protected override string GetPasswordFromPersistence(ClientMembershipUser user)
{
string sql = string.Format("SELECT Password FROM [User] WHERE UserId = '{0}'",
user.UserKey.ToString());
return this.database.ExecuteScalar(
this.database.GetSqlStringCommand(sql)).ToString();
}
protected override void PersistChangedPasswordQuestionAndAnswer(ClientMembershipUser user,
string password, string newPasswordAnswer)
{
string sql = string.Format("UPDATE [User] SET PasswordQuestion = '{0}', PasswordAnswer = '{1}' WHERE UserId = '{2}'",
user.PasswordQuestion, newPasswordAnswer, user.UserKey.ToString());
this.database.ExecuteNonQuery(
this.database.GetSqlStringCommand(sql));
}
protected virtual string GetPassword(ClientMembershipUser user,
string passwordAnswer)
{
// Make sure password retrievals are allowed
User.CheckPasswordRetrieval();
// Validate the user's password answer
this.ValidateUserWithPasswordAnswer(user, passwordAnswer, true);
// Get the user's password from persistence
return this.GetPasswordFromPersistence(user);
}
protected virtual string ResetPassword(ClientMembershipUser user)
{
User.CheckPasswordReset(null);
string newPassword = System.Web.Security.Membership.GeneratePassword(
(this.Application.MinRequiredPasswordLength < Constants.PasswordSize) ?
Constants.PasswordSize : this.Application.MinRequiredPasswordLength,
this.Application.MinRequiredNonAlphanumericCharacters);
string newEncodedPassword = this.EncodePassword(newPassword,
user.PasswordFormat, user.PasswordSalt);
this.PersistResetPassword(user, newEncodedPassword);
return newPassword;
}
public void PasswordAttemptSucceededTest()
{
User user = ClientMembershipService.GetUser("timm");
string passwordSalt = "1U3h6r/tQ+dGWhLm9Unyng==";
PasswordFormat passwordFormat = PasswordFormat.Hashed;
int failedPasswordAttemptCount = 0;
DateTime failedPasswordAttemptWindowStart = DateTime.MinValue;
int failedPasswordAnswerAttemptCount = 0;
DateTime failedPasswordAnswerAttemptWindowStart = DateTime.MinValue;
ClientMembershipUser target = new ClientMembershipUser(user,
passwordSalt, passwordFormat, failedPasswordAttemptCount,
failedPasswordAttemptWindowStart, failedPasswordAnswerAttemptCount,
failedPasswordAnswerAttemptWindowStart);
target.PasswordAttemptSucceeded();
Assert.AreEqual(DateTime.MinValue, target.FailedPasswordAttemptWindowStart);
Assert.AreEqual(0, target.FailedPasswordAttemptCount);
Assert.AreEqual(false, target.IsLockedOut);
Assert.AreEqual(DateTime.MinValue, target.LastLockoutDate);
}
protected override void PersistUser(ClientMembershipUser user)
{
StringBuilder builder = new StringBuilder(100);
builder.Append("UPDATE [User] SET ");
builder.Append(string.Format("{0}={1}",
UserFactory.FieldNames.Email,
DataHelper.GetSqlValue(user.Email)));
builder.Append(string.Format(",{0}={1}",
UserFactory.FieldNames.IsLockedOut,
DataHelper.GetSqlValue(user.IsLockedOut)));
builder.Append(string.Format(",{0}={1}",
UserFactory.FieldNames.LastActivityDate,
DataHelper.GetSqlValue(user.LastActivityDate)));
builder.Append(string.Format(",{0}={1}",
UserFactory.FieldNames.LastLockoutDate,
DataHelper.GetSqlValue(user.LastLockoutDate)));
builder.Append(string.Format(",{0}={1}",
UserFactory.FieldNames.LastLoginDate,
DataHelper.GetSqlValue(user.LastLoginDate)));
builder.Append(string.Format(",{0}={1}",
UserFactory.FieldNames.LastPasswordChangedDate,
DataHelper.GetSqlValue(user.LastPasswordChangedDate)));
builder.Append(string.Format(",{0}={1}",
UserFactory.FieldNames.PasswordQuestion,
DataHelper.GetSqlValue(user.PasswordQuestion)));
builder.Append(string.Format(",{0}={1}",
UserFactory.FieldNames.UserName,
DataHelper.GetSqlValue(user.UserName)));
builder.Append(string.Format(",{0}={1}",
ClientMembershipUserFactory.FieldNames.PasswordSalt,
DataHelper.GetSqlValue(user.PasswordSalt)));
builder.Append(string.Format(",{0}={1}",
ClientMembershipUserFactory.FieldNames.PasswordFormat,
DataHelper.GetSqlValue((int)user.PasswordFormat)));
builder.Append(" ");
builder.Append(string.Format("WHERE UserId = '{0}'",
user.UserKey.ToString()));
this.database.ExecuteNonQuery(
this.database.GetSqlStringCommand(builder.ToString()));
}
protected virtual string ResetPassword(ClientMembershipUser user,
string passwordAnswer)
{
// Are password resets allowed?
