public SignInValidator(IStorePasswords passwords) { CascadeMode = CascadeMode.StopOnFirstFailure; _passwords = passwords; _session = HttpContext.Current != null && HttpContext.Current.Session != null ? new HttpSessionStateWrapper(HttpContext.Current.Session) : null; RuleFor(p => p.Password) // cannot be empty .NotEmpty() .WithMessage(FailedBecausePasswordWasEmpty) // account cannot be locked out .Must(ValidateIsNotLockedOut) .WithMessage(FailedBecauseIsLockedOut, p => _passwords.MaximumPasswordAttempts) // validate the password .Must(ValidatePasswordIsCorrect) .WithMessage(FailedBecausePasswordWasIncorrect, p => _passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts(), p => (_passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts() == 1) ? string.Empty : "s") // check lockout again, this may be last attempt .Must(ValidateIsNotLockedOut) .WithMessage(FailedBecauseIsLockedOut, p => _passwords.MaximumPasswordAttempts) ; }
public UpdatePasswordValidator(IStorePasswords passwords) { CascadeMode = CascadeMode.StopOnFirstFailure; _passwords = passwords; _httpContext = HttpContext.Current != null ? new HttpContextWrapper(HttpContext.Current) : null; _session = _httpContext != null && _httpContext.Session != null ? _httpContext.Session : null; RuleFor(p => p.CurrentPassword) // cannot be empty .NotEmpty() .WithMessage(FailedBecauseOldPasswordWasEmpty) // account cannot be locked out .Must(ValidateIsNotLockedOut) .WithMessage(FailedBecauseIsLockedOut, p => _passwords.MaximumPasswordAttempts) // validate the password .Must(ValidatePasswordIsCorrect) .WithMessage(FailedBecauseCurrentPasswordWasIncorrect, p => _passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts(), p => (_passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts() == 1) ? string.Empty : "s") // check lockout again, this may be last attempt .Must(ValidateIsNotLockedOut) .WithMessage(FailedBecauseIsLockedOut, p => _passwords.MaximumPasswordAttempts) ; RuleFor(p => p.NewPassword) // cannot be empty .NotEmpty() .WithMessage(FailedBecauseNewPasswordWasEmpty) // at least 6 characters long .Length(passwords.MinimumPasswordLength, int.MaxValue) .WithMessage(FailedBecauseNewPasswordWasTooShort, p => passwords.MinimumPasswordLength) ; RuleFor(p => p.ConfirmPassword) // can never be empty .NotEmpty() .WithMessage(FailedBecauseNewPasswordConfirmationWasEmpty) ; RuleFor(p => p.ConfirmPassword) // equals password unless empty or password failed validation .Equal(p => p.NewPassword) .Unless(p => string.IsNullOrWhiteSpace(p.ConfirmPassword) || string.IsNullOrWhiteSpace(p.NewPassword) || p.NewPassword.Length < passwords.MinimumPasswordLength) .WithMessage(FailedBecauseNewPasswordConfirmationDidNotEqualPassword) ; }
public static void FailedPasswordAttempt(this HttpSessionStateBase session) { if (session == null) { return; } session[FailedPasswordAttemptsKey] = session.FailedPasswordAttempts() + 1; }
private bool ValidateIsNotLockedOut(UpdatePasswordForm model, string password) { var isLockedOut = _passwords.IsLockedOut(_httpContext.User.Identity.Name); if (isLockedOut) { _session.FailedPasswordAttempts(false); } return(!isLockedOut); }
private bool ValidateIsNotLockedOut(SignInForm model, string password) { var isLockedOut = _passwords.IsLockedOut(model.EmailAddress); if (isLockedOut) { _session.FailedPasswordAttempts(false); } return(!isLockedOut); }