public ActionResult ChangeGeneratedPassword(Person person, string returnUrl)
{
person.Error = string.Empty;
var passwordManager = new PasswordManager();
var changePassword = passwordManager.ChangePassword(person);
if (changePassword.Item1)
{
var service = new DomainService();
person = service.GetEntity <HospitalManagementSystemContext, Person>(person.UserName, null);
person.PasswordChanged = true;
service.SaveEntity <HospitalManagementSystemContext, Person>(person, UserId, null);
FormsAuthentication.SetAuthCookie(person.UserName, false);
if (!string.IsNullOrWhiteSpace(returnUrl))
{
return(Redirect(returnUrl));
}
return(RedirectToAction("Profile", "Account"));
}
person.Error = changePassword.Item2;
return(View(person));
}
public ActionResult ResetPassword(ResetPasswordModel model)
{
if (ModelState.IsValid)
{
//get the user to reset the password for
using (var userContext = new PEMRBACEntities())
{
var user = userContext.Memberships.SingleOrDefault(u => u.PasswordVerificationToken == model.Token);
if (user != null && user.PasswordVerificationTokenExpirationDate != null)
{
DateTime expiration = ((DateTime)user.PasswordVerificationTokenExpirationDate).ToLocalTime();
if (DateTime.Now > expiration)
{
// token expired
ModelState.AddModelError("", "This token has expired. You must complete the reset password process within 10 minutes.");
var newModel = new ResetPasswordModel {
Expired = false
};
return(View(newModel));
}
else
{
// token is valid, reset their password
var passwordManager = new PasswordManager(user.UserProfile.UserName);
var returnValue = passwordManager.ChangePassword(model.NewPassword, model.Token);
if (returnValue != PasswordManager.ChangeResult.Ok)
{
ModelState.AddModelError("", passwordManager.LastError);
return(View(model));
}
//return ContactSupport(passwordManager.LastError);
return(ReturnLoginRedirectView("Your password has been reset.", "Password Reset - Success"));
}
}
else
{
// no user exists with this token
return(SendToLoginPage());
}
}
}
// If we got this far, something failed. redisplay form
return(View(model));
}
public ActionResult ChangePassword(Person person)
{
person.Error = string.Empty;
person.SetMembership(Membership.GetUser());
var passwordManager = new PasswordManager();
var changePassword = passwordManager.ChangePassword(person);
if (changePassword.Item1)
{
return(RedirectToAction("Profile", "Account"));
}
person.Error = changePassword.Item2;
return(View(person));
}
/// <summary>
/// Changes user password if the current password is verified to be correct
/// </summary>
/// <param name="newPassword">New password</param>
/// <returns>True if user password is changed successfully</returns>
/// <remarks>Set logon name, password of the ZentityUser object to correct values and then call this method.</remarks>
/// <exception cref="System.ArgumentException">Thrown when this method is called without first setting the
/// logon name and password of the ZentityUser object.</exception>
/// <exception cref="Zentity.Security.Authentication.AuthenticationException">Thrown when new password does not conform to password policy.</exception>
/// <example>
/// <code>
/// try
/// {
/// //For changing password create an instance of ZentityUser and set logon name and password.
/// //Then call ChangePassword method with new password as the parameter.
/// ZentityUser user = new ZentityUser { LogOnName = "john" };
/// user.SetPassword("john@123"); //In case of UI accepting user inputs this call would be something like user.SetPassword(passwordBox1.Password);
/// bool isPasswordChanged = user.ChangePassword("john!@#4");
/// if (isPasswordChanged)
/// {
/// Console.WriteLine("Password changed");
/// }
/// else
/// {
/// Console.WriteLine("Errors while changing password. Please verify whether the logon name and current password are correct.");
/// }
/// }
/// catch (AuthenticationException ex)
/// {
/// //AuthenticationException may be thrown in case of database errors, or if new password does not conform to password policy.
/// Console.WriteLine(ex.Message);
/// //In case of database errors the AuthenticationException object will wrap the sql exception.
/// if (ex.InnerException != null)
/// {
/// Console.WriteLine(ex.InnerException.Message);
/// }
/// }
///
/// </code>
/// </example>
public bool ChangePassword(string newPassword)
{
#region Validations
ValidateParameters("newPassword", newPassword);
#endregion
if (PasswordPolicyProvider.CheckPolicyConformance(newPassword))
{
bool success = PasswordManager.ChangePassword(this.LogOnName, this.Password, newPassword);
return success;
}
else
{
throw new AuthenticationException(ConstantStrings.PolicyConformanceExceptionMessage);
}
}
protected ActionResult ResetPassword(ProfileModel model)
{
// If we got this far, something failed, redisplay form
TryValidateModel(model.Password);
model.Groups = GetGroups(model.Username);
if (ModelState.IsValid)
{
// check to make sure the passwords have values
if (string.IsNullOrEmpty(model.Password.NewPassword) ||
string.IsNullOrEmpty(model.Password.ConfirmPassword))
{
ModelState.AddModelError("Password",
(new ResourceFactory()).GetLocalizedTitle(
ResourceTypes.ErrorMessage,
"Password must be set"));
return(View(model));
}
//force the pw reset as admin, ignore pw reset rules, etc.
try
{
var pwMGr = new PasswordManager(model.Username);
pwMGr.ChangePassword(model.Password.NewPassword, true);
// send them back to the user listing page.
