public void SaveQuestion(PasswordQuestion question)
{
// Get a list of security questions.
// If they do not yet exist for this user then return empty ones.
var rbacEntities = new PEMRBACEntities();
var securityQuestion = (from securityQuestions in rbacEntities.UserPasswordQuestions
where securityQuestions.UserId == _userId && securityQuestions.QuestionNumber == question.QuestionNumber
select securityQuestions).FirstOrDefault();
if (securityQuestion == null)
{
// Add new record
securityQuestion = new UserPasswordQuestion
{
UserId = _userId,
QuestionNumber = question.QuestionNumber,
Question = question.Question,
Answer = question.Answer // EncryptionManager.Hash(question.Answer.ToLower(), _salt)
};
rbacEntities.UserPasswordQuestions.Add(securityQuestion);
}
else
{
// Update existing record
securityQuestion.Question = question.Question;
securityQuestion.Answer = question.Answer; // EncryptionManager.Hash(question.Answer.ToLower(), _salt);
}
rbacEntities.SaveChanges();
}
public List <PasswordQuestion> GetQuestions()
{
// Get a list of security questions.
// If they do not yet exist for this user then return empty ones.
var rbacEntities = new PEMRBACEntities();
var questionList = new List <PasswordQuestion>();
var questions = from securityQuestions in rbacEntities.UserPasswordQuestions
orderby securityQuestions.QuestionNumber ascending
where securityQuestions.UserId == _userId select securityQuestions;
foreach (var userPasswordQuestion in questions)
{
var question = new PasswordQuestion(userPasswordQuestion.QuestionNumber, userPasswordQuestion.Question, userPasswordQuestion.Answer);
questionList.Add(question);
}
// Are there enough questions? (For now, assume 0 or 2.)
if (questionList.Count == 0)
{
questionList.Add(new PasswordQuestion(1, "", ""));
questionList.Add(new PasswordQuestion(2, "", ""));
}
return(questionList);
}
public static Prompter Password(this Prompter prompter, string name, FunctionOrColorString message,
Action <PasswordQuestion> setupQuestion = null)
{
var question = new PasswordQuestion(name, message);
setupQuestion?.Invoke(question);
prompter.Add(question);
return(prompter);
}
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
User user = User.GetByUserName(username);
bool result = false;
try
{
if (user != null)
{
user.IsDeleted = true;
user.IsApproved = false;
user.Save();
if (deleteAllRelatedData)
{
UserRoleCollection roles = UserRole.Where(c => c.UserId == user.Id);
AccountCollection accounts = Account.Where(c => c.UserId == user.Id);
PasswordCollection passwords = Password.Where(c => c.UserId == user.Id);
PasswordResetCollection resets = PasswordReset.Where(c => c.UserId == user.Id);
PasswordFailureCollection failures = PasswordFailure.Where(c => c.UserId == user.Id);
LockOutCollection lockouts = LockOut.Where(c => c.UserId == user.Id);
LoginCollection logins = Login.Where(c => c.UserId == user.Id);
PasswordQuestionCollection questions = PasswordQuestion.Where(c => c.UserId == user.Id);
SettingCollection settings = Setting.Where(c => c.UserId == user.Id);
SessionCollection session = Session.Where(c => c.UserId == user.Id);
Database db = Db.For <User>();
SqlStringBuilder sql = db.ServiceProvider.Get <SqlStringBuilder>();
roles.WriteDelete(sql);
accounts.WriteDelete(sql);
passwords.WriteDelete(sql);
resets.WriteDelete(sql);
failures.WriteDelete(sql);
lockouts.WriteDelete(sql);
logins.WriteDelete(sql);
questions.WriteDelete(sql);
settings.WriteDelete(sql);
session.WriteDelete(sql);
sql.Execute(db);
}
}
}
catch (Exception ex)
{
result = false;
