public UpdatePasswordServices(IProcessQueries queryProcessor
     , IStorePasswords passwords
     QueryProcessor = queryProcessor;
     Passwords = passwords;
예제 #2
 public HandleResetPasswordCommand(ICommandEntities entities
                                   , IStorePasswords passwords
     _entities  = entities;
     _passwords = passwords;
예제 #3
 public CreatePasswordHandler(ICommandEntities entities
                              , IStorePasswords passwords
     _entities  = entities;
     _passwords = passwords;
예제 #4
 public IdentityController(ISignUsers userSigner
     , IStorePasswords passwords
     _userSigner = userSigner;
     _passwords = passwords;
예제 #5
        public SignInValidator(IStorePasswords passwords)
            CascadeMode = CascadeMode.StopOnFirstFailure;
            _passwords  = passwords;

            _session = HttpContext.Current != null && HttpContext.Current.Session != null
                ? new HttpSessionStateWrapper(HttpContext.Current.Session)
                : null;

            RuleFor(p => p.Password)
            // cannot be empty
            // account cannot be locked out
                         p => _passwords.MaximumPasswordAttempts)
            // validate the password
                         p => _passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts(),
                         p => (_passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts() == 1) ? string.Empty : "s")
            // check lockout again, this may be last attempt
                         p => _passwords.MaximumPasswordAttempts)
예제 #6
 public UpdatePasswordServices(IProcessQueries queryProcessor
                               , IStorePasswords passwords
     QueryProcessor = queryProcessor;
     Passwords      = passwords;
예제 #7
 public SignInServices(IProcessQueries queryProcessor
                       , ISignUsers userSigner
                       , IStorePasswords passwords
     QueryProcessor = queryProcessor;
     UserSigner     = userSigner;
     Passwords      = passwords;
예제 #8
 public SignInServices(IProcessQueries queryProcessor
     , ISignUsers userSigner
     , IStorePasswords passwords
     QueryProcessor = queryProcessor;
     UserSigner = userSigner;
     Passwords = passwords;
        public ValidateSendConfirmEmailMessageCommand(IQueryEntities entities, IStorePasswords passwords)
            CascadeMode = CascadeMode.StopOnFirstFailure;

            RuleFor(x => x.EmailAddress)
            //cannot be empty

            // must be valid against email address regular expression
            .WithMessage(MustBeValidEmailAddressFormat.FailMessageFormat, x => x.EmailAddress)

            // must match a person
            .MustFindPersonByEmail(entities, _person)
            .WithMessage(MustFindPersonByEmail.FailMessageFormat, x => x.EmailAddress)

            // must match an establishment
            .MustFindEstablishmentByEmail(entities, _establishment)
                         x => x.EmailAddress)

            // establishment must be a member
            .Must(x => _establishment.Entity.IsMember)
                         x => _establishment.Entity.RevisionId)

            // when person is not null and intent is to reset password,
            When(x => _person.Entity != null && x.Intent == EmailConfirmationIntent.ResetPassword, () =>
                 RuleFor(x => x.EmailAddress)
                 // the establishment must not have saml sign on
                 .Must(x => !_establishment.Entity.HasSamlSignOn())
                              x => _establishment.Entity.RevisionId)

                 // the matched person must have a user
                 .Must(x => _person.Entity.User != null)
                              x => _person.Entity.DisplayName)

                 // the user must not have a SAML account
                 .Must(x => string.IsNullOrWhiteSpace(_person.Entity.User.EduPersonTargetedId))
                              x => _person.Entity.User.Name)

                 // the email address' person's user's name must match a local member account
                 .Must(x => passwords.Exists(_person.Entity.User.Name))
                              x => _person.Entity.User.Name)

                 // the email address must be confirmed
                 .Must(x => _person.Entity.Emails.ByValue(x).IsConfirmed)
                              x => x.EmailAddress)
예제 #10
        public UpdatePasswordValidator(IStorePasswords passwords)
            CascadeMode = CascadeMode.StopOnFirstFailure;
            _passwords  = passwords;

