/// <summary> /// Updates the user password /// </summary> /// <param name="newPassword">new password</param> /// <param name="forceExpiration">force expiration</param> /// <returns>True if the password was set successfully; false otherwise</returns> public bool SetPassword(string newPassword, bool forceExpiration) { bool isAdmin = this.IsAdmin; PasswordPolicy policy; if (isAdmin) { policy = new MerchantPasswordPolicy(); } else { policy = new CustomerPasswordPolicy(); } int historyDays = policy.HistoryDays; int historyCount = policy.HistoryCount; DateTime lastPasswordDate = LocaleHelper.LocalNow.AddDays(-1 * historyDays); UserPasswordCollection passwordCollection = this.Passwords; int passwordCount = passwordCollection.Count; for (int i = passwordCount - 1; i >= 0; i--) { UserPassword oldPassword = passwordCollection[i]; if ((oldPassword.PasswordNumber >= historyCount) && (oldPassword.CreateDate <= lastPasswordDate)) { passwordCollection[i].Delete(); passwordCollection.RemoveAt(i); } else { passwordCollection[i].PasswordNumber++; } } UserPassword userPassword = new UserPassword(); userPassword.Password = UserPasswordHelper.EncodePassword(newPassword, policy.PasswordFormat); userPassword.PasswordFormat = policy.PasswordFormat; userPassword.PasswordNumber = 1; userPassword.CreateDate = LocaleHelper.LocalNow; userPassword.ForceExpiration = forceExpiration; passwordCollection.Add(userPassword); this.LastPasswordChangedDate = userPassword.CreateDate; bool result = (this.Save() != SaveResult.Failed); if (isAdmin) { Logger.Audit(AuditEventType.PasswordChanged, result, string.Empty); } return(result); }
/// <summary> /// Validates the given username and password /// </summary> /// <param name="username">Name of user attempting login</param> /// <param name="password">Password provided by user</param> /// <returns>True if the login succeeds; false otherwise.</returns> public static bool Login(string username, string password) { User user = UserDataSource.LoadForUserName(username); if (user == null) { return(AuditLogin_InvalidUsername(username)); } if (!user.IsApproved) { return(AuditLogin_Unapproved(user)); } UserPasswordCollection passwordCollection = user.Passwords; if (passwordCollection.Count == 0) { return(AuditLogin_NoPassword(user)); } UserPassword storedPassword = passwordCollection[0]; bool isPasswordValid = storedPassword.VerifyPassword(password); PasswordPolicy policy; if (user.IsAdmin) { policy = new MerchantPasswordPolicy(); } else { policy = new CustomerPasswordPolicy(); } if (user.IsLockedOut) { if (user.LastLockoutDate >= LocaleHelper.LocalNow.AddMinutes(-1 * policy.LockoutPeriod)) { //STILL LOCKED OUT // BUG # 6688 (DONT RESET THE LOCKOUT TIME IF ACCOUNT ALREADY LOCKED) // ALSO IGNORE THE LOGIN ATTEMPTS //if (!isPasswordValid) //{ // user.LastLockoutDate = LocaleHelper.LocalNow; // user.FailedPasswordAttemptCount += 1; // user.Save(); //} return(AuditLogin_AccountLocked(user)); } user.IsLockedOut = false; } if (isPasswordValid) { user.FailedPasswordAttemptCount = 0; user.LastLoginDate = LocaleHelper.LocalNow; user.Save(); return(AuditLogin_Success(user)); } else { user.FailedPasswordAttemptCount += 1; if (user.FailedPasswordAttemptCount >= policy.MaxAttempts) { user.IsLockedOut = true; // RESET THE FAILED ATTEMPTS COUNT user.FailedPasswordAttemptCount = 0; user.LastLockoutDate = LocaleHelper.LocalNow; } user.Save(); return(AuditLogin_InvalidPassword(user)); } }