Log.AddEntry("{0}.{1}::{2}", ex, this.GetType().Name, MethodBase.GetCurrentMethod().Name, ex.Message);
}
return(result);
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
status = MembershipCreateStatus.Success;
User user = User.OneWhere(c => c.Id == Convert.ToInt32(providerUserKey));
if (user != null)
{
status = MembershipCreateStatus.DuplicateProviderUserKey;
}
if (!email.Contains("@") && !email.Contains(".")) // bare minimum email check
{
status = MembershipCreateStatus.InvalidEmail;
}
try
{
user = User.Create(username, email, password, isApproved);
}
catch (UserNameInUseException uniue)
{
Log.AddEntry("{0}.{1}::{2}", uniue, this.GetType().Name, MethodBase.GetCurrentMethod().Name, uniue.Message);
status = MembershipCreateStatus.DuplicateUserName;
}
catch (EmailAlreadyRegisteredException eare)
{
Log.AddEntry("{0}.{1}::{2}", eare, this.GetType().Name, MethodBase.GetCurrentMethod().Name, eare.Message);
status = MembershipCreateStatus.DuplicateEmail;
}
PasswordQuestion question = user.PasswordQuestionsByUserId.FirstOrDefault();
if (status == MembershipCreateStatus.Success)
{
if (question == null)
{
question = user.PasswordQuestionsByUserId.AddNew();
question.Value = passwordQuestion;
question.Answer = passwordAnswer;
question.Save();
user.PasswordResetsByUserId.Reload();
}
}
MembershipUser result = User.GetMembershipUser(user);
return(result);
}
public bool CheckAnswer(PasswordQuestion question)
{
bool answerMatches = false;
var rbacEntities = new PEMRBACEntities();
var securityQuestion = (from securityQuestions in rbacEntities.UserPasswordQuestions
where securityQuestions.UserId == _userId && securityQuestions.QuestionNumber == question.QuestionNumber
select securityQuestions).First();
if (securityQuestion != null)
{
answerMatches =
securityQuestion.Answer.Equals(question.Answer, StringComparison.CurrentCultureIgnoreCase);
// securityQuestion.Answer.Equals(EncryptionManager.Hash(question.Answer.ToLower(), _salt));
}
return(answerMatches);
}
public PasswordQuestion.QuestionState QuestionState(PasswordQuestion question)
{
// Is question number valid?
if (question.QuestionNumber == 0)
{
if (!string.IsNullOrEmpty(question.Question) && !string.IsNullOrEmpty(question.Answer))
{
return(PasswordQuestion.QuestionState.New);
}
return(PasswordQuestion.QuestionState.Empty);
}
var rbacEntities = new PEMRBACEntities();
var securityQuestion = (from securityQuestions in rbacEntities.UserPasswordQuestions
where securityQuestions.UserId == _userId && securityQuestions.QuestionNumber == question.QuestionNumber
select securityQuestions).FirstOrDefault();
if (securityQuestion == null)
{
if (!string.IsNullOrEmpty(question.Question) && !string.IsNullOrEmpty(question.Answer))
{
return(PasswordQuestion.QuestionState.New);
}
return(PasswordQuestion.QuestionState.Invalid);
}
// Has the question changed?
if (!securityQuestion.Question.Equals(question.Question, StringComparison.CurrentCultureIgnoreCase))
{
//if ( securityQuestion.Answer.Equals( Utilities.Constants.Security.DummyAnswer ) )
//{
// return PasswordQuestion.QuestionState.QuestionChangedNeedAnswer;
//}
return(PasswordQuestion.QuestionState.Changed);
}
// At this point only thing left to check is whether the Answer is still the same as the original stored answer.
//return securityQuestion.Answer.Equals( EncryptionManager.Hash(question.Answer.ToLower(), _salt))
// ? PasswordQuestion.QuestionState.NoChange : PasswordQuestion.QuestionState.Changed;
return(securityQuestion.Answer.Equals(question.Answer, StringComparison.CurrentCultureIgnoreCase)
? PasswordQuestion.QuestionState.NoChange : PasswordQuestion.QuestionState.Changed);
}