            _httpContext = HttpContext.Current != null ? new HttpContextWrapper(HttpContext.Current) : null;
            _session     = _httpContext != null && _httpContext.Session != null
                ? _httpContext.Session
                : null;

            RuleFor(p => p.CurrentPassword)
            // cannot be empty
            // account cannot be locked out
                         p => _passwords.MaximumPasswordAttempts)
            // validate the password
                         p => _passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts(),
                         p => (_passwords.MaximumPasswordAttempts - _session.FailedPasswordAttempts() == 1) ? string.Empty : "s")
            // check lockout again, this may be last attempt
                         p => _passwords.MaximumPasswordAttempts)

            RuleFor(p => p.NewPassword)
            // cannot be empty
            // at least 6 characters long
            .Length(passwords.MinimumPasswordLength, int.MaxValue)
                         p => passwords.MinimumPasswordLength)

            RuleFor(p => p.ConfirmPassword)
            // can never be empty

            RuleFor(p => p.ConfirmPassword)
            // equals password unless empty or password failed validation
            .Equal(p => p.NewPassword)
            .Unless(p =>
                    string.IsNullOrWhiteSpace(p.ConfirmPassword) ||
                    string.IsNullOrWhiteSpace(p.NewPassword) ||
                    p.NewPassword.Length < passwords.MinimumPasswordLength)
예제 #11
 public ReceiveSamlAuthnResponseHandler(ICommandEntities entities
                                        , ISignUsers userSigner
                                        , IStorePasswords passwords
                                        , IUnitOfWork unitOfWork
     _entities   = entities;
     _userSigner = userSigner;
     _passwords  = passwords;
     _unitOfWork = unitOfWork;
 public ReceiveSamlAuthnResponseHandler(ICommandEntities entities
                                        , ISignUsers userSigner
                                        , IStorePasswords passwords
                                        , IHandleCommands <CreateEmailAddress> createEmailAddress
                                        , IUnitOfWork unitOfWork
     _entities           = entities;
     _userSigner         = userSigner;
     _passwords          = passwords;
     _createEmailAddress = createEmailAddress;
     _unitOfWork         = unitOfWork;
        public ValidateSendCreatePasswordMessageCommand(IQueryEntities entities, IStorePasswords passwords)
            CascadeMode = CascadeMode.StopOnFirstFailure;

            RuleFor(x => x.EmailAddress)
            // email address cannot be empty

            // must be valid against email address regular expression
            .WithMessage(MustBeValidEmailAddressFormat.FailMessageFormat, x => x.EmailAddress)

            // the email address must match an establishment
            .MustFindEstablishmentByEmail(entities, _establishment)
                         x => x.EmailAddress)

            // establishment must be a member
            .Must(x => _establishment.Entity.IsMember)
                         x => _establishment.Entity.RevisionId)

            // establishment must not have saml sign on
            .Must(x => !_establishment.Entity.HasSamlSignOn())
                         x => _establishment.Entity.RevisionId)

            // the email address MAY match a person
            .Must((command, x, context) =>
                var validator = new MustFindPersonByEmail(entities, _person);

            // when person is not null,
            When(x => _person.Entity != null, () =>
                 RuleFor(x => x.EmailAddress)
                 // it must not have a registered user
                 .Must(x => _person.Entity.User == null || !_person.Entity.User.IsRegistered)
                              x => _person.Entity.DisplayName)

