static void ChangePassword(string incomingphonenumber, string incomingtext)
{
string mailbody = $"Received request from: {incomingphonenumber}<br>SMS Text: {incomingtext}<br>Result: ";
_logger.Info("Received SMS");
_logger.Info($"Phone number: {incomingphonenumber}");
_logger.Info($"Incoming text: {incomingtext}");
//Check if this is a valid phone number. This check let us ignore messages from short/text numbers
PhoneNumber phoneNumber = null;
try
{
phoneNumber = _phoneNumberUtil.Parse(incomingphonenumber, _currentPhoneRegion);
}
catch (Exception ex)
{
_logger.Error($"Exception during phone number parsing: {ex.Message} ({ex.GetType()})");
}
if (phoneNumber == null || !_phoneNumberUtil.IsValidNumber(phoneNumber) || incomingtext.Count(f => f == ' ') > 2)
{
_logger.Warn("Ignoring SMS, Reason: Invalid phone number");
SendMail("SMS Self Service - Invalid SMS received", mailbody + "Invalid (Operator/Advertisement) SMS, ignoring...");
return;
}
if (_config.GetValue("Protection/Bruteforce/Enabled", true) && _intrusionsList.ContainsKey(incomingphonenumber) && _intrusionsList[incomingphonenumber] > _config.GetValue("Protection/Bruteforce/MaximumRetries", 5))
{
_logger.Warn("Ignoring SMS, Reason: possible account name bruteforcing.");
return;
}
//Generate new password
string newpass = Regex.Replace(Membership.GeneratePassword(8, 0), @"[^a-zA-Z0-9]", m => "9");
try
{
//Get the username from various formats
string login = incomingtext.Replace("/", "\\").ToLower();
if (login.Contains("@")) // [email protected]
{
login = login.Split('@')[0];
}
if (login.Contains("\\")) // domain.com\username
{
login = login.Split('\\')[1];
}
login = login.Trim();
PasswordChangeResult result = _activeDirectory.ChangeUserPassword(login, newpass, phoneNumber.NationalNumber.ToString());
string message;
if (result == PasswordChangeResult.Success)
{
_logger.Info($"Successfully changed password for {login}");
message = _config.GetValue("Messages/Success", "Your temporary password:"******" " + newpass;
}
mailbody += "Successfully changed password";
}
else if (result == PasswordChangeResult.UserNotFound)
{
_logger.Error($"User \"{login}\" not found");
message = _config.GetValue("Messages/UserNotFound", "Incorrect username");
mailbody += "User not found";
}
else if (result == PasswordChangeResult.DisabledAccount)
{
_logger.Error("Account is disabled: " + login);
message = _config.GetValue("Messages/AccountDisabled",
"Account for this user is currently disabled");
mailbody += "Account is disabled";
}
else if (result == PasswordChangeResult.NoFingerprintAttached)
{
_logger.Error($"No phone number attached to account: {login}");
message = _config.GetValue("Messages/NoPhoneAttached",
"This service cannot be used by this user");
mailbody += "No phone number attached";
}
else if (result == PasswordChangeResult.InvalidFingerprint)
{
_logger.Warn($"INTRUSION? PHONE NUMBER DIFFERS FROM ONE ASSOCIATED WITH THIS ACCOUNT! Incoming number: {incomingphonenumber}, incoming text: {incomingtext}");
message = _config.GetValue("Messages/IncorrectNumber", "");
mailbody += "<font color=\"red\">This phone number is not the one associated with this account.</font>";
if (!_intrusionsList.ContainsKey(incomingphonenumber))
{
_intrusionsList[incomingphonenumber] = 0;
}
_intrusionsList[incomingphonenumber] += 1;
}
else
{
_logger.Fatal($"Error while when fulfilling password change request: {result}");
message = _config.GetValue("Messages/InternalError", "Service temporary not available");
mailbody += $"<font color=\"red\">ERROR WHILE FULFILLING REQUEST: {result}</font>";
}
if (!string.IsNullOrEmpty(message))
{
Utils.SendMessage(_comm, incomingphonenumber, message);
}
SendMail("SMS Self Service - Password Change Request", mailbody);
}
catch (Exception ex)
{
_logger.Fatal($"Error while changing user password: {ex.Message} ({ex.GetType()}) | {ex}");
}
}
