コード例 #1
0
        /// <summary>
        /// Resets a user's password to a new, automatically generated password.
        /// </summary>
        /// <returns>
        /// The new password for the specified user.
        /// </returns>
        /// <param name="username">The user to reset the password for. </param><param name="answer">The password answer for the specified user. </param>
        public override string ResetPassword(string username, string answer)
        {
            if (!PasswordPolicy.IsPasswordResetEnabled)
            {
                throw new NotSupportedException("Password reset is not supported.");
            }

            var user = AccountRepository.Get(username);

            if (PasswordPolicy.IsPasswordQuestionRequired && answer == null)
            {
                throw new MembershipPasswordException("Password answer is empty and question/answer is required.");
            }

            if (PasswordPolicy.IsPasswordQuestionRequired &&
                !user.PasswordAnswer.Equals(answer, StringComparison.OrdinalIgnoreCase))
            {
                return(null);
            }

            var newPassword = PasswordStrategy.GeneratePassword(PasswordPolicy);

            ValidatePassword(username, newPassword);

            var info = new AccountPasswordInfo(username, newPassword);

            user.Password     = PasswordStrategy.Encrypt(info);
            user.PasswordSalt = info.PasswordSalt;
            AccountRepository.Update(user);
            return(newPassword);
        }
コード例 #2
0
        //Demander un unique email... e préremplir du provider si Oauth et disponible... (exemple Facebook).. comme il semble faire pour le username (a voir)

        public IUser CreateOrUpdateUser(IUser user)
        {
            if (String.IsNullOrEmpty(user.Name))
            {
                throw new MembershipCreateUserException(MembershipCreateStatus.InvalidUserName);
            }
            //if (String.IsNullOrEmpty(user.Password)) throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
            if (String.IsNullOrEmpty(user.Email))
            {
                throw new MembershipCreateUserException(MembershipCreateStatus.InvalidEmail);
            }

            if (user.Id.IsNullOrEmpty()) // New user...
            {
                if (UserQueries.GetUserNameByEmail(user.Email) != null)
                {
                    throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateEmail);
                }

                if (UserQueries.Get(user.Name) != null)
                {
                    throw new MembershipCreateUserException(MembershipCreateStatus.DuplicateUserName);
                }

                user.CreatedAt = _dateTimeManager.Now();
            }

            if (!user.ThirdPartyAuthenticationUserAccounts.Any() || !user.Password.IsNullOrEmpty())
            {
                try
                {
                    ValidatePassword(user.Name, user.Password);
                }
                catch
                {
                    // not the smoothest approach, but the best
                    // considering the inconsistent password failure handling.
                    throw new MembershipCreateUserException(MembershipCreateStatus.InvalidPassword);
                }
            }

            var passwordInfo = new AccountPasswordInfo(user.Name, user.Password);

            user.Password     = PasswordStrategy.Encrypt(passwordInfo);
            user.PasswordSalt = passwordInfo.PasswordSalt;

            var status = UserCommands.Register(user);

            if (status != MembershipCreateStatus.Success)
            {
                throw new MembershipCreateUserException(status);
            }

            return(user);
        }
コード例 #3
0
        /// <summary>
        /// Adds a new membership user to the data source.
        /// </summary>
        /// <returns>
        /// A <see cref="T:System.Web.Security.MembershipUser"/> object populated with the information for the newly created user.
        /// </returns>
        /// <param name="username">The user name for the new user. </param><param name="password">The password for the new user. </param><param name="email">The e-mail address for the new user.</param><param name="passwordQuestion">The password question for the new user.</param><param name="passwordAnswer">The password answer for the new user</param><param name="isApproved">Whether or not the new user is approved to be validated.</param><param name="providerUserKey">The unique identifier from the membership data source for the user.</param><param name="status">A <see cref="T:System.Web.Security.MembershipCreateStatus"/> enumeration value indicating whether the user was created successfully.</param>
        public override MembershipUser CreateUser(string username, string password, string email,
                                                  string passwordQuestion, string passwordAnswer, bool isApproved,
                                                  object providerUserKey, out MembershipCreateStatus status)
        {
            if (AccountRepository.IsUniqueEmailRequired && AccountRepository.GetUserNameByEmail(email) != null)
            {
                status = MembershipCreateStatus.DuplicateEmail;
                return(null);
            }

            if (AccountRepository.Get(username) != null)
            {
                status = MembershipCreateStatus.DuplicateUserName;
                return(null);
            }

            try
            {
                ValidatePassword(username, password);
            }
            catch
            {
                // not the smoothest approach, but the best
                // considering the inconsistent password failure handling.
                status = MembershipCreateStatus.InvalidPassword;
                return(null);
            }

            var account      = AccountRepository.Create(providerUserKey, ApplicationName, username, email);
            var passwordInfo = new AccountPasswordInfo(username, password);

            account.Password     = PasswordStrategy.Encrypt(passwordInfo);
            account.PasswordSalt = passwordInfo.PasswordSalt;

            account.PasswordAnswer   = passwordAnswer;
            account.PasswordQuestion = passwordQuestion;

            status = AccountRepository.Register(account);
            if (status == MembershipCreateStatus.Success)
            {
                return(CloneUser(account));
            }

            return(null);
        }
コード例 #4
0
        /// <summary>
        /// Processes a request to update the password for a membership user.
        /// </summary>
        /// <returns>
        /// true if the password was updated successfully; otherwise, false.
        /// </returns>
        /// <param name="username">The user to update the password for. </param><param name="oldPassword">The current password for the specified user. </param><param name="newPassword">The new password for the specified user. </param>
        public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            var account = AccountRepository.Get(username);
            var pwInfo  = account.CreatePasswordInfo();

            if (!PasswordStrategy.Compare(pwInfo, oldPassword))
            {
                return(false);
            }

            ValidatePassword(username, newPassword);

            account.Password = newPassword;
            pwInfo           = account.CreatePasswordInfo();
            account.Password = PasswordStrategy.Encrypt(pwInfo);
            AccountRepository.Update(account);
            return(true);
        }
コード例 #5
0
        public bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            if (String.IsNullOrEmpty(username))
            {
                throw new ArgumentException("Value cannot be null or empty.", "username");
            }
            if (String.IsNullOrEmpty(oldPassword))
            {
                throw new ArgumentException("Value cannot be null or empty.", "oldPassword");
            }
            if (String.IsNullOrEmpty(newPassword))
            {
                throw new ArgumentException("Value cannot be null or empty.", "newPassword");
            }

            // The underlying ChangePassword() will throw an exception rather
            // than return false in certain failure scenarios.
            try
            {
                var account = UserQueries.Get(username);
                var pwInfo  = account.CreatePasswordInfo();
                if (!PasswordStrategy.Compare(pwInfo, oldPassword))
                {
                    return(false);
                }

                ValidatePassword(username, newPassword);

                account.Password = newPassword;
                pwInfo           = account.CreatePasswordInfo();
                account.Password = PasswordStrategy.Encrypt(pwInfo);
                UserCommands.Update(account);

                return(true);
            }
            catch (ArgumentException)
            {
                return(false);
            }
            catch (MembershipPasswordException)
            {
                return(false);
            }
        }