >[]
{
p => p.Emails,
p => p.User
};
RuleFor(p => p.EmailAddress)
// cannot be empty
.NotEmpty()
.WithMessage(FailedBecauseEmailAddressWasEmpty)
// must be valid against email address regular expression
.EmailAddress()
.WithMessage(FailedBecauseEmailAddressWasNotValidEmailAddress)
// must match an establishment
.Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
.WithMessage(FailedBecauseUserNameMatchedNoLocalMember,
p => p.EmailAddress)
// establishment must be a member
.Must(p => establishment.IsMember)
.WithMessage(FailedBecauseUserNameMatchedNoLocalMember,
p => p.EmailAddress)
// establishment cannot have saml integration
.Must(p => !establishment.HasSamlSignOn())
.WithMessage(FailedBecauseEduPersonTargetedIdWasNotEmpty,
p => p.EmailAddress.GetEmailDomain())
// must match a person
.Must(p => ValidateEmailAddress.ValueMatchesPerson(p, entities, loadPerson, out person))
.WithMessage(FailedBecauseUserNameMatchedNoLocalMember,
p => p.EmailAddress)
// the matched person must have a user
.Must(p => ValidatePerson.UserIsNotNull(person))
.WithMessage(FailedBecauseUserNameMatchedNoLocalMember,
p => p.EmailAddress)
// the user must not have a SAML account
.Must(p => ValidateUser.EduPersonTargetedIdIsEmpty(person.User))
.WithMessage(FailedBecauseEduPersonTargetedIdWasNotEmpty,
p => p.EmailAddress.GetEmailDomain())
// the email address' person's user's name must match a local member account
.Must(p => ValidateUser.NameMatchesLocalMember(person.User.Name, passwords))
.WithMessage(FailedBecauseUserNameMatchedNoLocalMember,
p => p.EmailAddress)
// the email address must be confirmed
.Must(p => ValidateEmailAddress.IsConfirmed(person.GetEmail(p)))
.WithMessage(ValidateEmailAddress.FailedBecauseIsNotConfirmed,
p => p.EmailAddress)
;
}
public ValidateResetPasswordCommand(IQueryEntities entities, IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
RuleFor(x => x.Token)
// token cannot be an empty guid
.NotEmpty()
.WithMessage(MustNotHaveEmptyConfirmationToken.FailMessageFormat, x => x.Token)
// token must match a confirmation
.MustFindConfirmationByToken(entities, _confirmation)
.WithMessage(MustFindConfirmationByToken.FailMessageFormat, x => x.Token)
// its intent must be to reset password
.Must(x => _confirmation.Entity.Intent == EmailConfirmationIntent.ResetPassword)
.WithMessage(MustHaveCorrectConfirmationIntent.FailMessageFormat,
x => _confirmation.Entity.Intent, x => x.Token)
// it cannot be expired
.Must(x => !_confirmation.Entity.IsExpired)
.WithMessage(MustNotBeExpiredConfirmation.FailMessageFormat,
x => x.Token, x => _confirmation.Entity.ExpiresOnUtc)
// it cannot be retired
.Must(x => !_confirmation.Entity.IsRetired)
.WithMessage(MustNotBeRetiredConfirmation.FailMessageFormat,
x => x.Token, x => _confirmation.Entity.RetiredOnUtc)
// it must be redeemed
.Must(x => _confirmation.Entity.IsRedeemed)
.WithMessage(MustBeRedeemedConfirmation.FailMessageFormat,
x => x.Token)
// email address must be confirmed
.Must(x => _confirmation.Entity.EmailAddress.IsConfirmed)
.WithMessage(MustBeConfirmedEmailAddress.FailMessageFormat,
x => _confirmation.Entity.EmailAddress.Value)
// it must be attached to a user
.Must(x => _confirmation.Entity.EmailAddress.Person.User != null)
.WithMessage(MustNotHaveNullUser.FailMessageFormat,
x => _confirmation.Entity.EmailAddress.Person.DisplayName)
// user cannot have a saml account
.Must(x => string.IsNullOrWhiteSpace(_confirmation.Entity.EmailAddress.Person.User.EduPersonTargetedId))
.WithMessage(MustNotHaveSamlMembershipAccount.FailMessageFormat,
x => _confirmation.Entity.EmailAddress.Person.User.Name)
// user name must match local member account
.Must(x => passwords.Exists(_confirmation.Entity.EmailAddress.Person.User.Name))
.WithMessage(MustHaveLocalMembershipAccount.FailMessageFormat,
x => _confirmation.Entity.EmailAddress.Person.User.Name)
;
RuleFor(x => x.Ticket)
// ticket cannot be empty
.NotEmpty()
.WithMessage(MustNotHaveEmptyConfirmationTicket.FailMessage)
// must match the entity ticket
.Must(x => x == _confirmation.Entity.Ticket)
.WithMessage(MustHaveCorrectConfirmationTicket.FailMessageFormat,
x => x.Ticket, x => x.Token)
;
RuleFor(x => x.Password)
// cannot be empty
.NotEmpty()
.WithMessage(MustNotHaveEmptyPassword.FailMessage)
// length must be between 6 and 100 characters
.Length(passwords.MinimumPasswordLength, int.MaxValue)
.WithMessage(MustHaveMinimumPasswordLength.FormatFailMessage(passwords.MinimumPasswordLength))