User.CheckPasswordReset(passwordAnswer);
// Validate the user's password answer
this.ValidateUserWithPasswordAnswer(user, passwordAnswer, true);
int maxPasswordSize =
(this.Application.MinRequiredPasswordLength <
Constants.PasswordSize)
? Constants.PasswordSize :
this.Application.MinRequiredPasswordLength;
// Create the new password
string newPassword = System.Web.Security.Membership.GeneratePassword(
maxPasswordSize,
this.Application.MinRequiredNonAlphanumericCharacters);
// Encode the password
string newEncodedPassword = this.EncodePassword(newPassword,
user.PasswordFormat, user.PasswordSalt);
// Save the user's new password
this.PersistResetPassword(user, newEncodedPassword);
// return the new password (not the encoded one!)
return newPassword;
}
protected virtual void ChangePassword(ClientMembershipUser user,
string oldPassword, string newPassword)
{
SecurityHelper.CheckParameter(oldPassword, true, true, false,
this.Application.MaxPasswordSize, "oldPassword");
SecurityHelper.CheckParameter(newPassword, true, true, false,
this.Application.MaxPasswordSize, "newPassword");
// Validate the user before making any changes
this.ValidateUserWithPassword(user, oldPassword, true);
// Make sure the new password is ok
User.ValidatePassword(newPassword);
// encode the new password
string encodedPassword = this.EncodePassword(newPassword,
user.PasswordFormat, user.PasswordSalt);
if (encodedPassword.Length > this.Application.MaxPasswordSize)
{
throw new ArgumentException("Membership password too long",
"newPassword");
}
// Save the new password
this.PersistChangedPassword(user, encodedPassword);
}
public static ClientMembershipUserContract ToClientMembershipUserContract(ClientMembershipUser user)
{
ClientMembershipUserContract contract = null;
if (user != null)
{
contract = new ClientMembershipUserContract();
contract.CreationDate = user.CreationDate;
contract.Email = user.Email;
contract.FailedPasswordAnswerAttemptCount = user.FailedPasswordAnswerAttemptCount;
contract.FailedPasswordAnswerAttemptWindowStart = user.FailedPasswordAnswerAttemptWindowStart;
contract.FailedPasswordAttemptCount = user.FailedPasswordAttemptCount;
contract.FailedPasswordAttemptWindowStart = user.FailedPasswordAttemptWindowStart;
contract.IsLockedOut = user.IsLockedOut;
contract.Key = user.Key;
contract.LastActivityDate = user.LastActivityDate;
contract.LastLockoutDate = user.LastLockoutDate;
contract.LastLoginDate = user.LastLoginDate;
contract.LastPasswordChangedDate = user.LastPasswordChangedDate;
contract.PasswordFormat = Converter.ToPasswordFormatContract(user.PasswordFormat);
contract.PasswordQuestion = user.PasswordQuestion;
contract.PasswordSalt = user.PasswordSalt;
foreach (Role role in user.Roles)
{
contract.Roles.Add(Converter.ToRoleContract(role));
}
contract.UserKey = user.UserKey;
contract.UserName = user.UserName;
}
return contract;
}
protected abstract void PersistResetPassword(ClientMembershipUser user,
string newEncodedPassword);
protected abstract string GetPasswordAnswerFromPersistence(
ClientMembershipUser user);
protected abstract void PersistChangedPasswordQuestionAndAnswer(
ClientMembershipUser user, string password,
string newPasswordAnswer);
protected abstract void PersistChangedPassword(ClientMembershipUser user,
string newPassword);
private void ValidateUserWithPasswordAnswer(ClientMembershipUser user,
string passwordAnswer, bool throwIfFails)
{
if (passwordAnswer != null)
{
passwordAnswer = passwordAnswer.Trim();
}
