/// <summary>
/// Resets the passwords with a generated value
/// </summary>
/// <param name="username">User the password is being reset for</param>
/// <param name="answer">Password retrieval answer</param>
/// <returns>Newly generated password</returns>
public override string ResetPassword(string username, string answer)
{
// Default password is empty
string pass = String.Empty;
try
{
Snitz.IDAL.IMember dal = Snitz.IDAL.Factory <IDAL.IMember> .Create("Member");
MemberInfo m = dal.GetByName(username).SingleOrDefault();
// We found a user by that name
if (m != null)
{
// Check if the returned password answer matches
if (_requiresQuestionAndAnswer)
{
if (EncodePassword(answer) == m.ValidationKey)
{
// Create a new password with the minimum number of characters
pass = GeneratePassword(MinRequiredPasswordLength);
// If the password format is hashed, there must be a salt added
if (PasswordFormat == MembershipPasswordFormat.Hashed)
{
//string salt = GenerateSalt();
//pass = pass + salt;
m.Password = SHA256Hash(pass);
dal.Update(m);
}
//m.Password = EncodePassword(pass);
//m.PasswordSalt = salt;
// Reset everyting
//ResetAuthenticationFailures(ref m, DateTime.UtcNow);
}
}
else
{
if (PasswordFormat == MembershipPasswordFormat.Hashed)
{
//string salt = GenerateSalt();
//pass = pass + salt;
pass = GeneratePassword(MinRequiredPasswordLength);
m.Password = SHA256Hash(pass);
dal.Update(m);
}
}
}
}
catch
{
}
return(pass);
}
/// <summary>
/// Change the password retreival/reset question and answer pair
/// </summary>
/// <param name="username">Username the question and answer are being changed for</param>
/// <param name="password">Current password</param>
/// <param name="newPasswordQuestion">New password question</param>
/// <param name="newPasswordAnswer">New password answer (will also be encrypted)</param>
/// <returns>True if successful. Defaults to false.</returns>
public override bool ChangePasswordQuestionAndAnswer(string username, string password,
string newPasswordQuestion, string newPasswordAnswer)
{
if (newPasswordAnswer != "validationcode")
{
if (!ValidateUser(username, password))
{
return(false);
}
}
bool ret;
try
{
Snitz.IDAL.IMember dal = Snitz.IDAL.Factory <IDAL.IMember> .Create("Member");
MemberInfo m = dal.GetByName(username).SingleOrDefault();
m.ValidationKey = newPasswordQuestion;
m.PasswordChangeKey = newPasswordAnswer;
dal.Update(m);
ret = true;
}
catch
{
ret = false;
}
return(ret);
}
/// <summary>
/// Change the current password for a new one. Note: Both are required.
/// </summary>
/// <param name="username">Username the password is being changed for</param>
/// <param name="oldPassword">Old password to verify owner</param>
/// <param name="newPassword">New password</param>
/// <returns>True if successful. Defaults to false.</returns>
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
if (!ValidateUser(username, oldPassword))
{
return(false);
}
var args = new ValidatePasswordEventArgs(username, newPassword, false);
OnValidatingPassword(args);
if (args.Cancel)
{
if (args.FailureInformation != null)
{
throw args.FailureInformation;
}
else
{
throw new MembershipPasswordException("Password change has been cancelled due to a validation failure.");
}
}
bool ret;
try
{
Snitz.IDAL.IMember dal = Snitz.IDAL.Factory <IDAL.IMember> .Create("Member");
MemberInfo m = dal.GetByName(username).SingleOrDefault();
if (PasswordFormat == MembershipPasswordFormat.Hashed)
{
//string salt = GenerateSalt();
//newPassword = newPassword + salt;
m.Password = SHA256Hash(newPassword);
}
dal.Update(m);
ret = true;
}
catch
{
ret = false;
}
return(ret);
}
/// <summary>
/// Unlocks a user (after too many login attempts perhaps)
/// </summary>
/// <param name="userName">Username to unlock</param>
/// <returns>True if successful. Defaults to false.</returns>
public override bool UnlockUser(string userName)
{
// Return status defaults to false
bool ret;
try
{
Snitz.IDAL.IMember dal = Snitz.IDAL.Factory <IDAL.IMember> .Create("Member");
MemberInfo m = dal.GetByName(userName).SingleOrDefault();
m.Status = 1;
dal.Update(m);
// A user was found and nothing was thrown
ret = true;
}
catch
{
// Couldn't find the user or there was an error
ret = false;
}
return(ret);
}