;
RuleFor(x => x.PasswordConfirmation)
// cannot be empty
.NotEmpty()
.WithMessage(MustNotHaveEmptyPasswordConfirmation.FailMessage)
// must match password
.Equal(x => x.Password)
.WithMessage(MustHaveTwoEqualPasswords.FailMessage)
;
}
public static bool NameMatchesLocalMember(string name, IStorePasswords passwords)
{
return(passwords.Exists(name));
}
public static bool NameMatchesLocalMember(string name, IStorePasswords passwords)
{
return passwords.Exists(name);
}
public SendConfirmEmailMessageValidator(IQueryEntities entities, IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
Person person = null;
var loadPerson = new Expression <Func <Person, object> >[]
{
p => p.Emails,
p => p.User
};
Establishment establishment = null;
var loadEstablishment = new Expression <Func <Establishment, object> >[]
{
e => e.SamlSignOn,
};
RuleFor(p => p.EmailAddress)
//cannot be empty
.NotEmpty()
.WithMessage(ValidateEmailAddress.FailedBecauseValueWasEmpty)
// must be valid against email address regular expression
.EmailAddress()
.WithMessage(ValidateEmailAddress.FailedBecauseValueWasNotValidEmailAddress)
// must match a person
.Must(p => ValidateEmailAddress.ValueMatchesPerson(p, entities, loadPerson, out person))
.WithMessage(ValidateEmailAddress.FailedBecauseValueMatchedNoPerson,
p => p.EmailAddress)
// must match an establishment
.Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
.WithMessage(ValidateEstablishment.FailedBecauseEmailMatchedNoEntity,
p => p.EmailAddress)
// establishment must be a member
.Must(p => establishment.IsMember)
.WithMessage(ValidateEstablishment.FailedBecauseEstablishmentIsNotMember,
p => establishment.RevisionId)
;
// when person is not null and intent is to reset password,
When(p => person != null && p.Intent == EmailConfirmationIntent.ResetPassword, () =>
RuleFor(p => p.EmailAddress)
// the establishment must not have saml sign on
.Must(p => !establishment.HasSamlSignOn())
.WithMessage(ValidateEstablishment.FailedBecauseEstablishmentHasSamlSignOn,
p => establishment.RevisionId)
// the matched person must have a user
.Must(p => ValidatePerson.UserIsNotNull(person))
.WithMessage(ValidatePerson.FailedBecauseUserWasNull,
p => person.DisplayName)
// the user must not have a SAML account
.Must(p => ValidateUser.EduPersonTargetedIdIsEmpty(person.User))
.WithMessage(ValidateUser.FailedBecauseEduPersonTargetedIdWasNotEmpty,
p => person.User.Name)
// the email address' person's user's name must match a local member account
.Must(p => ValidateUser.NameMatchesLocalMember(person.User.Name, passwords))
.WithMessage(ValidateUser.FailedBecauseNameMatchedNoLocalMember,
p => person.User.Name)
// the email address must be confirmed
.Must(p => ValidateEmailAddress.IsConfirmed(person.GetEmail(p)))
.WithMessage(ValidateEmailAddress.FailedBecauseIsNotConfirmed,
p => p.EmailAddress)
);
}
public SendCreatePasswordMessageValidator(IQueryEntities entities, IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
Establishment establishment = null;
var loadEstablishment = new Expression <Func <Establishment, object> >[]
{
e => e.SamlSignOn,
};
Person person = null;
var loadPerson = new Expression <Func <Person, object> >[]
{
p => p.Emails,
p => p.User
};
RuleFor(p => p.EmailAddress)
// email address cannot be empty
.NotEmpty()
.WithMessage(ValidateEmailAddress.FailedBecauseValueWasEmpty)
// must be valid against email address regular expression
.EmailAddress()
.WithMessage(ValidateEmailAddress.FailedBecauseValueWasNotValidEmailAddress)
// the email address must match a non-saml establishment
.Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
.WithMessage(ValidateEstablishment.FailedBecauseEmailMatchedNoEntity,
p => p.EmailAddress)
// the email address must match a member establishment
.Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
.WithMessage(ValidateEstablishment.FailedBecauseEmailMatchedNoEntity,
p => p.EmailAddress)
// the email address may match a person
.Must(p =>
{
ValidateEmailAddress.ValueMatchesPerson(p, entities, loadPerson, out person);
return(true);
})
;
// when establishment is not null,
When(p => establishment != null, () =>
RuleFor(p => p.EmailAddress)
// it must not have saml sign on
.Must(p => !establishment.HasSamlSignOn())
.WithMessage(ValidateEstablishment.FailedBecauseEstablishmentHasSamlSignOn,
p => establishment.RevisionId)
// it must be a member
.Must(p => establishment.IsMember)