SecurityHelper.CheckParameter(passwordAnswer,
this.Application.RequiresQuestionAndAnswer,
this.Application.RequiresQuestionAndAnswer,
false, this.Application.MaxPasswordAnswerSize,
"passwordAnswer");
string passwordAnswerFromPersistence =
this.GetPasswordAnswerFromPersistence(user);
try
{
if (!this.CheckPasswordAnswer(passwordAnswer,
passwordAnswerFromPersistence,
user.PasswordFormat, user.PasswordSalt))
{
user.PasswordAnswerAttemptFailed();
if (throwIfFails)
{
throw new SecurityException
("The password answer supplied was not correct");
}
}
else
{
user.PasswordAnswerAttemptSucceeded();
}
}
finally
{
this.PersistUser(user);
}
}
private string GetEncodedPasswordAnswer(ClientMembershipUser user, string passwordAnswer)
{
if (passwordAnswer != null)
{
passwordAnswer = passwordAnswer.Trim();
}
if (string.IsNullOrEmpty(passwordAnswer))
{
return passwordAnswer;
}
return this.EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture),
user.PasswordFormat, user.PasswordSalt);
}
protected override void PersistResetPassword(ClientMembershipUser user, string newEncodedPassword)
{
string sql = string.Format("UPDATE [User] SET Password = '******' WHERE UserId = '{1}'",
newEncodedPassword, user.UserKey.ToString());
this.database.ExecuteNonQuery(
this.database.GetSqlStringCommand(sql));
}
protected abstract void PersistUser(ClientMembershipUser user);
public static ClientMembershipUser ToClientMembershipUser(ClientMembershipUserContract contract)
{
ClientMembershipUser user = null;
if (user != null)
{
user = new ClientMembershipUser(new User(contract.UserKey,
contract.UserName, contract.Email, contract.PasswordQuestion,
contract.IsLockedOut, contract.CreationDate, contract.LastLoginDate,
contract.LastActivityDate, contract.LastPasswordChangedDate,
contract.LastLockoutDate), contract.PasswordSalt,
Converter.ToPasswordFormat(contract.PasswordFormat),
contract.FailedPasswordAttemptCount,
contract.FailedPasswordAttemptWindowStart,
contract.FailedPasswordAnswerAttemptCount,
contract.FailedPasswordAnswerAttemptWindowStart);
foreach (RoleContract role in contract.Roles)
{
user.Roles.Add(Converter.ToRole(role));
}
}
return user;
}
protected virtual void ChangePasswordQuestionAndAnswer(
ClientMembershipUser user, string password,
string newPasswordQuestion, string newPasswordAnswer)
{
SecurityHelper.CheckParameter(newPasswordQuestion,
this.Application.RequiresQuestionAndAnswer,
this.Application.RequiresQuestionAndAnswer, false,
this.Application.MaxPasswordQuestionSize, "newPasswordQuestion");
if (newPasswordAnswer != null)
{
newPasswordAnswer = newPasswordAnswer.Trim();
}
SecurityHelper.CheckParameter(newPasswordAnswer,
this.Application.RequiresQuestionAndAnswer,
this.Application.RequiresQuestionAndAnswer, false,
this.Application.MaxPasswordAnswerSize, "newPasswordAnswer");
// Validate the user before making any changes
this.ValidateUserWithPassword(user, password, true);
string encodedPasswordAnswer;
if (!string.IsNullOrEmpty(newPasswordAnswer))
{
encodedPasswordAnswer = this.EncodePassword(
newPasswordAnswer.ToLower(CultureInfo.InvariantCulture),
user.PasswordFormat, user.PasswordSalt);
}
else
{
encodedPasswordAnswer = newPasswordAnswer;
}
SecurityHelper.CheckParameter(encodedPasswordAnswer,
this.Application.RequiresQuestionAndAnswer,
this.Application.RequiresQuestionAndAnswer, false,
this.Application.MaxPasswordAnswerSize, "newPasswordAnswer");
this.PersistChangedPasswordQuestionAndAnswer(user, password,
encodedPasswordAnswer);
}