public void SetPassword(string newPassword, IPasswordPolicy passwordPolicy)
{
if (passwordPolicy == null || passwordPolicy.Validate(this.Email, newPassword))
{
this.Password = newPassword.Encrypt();
}
}
public void Create(User user, string password)
{
if (user.Id != 0)
{
throw new InvalidOperationException("Can't create an existing user");
}
if (!_passwordPolicy.Validate(password))
{
throw new ArgumentException("Password does not comply to password policy");
}
base.Save(user);
// Store password seperately, because password is not a member of the user entity
const string query = "UPDATE Users SET Password = :Password WHERE Id = :UserId";
Session.CreateSQLQuery(query)
.SetInt32("UserId", user.Id)
.SetString("Password", CreateHashedPassword(password))
.UniqueResult();
}
public static int CountValidPasswords(IPasswordPolicy policy, List <string> input)
{
return(input
.Count(i =>
{
var policyString = i.Split(':')[0];
var password = i.Split(separator: ':')[1].Trim();
policy.Parse(policyString);
return policy.Validate(password);
}));
}
public object ValidatePassword(string password, IPasswordPolicy passwordPolicy)
{
try
{
if (passwordPolicy != null)
{
passwordPolicy.Validate(this.Email, password);
}
return(null);
}
catch (PasswordException ex)
{
return(ex.Issues);
}
}
public ActionResult ChangePassword(ChangePasswordViewModel changePasswordViewModel)
{
var user = _userRepository.Get(changePasswordViewModel.UserId);
if (!_userRepository.IsHashForNewPasswordRequestValid(user, changePasswordViewModel.Hash))
{
throw new HttpException(403, "You don't have access to this page");
}
if (!_passwordPolicy.Validate(changePasswordViewModel.Password))
{
AddFlashMessage(null, _translationService.Translate.PasswordShouldContainAtLeast5Characters, FlashMessageType.Error, "messageContainer");
return(View(changePasswordViewModel));
}
_userRepository.ChangePassword(user, changePasswordViewModel.Password);
AddFlashMessage(null, _translationService.Translate.YourPasswordWasChangedSuccessfully, FlashMessageType.Success, "messageContainer");
return(RedirectToAction("Index"));
}
public bool IsValid() => policy.Validate(password);
public void CreatePassword(Guid memberCode, string tokenCode, string newPassword, Guid?clientId = null)
{
using (var transaction = Connection.BeginTransaction())
{
try
{
var customerImport = customerImportRepository.Get(memberCode);
if (passwordPolicy == null || passwordPolicy.Validate(customerImport.Email, newPassword))
{
customerImport.Password = newPassword.Encrypt();
customerImport.HandleCustomer();
var listAppStore = new List <ApplicationStore>();
var applicationStore = applicationStoreRepository.GetByClientId(clientId.Value);
if (applicationStore.IsNull())
{
throw new ArgumentException("Aplicação inválida");
}
listAppStore.Add(applicationStore);
if (customerImport.StoreCode.HasValue)
{
var appsStore = applicationStoreRepository.GetByStore(customerImport.StoreCode.Value);
if (appsStore.IsNull())
{
throw new ArgumentException("Loja sem aplicações");
}
var appECStore = appsStore.FirstOrDefault(s => s.Application.Name.ToLower() == "ec-loja");
if (appECStore.IsNull())
{
throw new ArgumentException("Aplicação EC-Loja não encontrada");
}
listAppStore.Add(appECStore);
}
else
{
throw new ArgumentException("Código da loja não preenchido");
}
Customer customer;
if (customerImport is CompanyImport)
{
customer = new Company(customerImport);
}
else
{
customer = new Person(customerImport);
}
var _accounts = new Account()
{
Email = customerImport.Email,
Login = customerImport.Email,
Document = customerImport.DisplayDocument,
Password = newPassword,
Customer = customer,
Status = customerImport.Status,
Removed = false
};
listAppStore.ForEach(x =>
{
_accounts.ConnectApp(x);
});
Role _role;
listAppStore.ForEach(x =>
