public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
/*
* Takes, as input, a user name, a password (the user's current password), and a
* new password and updates the password in the membership data source.
* ChangePassword returns true if the password was updated successfully. Otherwise,
* it returns false. Before changing a password, ChangePassword calls the provider's
* virtual OnValidatingPassword method to validate the new password. It then
* changes the password or cancels the action based on the outcome of the call. If the
* user name, password, new password, or password answer is not valid,
* ChangePassword does not throw an exception; it simply returns false. Following a
* successful password change, ChangePassword updates the user's
* LastPasswordChangedDate.
*/
bool result = false;
if (
(username == null) || (username == String.Empty)
|| (oldPassword == null) || (oldPassword == String.Empty)
|| (newPassword == null) || (newPassword == String.Empty)
)
{
return result;
}
SiteSettings siteSettings = GetSiteSettings();
if (siteSettings == null) { return result; }
if (newPassword.Length < siteSettings.MinRequiredPasswordLength)
{
throw new ArgumentException(ResourceHelper.GetMessageTemplate("PasswordNotLongEnoughMessage.config"));
}
int countNonAlphanumericCharacters = 0;
for (int i = 0; i < newPassword.Length; i++)
{
if (!char.IsLetterOrDigit(newPassword, i))
{
countNonAlphanumericCharacters++;
}
}
if (countNonAlphanumericCharacters < siteSettings.MinRequiredNonAlphanumericCharacters)
{
throw new ArgumentException(ResourceHelper.GetMessageTemplate("PasswordRequiresMoreNonAlphanumericCharactersMessage.config"));
}
if (siteSettings.PasswordStrengthRegularExpression.Length > 0)
{
if (!Regex.IsMatch(newPassword, siteSettings.PasswordStrengthRegularExpression))
{
throw new ArgumentException(
ResourceHelper.GetMessageTemplate("PasswordDoesntMatchRegularExpressionMessage.config"));
}
}
ValidatePasswordEventArgs e = new ValidatePasswordEventArgs(username, newPassword, false);
OnValidatingPassword(e);
if (e.Cancel)
{
if (e.FailureInformation != null)
{
throw e.FailureInformation;
}
else
{
throw new ArgumentException("The custom password validation failed.");
}
}
SiteUser siteUser = new SiteUser(siteSettings, username);
if (siteUser.UserId == -1) { return result; }
if (
((MembershipPasswordFormat)siteSettings.PasswordFormat == MembershipPasswordFormat.Hashed)
&& (!siteSettings.UseLdapAuth)
)
{
if (siteUser.Password == EncodePassword(siteUser.PasswordSalt + oldPassword,MembershipPasswordFormat.Hashed))
{
siteUser.PasswordSalt = SiteUser.CreateRandomPassword(128, WebConfigSettings.PasswordGeneratorChars);
siteUser.Password = EncodePassword(siteUser.PasswordSalt + newPassword, MembershipPasswordFormat.Hashed);
siteUser.MustChangePwd = false;
siteUser.PasswordFormat = siteSettings.PasswordFormat;
result = siteUser.Save();
}
}
else if ((MembershipPasswordFormat)siteSettings.PasswordFormat == MembershipPasswordFormat.Encrypted)
{
if (siteUser.Password == EncodePassword(siteUser.PasswordSalt + oldPassword, MembershipPasswordFormat.Encrypted))
{
siteUser.PasswordSalt = SiteUser.CreateRandomPassword(128, WebConfigSettings.PasswordGeneratorChars);
siteUser.Password = EncodePassword(siteUser.PasswordSalt + newPassword, MembershipPasswordFormat.Encrypted);
siteUser.MustChangePwd = false;
siteUser.PasswordFormat = siteSettings.PasswordFormat;
result = siteUser.Save();
}
}
else if ((MembershipPasswordFormat)siteSettings.PasswordFormat == MembershipPasswordFormat.Clear)
{
if (siteUser.Password == oldPassword)
{
siteUser.Password = newPassword;
siteUser.MustChangePwd = false;
siteUser.PasswordFormat = siteSettings.PasswordFormat;
result = siteUser.Save();
}
}
if (result)
{
if (WebConfigSettings.LogIpAddressForPasswordChanges)
{
log.Info("password for user " + siteUser.Name + " was changed from ip address " + SiteUtils.GetIP4Address());
}
siteUser.UpdateLastPasswordChangeTime();
}
return result;
}
public override string ResetPassword(string userName, string passwordAnswer)
{
/*
Takes, as input, a user name and a password answer and replaces the user's current password
* with a new, random password. ResetPassword then returns the new password. A
* convenient mechanism for generating a random password is the
* Membership.GeneratePassword method. If the user name is not valid, ResetPassword
* throws a ProviderException. ResetPassword also checks the value of the
* RequiresQuestionAndAnswer property before resetting a password. If
* RequiresQuestionAndAnswer is true, ResetPassword compares the supplied password
* answer to the stored password answer and throws a MembershipPasswordException if
* the two don't match. Before resetting a password, ResetPassword verifies that
* EnablePasswordReset is true. If EnablePasswordReset is false, ResetPassword throws
* a NotSupportedException. If the user whose password is being changed is currently
* locked out, ResetPassword throws a MembershipPasswordException. Before resetting a
* password, ResetPassword calls the provider's virtual OnValidatingPassword method to
* validate the new password. It then resets the password or cancels the action based on
* the outcome of the call. If the new password is invalid, ResetPassword throws a
* ProviderException. Following a successful password reset, ResetPassword updates the
* user's LastPasswordChangedDate.
*/
SiteSettings siteSettings = GetSiteSettings();
if (!siteSettings.AllowPasswordReset)
{
throw new Exception("The method or operation is not implemented.");
}
String newPassword = null;
if ((userName != null) && (siteSettings != null))
{
SiteUser siteUser = new SiteUser(siteSettings, userName);
if (siteUser.UserId > -1)
{
if (siteUser.IsLockedOut)
{
throw new MembershipPasswordException(
ResourceHelper.GetMessageTemplate("UserAccountLockedMessage.config"));
}
bool okToResetPassword = false;
if (siteSettings.RequiresQuestionAndAnswer)
{
if ((passwordAnswer != null) && (passwordAnswer == siteUser.PasswordAnswer))
{
okToResetPassword = true;
}
else
{
// if wrong answer or user is locked out
throw new MembershipPasswordException(ResourceHelper.GetMessageTemplate("PasswordWrongAnswerToQuestionMessage.config"));
}
}
else
{
okToResetPassword = true;
}
if (okToResetPassword)
{
newPassword = SiteUser.CreateRandomPassword(siteSettings.MinRequiredPasswordLength + 2, WebConfigSettings.PasswordGeneratorChars);
switch (PasswordFormat)
{
case MembershipPasswordFormat.Clear:
siteUser.Password = newPassword;
break;
default:
siteUser.PasswordSalt = SiteUser.CreateRandomPassword(128, WebConfigSettings.PasswordGeneratorChars);
siteUser.Password = EncodePassword(siteUser.PasswordSalt + newPassword, PasswordFormat);
break;
}
siteUser.MustChangePwd = siteSettings.RequirePasswordChangeOnResetRecover;
siteUser.PasswordFormat = siteSettings.PasswordFormat;
siteUser.Save();
siteUser.UpdateLastPasswordChangeTime();
}
}
else
{
throw new ProviderException(ResourceHelper.GetMessageTemplate("UserNotFoundMessage.config"));
}
}
return newPassword;
}