ModelState.AddModelError(Constants.ViewData.ModelStateStatusKey, (new ResourceFactory()).GetLocalizedTitle(ResourceTypes.StatusMessage, "Password Changed Successfully"));
return(Edit(model.Username));
}
catch (Exception e)
{
ModelState.AddModelError("", "Could not reset users password.");
}
}
//otherwise, rol lthoreugh and add the errors
List <string> errorsToAdd = ModelState.Values.SelectMany(modelValue => modelValue.Errors).Select(modelError => modelError.ErrorMessage).ToList();
foreach (var error in errorsToAdd)
{
ModelState.AddModelError("Password", (new ResourceFactory()).GetLocalizedTitle(ResourceTypes.ErrorMessage, error));
}
return(View("Edit", model));
}
private object OnChangePassword(object message)
{
var packet = ( ChangePasswordMessage )message;
var ret = new OperationResult();
if (!this.CheckSession(packet.SessionKey))
{
ret.Value = false;
return(ret);
}
if (!this.IsPasswordCorrect(packet.OldPassword))
{
ret.Value = false;
return(ret);
}
if (!this.IsPasswordCorrect(packet.NewPassword))
{
ret.Value = false;
return(ret);
}
PasswordManager passwordManager = new PasswordManager();
string oldPassword = HashManager.Sha256(packet.OldPassword);
bool result = passwordManager.CheckPassword(oldPassword);
if (result)
{
string newPassword = HashManager.Sha256(packet.NewPassword);
result = passwordManager.ChangePassword(oldPassword, newPassword);
}
ret.Value = result;
return(ret);
}
private ActionResult ResetPassword(ProfileModel model)
{
TryValidateModel(model.Password);
if (ModelState.IsValid)
{
// check to make sure the passwords have values
if (string.IsNullOrEmpty(model.Password.NewPassword) ||
string.IsNullOrEmpty(model.Password.ConfirmPassword))
{
ModelState.AddModelError("Password",
(new ResourceFactory()).GetLocalizedTitle(
ResourceTypes.ErrorMessage,
"Password must be set"));
return(View(model));
}
// Did password change?
var passwordManager = new PasswordManager(User.Identity.Name);
//if we are forcing a password change, we need to force the change, update their status to say they dont have it required anymore, then log them out and force another login
if (model.PasswordResetRequired)
{
var returnValue = passwordManager.ChangePassword(model.Password.NewPassword, false);
if (returnValue != PasswordManager.ChangeResult.Ok)
{
ModelState.AddModelError("Password", passwordManager.LastError);
return(View(model));
}
// If here and password reset was required then clear the flag for the user.
var uMgr = new UserFactory();
uMgr.UpdateUserPasswordReset(User.Identity.Name, false);
// Log out.
Logout();
// Send user to login page
return(SendToLoginPage());
}
else
{
//otherwise, follow the regular PW reset rules
PasswordManager.ChangeResult returnValue = passwordManager.ChangePassword(model.Password.NewPassword);
if (returnValue != PasswordManager.ChangeResult.Ok)
{
ModelState.AddModelError("Password", passwordManager.LastError);
return(View(model));
}
}
//if we made it here, then the password was reset successfully. clear all the other model errors and add the status message
ModelState.AddModelError(Constants.ViewData.ModelStateStatusKey,
(new ResourceFactory()).GetLocalizedTitle(
ResourceTypes.StatusMessage,
"Password Change Successful"));
return(View(model));
}
//if we got here, something is wrong
//if they are required to change their password, tell them
if (model.PasswordResetRequired)
{
ModelState.AddModelError(Constants.ViewData.ModelStateStatusKey,
(new ResourceFactory()).GetLocalizedTitle(ResourceTypes.StatusMessage,
"Password Change Required"));
}
//otherwise, rol lthoreugh and add the errors
List <string> errorsToAdd = ModelState.Values.SelectMany(modelValue => modelValue.Errors).Select(modelError => modelError.ErrorMessage).ToList();
foreach (var error in errorsToAdd)
{
ModelState.AddModelError("Password", (new ResourceFactory()).GetLocalizedTitle(ResourceTypes.ErrorMessage, error));
}
return(View("Edit", model));
}