{
_role = roleRepository.GetByApplication(x.ApplicationCode, x.StoreCode);
if (!_role.IsNull())
{
_accounts.ConnectRole(_role);
}
});
var accountDO = accountService.Get(customerImport.Email, customerImport.DisplayDocument, applicationStore, true);
if (accountDO.IsNull())
{
accountService.Add(_accounts, applicationStore, customerImport.StoreCode.Value);
}
else
{
accountService.Update(_accounts);
}
customerImport.Password = string.Empty;
customerImport.Removed = true;
customerImport.UpdateDate = DateTime.Now;
customerImportRepository.Update(customerImport);
}
else
{
throw new ArgumentException("senha inválida.");
}
resetPasswordTokenRepository.Delete(tokenCode);
transaction.Commit();
}
catch
{
transaction.Rollback();
throw;
}
}
if (clientId.HasValue && !clientId.Value.IsEmpty())
{
using (var transaction = Connection.BeginTransaction())
{
try
{
var store = applicationStoreRepository.GetByClientId(clientId.Value).Store;
passwordLogRepository.Save(new PasswordLog(memberCode, PasswordEventLog.RecoveryCustomerImport, store.Code));
transaction.Commit();
}
catch
{
transaction.Rollback();
}
}
}
}
public Account Authenticate(string login, string password, ApplicationStore applicationStore, out bool requirePasswordChange, string urlBack = "")
{
requirePasswordChange = false;
Account account = null;
using (var transaction = Connection.BeginTransaction())
{
var accounts = accountRepository.Get(login, applicationStore, true);
if (accounts.Count() > 0)
{
var matchedAccounts = accountService.MatchPassword(accounts.ToList(), password);
if (matchedAccounts.IsNull() || matchedAccounts.Count() == 0)
{
if (applicationStore.Application.MemberType == MemberType.Consumer)
{
if (accounts.Any(a => !a.Customer.IsNull() && a.Customer.Code.IsEmpty()))
{
accounts.ForEach(a => a.WrongLoginAttempt(lockedUpMemberPolicy, lockMemberPolicy));
}
}
else
{
var _accounts = accounts.Where(a =>
a.AccountRoles.Any(ar =>
ar.Role.Status == true &&
ar.Role.Store.Status == true &&
ar.Role.StoreCode == applicationStore.StoreCode &&
ar.Role.Permissions.Any(p =>
p.Status == true &&
p.Resource.Application.Status == true &&
p.Resource.ApplicationCode == applicationStore.ApplicationCode)));
if (!_accounts.IsNull() && _accounts.Count() > 0)
{
_accounts.ForEach(a => a.WrongLoginAttempt(lockedUpMemberPolicy, lockMemberPolicy));
}
else
{
accounts.ForEach(a => a.WrongLoginAttempt(lockedUpMemberPolicy, lockMemberPolicy));
}
}
transaction.Commit();
throw new ArgumentException("User and password not found");
}
else
{
accountService.lockedUpMemberPolicy = lockedUpMemberPolicy;
accountService.lockMemberPolicy = lockMemberPolicy;
accountService.passwordPolicy = passwordPolicy;
account = accountService.Authenticate(accounts, applicationStore);
if (passwordPolicy != null)
{
requirePasswordChange = !passwordPolicy.Validate(account.Email, password, false);
}
transaction.Commit();
return(account);
}
}
else
{
if (applicationStore.Application.MemberType == MemberType.Consumer)
{
var customerImport = customerImportService.Get(login, applicationStore.Store.Code);
if (customerImport != null)
{
var token = resetPasswordTokenService.GenerateResetPasswordToken(customerImport, applicationStore, urlBack);
var _tokenCode = token.Code.EncodeURIComponent();
customerImport.HandleCustomer();
svcEmail.SendPasswordRecoveryEmailAsync(customerImport, applicationStore.Store, _tokenCode, urlBack);
transaction.Commit();
using (var transactionLog = Connection.BeginTransaction())
{
try
{
passwordLogRepository.Save(new PasswordLog(customerImport.AccountCode, PasswordEventLog.ResquetRecoryCustomerImport, applicationStore.Store.Code));
transactionLog.Commit();
}
catch
{
transactionLog.Rollback();
}
}
throw new ArgumentException("create_password_is_needed");
}
}
}
}
return(account);
}