.WithMessage(ValidateEstablishment.FailedBecauseEstablishmentIsNotMember,
p => person.User.Name)
);
// when person is not null,
When(p => person != null, () =>
RuleFor(p => p.EmailAddress)
// it must not have a registered user
.Must(p => person.User == null || !person.User.IsRegistered)
.WithMessage(ValidatePerson.FailedBecauseUserIsRegistered,
p => person.DisplayName)
// it must not have a local member account
.Must(p => person.User == null || !passwords.Exists(person.User.Name))
.WithMessage(ValidateUser.FailedBecauseNameMatchedLocalMember,
p => person.User.Name)
);
}
public ResetPasswordValidator(IQueryEntities entities, IStorePasswords passwords)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
EmailConfirmation confirmation = null;
RuleFor(p => p.Token)
// token cannot be an empty guid
.NotEmpty()
.WithMessage(ValidateEmailConfirmation.FailedBecauseTokenWasEmpty,
p => p.Token)
// token must match a confirmation
.Must(p => ValidateEmailConfirmation.TokenMatchesEntity(p, entities, out confirmation))
.WithMessage(ValidateEmailConfirmation.FailedBecauseTokenMatchedNoEntity,
p => p.Token)
;
RuleFor(p => p.Ticket)
// ticket cannot be empty
.NotEmpty()
.WithMessage(ValidateEmailConfirmation.FailedBecauseTicketWasEmpty)
;
RuleFor(p => p.Password)
// cannot be empty
.NotEmpty()
.WithMessage(ValidatePassword.FailedBecausePasswordWasEmpty)
// length must be between 6 and 100 characters
.Length(passwords.MinimumPasswordLength, int.MaxValue)
.WithMessage(ValidatePassword.FailedBecausePasswordWasTooShort(passwords.MinimumPasswordLength))
;
RuleFor(p => p.PasswordConfirmation)
// cannot be empty
.NotEmpty()
.WithMessage(ValidatePassword.FailedBecausePasswordConfirmationWasEmpty)
;
RuleFor(p => p.PasswordConfirmation)
// must match password unless password is invalid or password confirmation is empty
.Equal(p => p.Password)
.Unless(p =>
string.IsNullOrWhiteSpace(p.PasswordConfirmation) ||
string.IsNullOrWhiteSpace(p.Password) ||
p.Password.Length < passwords.MinimumPasswordLength)
.WithMessage(ValidatePassword.FailedBecausePasswordConfirmationDidNotEqualPassword)
;
// when confirmation is not null,
When(p => confirmation != null, () =>
{
RuleFor(p => p.Token)
// its intent must be to reset password
.Must(p => confirmation.Intent == EmailConfirmationIntent.ResetPassword)
.WithMessage(ValidateEmailConfirmation.FailedBecauseIntentWasIncorrect,
p => confirmation.Intent, p => confirmation.Token)
// it cannot be expired
.Must(p => !confirmation.IsExpired)
.WithMessage(ValidateEmailConfirmation.FailedBecauseIsExpired,
p => confirmation.Token, p => confirmation.ExpiresOnUtc)
// it cannot be retired
.Must(p => !confirmation.IsRetired)
.WithMessage(ValidateEmailConfirmation.FailedBecauseIsRetired,
p => confirmation.Token, p => confirmation.RetiredOnUtc)
// it must be redeemed
.Must(p => confirmation.IsRedeemed)
.WithMessage(ValidateEmailConfirmation.FailedBecauseIsNotRedeemed,
p => confirmation.Token)
// email address must be confirmed
.Must(p => ValidateEmailAddress.IsConfirmed(confirmation.EmailAddress))
.WithMessage(ValidateEmailAddress.FailedBecauseIsNotConfirmed,
p => confirmation.EmailAddress.Value)
// it must be attached to a user
.Must(p => ValidatePerson.UserIsNotNull(confirmation.EmailAddress.Person))
.WithMessage(ValidatePerson.FailedBecauseUserWasNull,
p => confirmation.EmailAddress.Person.DisplayName)
// user cannot have a saml account
.Must(p => ValidateUser.EduPersonTargetedIdIsEmpty(confirmation.EmailAddress.Person.User))
.WithMessage(ValidateUser.FailedBecauseEduPersonTargetedIdWasNotEmpty,
p => confirmation.EmailAddress.Person.User.Name)
// user name must match local member account
.Must(p => ValidateUser.NameMatchesLocalMember(confirmation.EmailAddress.Person.User.Name, passwords))
.WithMessage(ValidateUser.FailedBecauseNameMatchedNoLocalMember,
p => confirmation.EmailAddress.Person.User.Name)
;
RuleFor(p => p.Ticket)
// its ticket must match the command ticket
.Must(p => ValidateEmailConfirmation.TicketIsCorrect(confirmation, p))
.WithMessage(ValidateEmailConfirmation.FailedBecauseTicketWasIncorrect,
p => p.Ticket, p => p.Token)
;
});
}
private static ResetPasswordValidator CreateValidator(IQueryEntities entities = null, IStorePasswords passwords = null)
{
return new ResetPasswordValidator(entities, passwords);
}
private static ResetPasswordValidator CreateValidator(IStorePasswords passwords)
{
return new ResetPasswordValidator(null, passwords);
}