                 // it must not have a local member account
                 .Must(x => _person.Entity.User == null || !passwords.Exists(_person.Entity.User.Name))
                              x => _person.Entity.User.Name)
예제 #14
 public IdentityController(ISignUsers userSigner
     , IStorePasswords passwords
     , IProcessQueries queryProcessor
     , IHandleCommands<UpdateSamlSignOnMetadata> updateSamlMetadata
     //, IProvideSaml2Service samlServiceProvider
     , IManageConfigurations configurationManager
     _userSigner = userSigner;
     _passwords = passwords;
     _queryProcessor = queryProcessor;
     _updateSamlMetadata = updateSamlMetadata;
     //_samlServiceProvider = samlServiceProvider;
     _configurationManager = configurationManager;
예제 #15
        public ResetPasswordValidator(IQueryEntities entities, IStorePasswords passwords)
            CascadeMode = CascadeMode.StopOnFirstFailure;

            RuleFor(p => p.Token)
            // cannot be empty guid
                         p => p.Token)
            // matches email confirmation entity
            .Must(p => ValidateEmailConfirmation.TokenMatchesEntity(p, entities))
                         p => p.Token)

            RuleFor(p => p.Password)
            // cannot be empty
            // at least 6 characters long
            .Length(passwords.MinimumPasswordLength, int.MaxValue)
                         p => passwords.MinimumPasswordLength)

            RuleFor(p => p.PasswordConfirmation)
            // can never be empty

            RuleFor(p => p.PasswordConfirmation)
            // equals password unless empty or password failed validation
            .Equal(p => p.Password)
            .Unless(p =>
                    string.IsNullOrWhiteSpace(p.PasswordConfirmation) ||
                    string.IsNullOrWhiteSpace(p.Password) ||
                    p.Password.Length < passwords.MinimumPasswordLength)
예제 #16
        public ForgotPasswordValidator(IQueryEntities entities, IStorePasswords passwords)
            CascadeMode = CascadeMode.StopOnFirstFailure;

            Establishment establishment     = null;
            var           loadEstablishment = new Expression <Func <Establishment, object> >[]
                e => e.SamlSignOn,

            Person person     = null;
            var    loadPerson = new Expression <Func <Person, object> >[]
                p => p.Emails,
                p => p.User

            RuleFor(p => p.EmailAddress)

            // cannot be empty

            // must be valid against email address regular expression

            // must match an establishment
            .Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
                         p => p.EmailAddress)

            // establishment must be a member
            .Must(p => establishment.IsMember)
                         p => p.EmailAddress)

            // establishment cannot have saml integration
            .Must(p => !establishment.HasSamlSignOn())
                         p => p.EmailAddress.GetEmailDomain())

            // must match a person
            .Must(p => ValidateEmailAddress.ValueMatchesPerson(p, entities, loadPerson, out person))
                         p => p.EmailAddress)

            // the matched person must have a user
            .Must(p => ValidatePerson.UserIsNotNull(person))
                         p => p.EmailAddress)

            // the user must not have a SAML account
            .Must(p => ValidateUser.EduPersonTargetedIdIsEmpty(person.User))
                         p => p.EmailAddress.GetEmailDomain())

            // the email address' person's user's name must match a local member account
            .Must(p => ValidateUser.NameMatchesLocalMember(person.User.Name, passwords))
                         p => p.EmailAddress)

            // the email address must be confirmed
            .Must(p => ValidateEmailAddress.IsConfirmed(person.GetEmail(p)))
                         p => p.EmailAddress)
예제 #17
        public ValidateResetPasswordCommand(IQueryEntities entities, IStorePasswords passwords)
            CascadeMode = CascadeMode.StopOnFirstFailure;

            RuleFor(x => x.Token)
            // token cannot be an empty guid
            .WithMessage(MustNotHaveEmptyConfirmationToken.FailMessageFormat, x => x.Token)

            // token must match a confirmation
            .MustFindConfirmationByToken(entities, _confirmation)
            .WithMessage(MustFindConfirmationByToken.FailMessageFormat, x => x.Token)

            // its intent must be to reset password
            .Must(x => _confirmation.Entity.Intent == EmailConfirmationIntent.ResetPassword)
                         x => _confirmation.Entity.Intent, x => x.Token)

            // it cannot be expired
            .Must(x => !_confirmation.Entity.IsExpired)
                         x => x.Token, x => _confirmation.Entity.ExpiresOnUtc)

            // it cannot be retired
            .Must(x => !_confirmation.Entity.IsRetired)
                         x => x.Token, x => _confirmation.Entity.RetiredOnUtc)

            // it must be redeemed
            .Must(x => _confirmation.Entity.IsRedeemed)
                         x => x.Token)

            // email address must be confirmed
            .Must(x => _confirmation.Entity.EmailAddress.IsConfirmed)
                         x => _confirmation.Entity.EmailAddress.Value)

            // it must be attached to a user
            .Must(x => _confirmation.Entity.EmailAddress.Person.User != null)
                         x => _confirmation.Entity.EmailAddress.Person.DisplayName)

            // user cannot have a saml account
            .Must(x => string.IsNullOrWhiteSpace(_confirmation.Entity.EmailAddress.Person.User.EduPersonTargetedId))
                         x => _confirmation.Entity.EmailAddress.Person.User.Name)

            // user name must match local member account
            .Must(x => passwords.Exists(_confirmation.Entity.EmailAddress.Person.User.Name))
                         x => _confirmation.Entity.EmailAddress.Person.User.Name)

            RuleFor(x => x.Ticket)
            // ticket cannot be empty

            // must match the entity ticket
            .Must(x => x == _confirmation.Entity.Ticket)
                         x => x.Ticket, x => x.Token)

            RuleFor(x => x.Password)
            // cannot be empty

            // length must be between 6 and 100 characters
            .Length(passwords.MinimumPasswordLength, int.MaxValue)

            RuleFor(x => x.PasswordConfirmation)
            // cannot be empty

            // must match password
            .Equal(x => x.Password)
예제 #18
 public static bool NameMatchesLocalMember(string name, IStorePasswords passwords)
예제 #19
 public static bool NameMatchesLocalMember(string name, IStorePasswords passwords)
     return passwords.Exists(name);
        public SendConfirmEmailMessageValidator(IQueryEntities entities, IStorePasswords passwords)
            CascadeMode = CascadeMode.StopOnFirstFailure;

            Person person     = null;
            var    loadPerson = new Expression <Func <Person, object> >[]
                p => p.Emails,
                p => p.User

            Establishment establishment     = null;
            var           loadEstablishment = new Expression <Func <Establishment, object> >[]
                e => e.SamlSignOn,

            RuleFor(p => p.EmailAddress)
            //cannot be empty
            // must be valid against email address regular expression
            // must match a person
            .Must(p => ValidateEmailAddress.ValueMatchesPerson(p, entities, loadPerson, out person))
                         p => p.EmailAddress)
            // must match an establishment
            .Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
                         p => p.EmailAddress)
            // establishment must be a member
            .Must(p => establishment.IsMember)
                         p => establishment.RevisionId)

            // when person is not null and intent is to reset password,
            When(p => person != null && p.Intent == EmailConfirmationIntent.ResetPassword, () =>
                 RuleFor(p => p.EmailAddress)
                 // the establishment must not have saml sign on
                 .Must(p => !establishment.HasSamlSignOn())
                              p => establishment.RevisionId)
                 // the matched person must have a user
                 .Must(p => ValidatePerson.UserIsNotNull(person))
                              p => person.DisplayName)
                 // the user must not have a SAML account
                 .Must(p => ValidateUser.EduPersonTargetedIdIsEmpty(person.User))
                              p => person.User.Name)
                 // the email address' person's user's name must match a local member account
                 .Must(p => ValidateUser.NameMatchesLocalMember(person.User.Name, passwords))
                              p => person.User.Name)
                 // the email address must be confirmed
                 .Must(p => ValidateEmailAddress.IsConfirmed(person.GetEmail(p)))
                              p => p.EmailAddress)
예제 #21
        public SendCreatePasswordMessageValidator(IQueryEntities entities, IStorePasswords passwords)
            CascadeMode = CascadeMode.StopOnFirstFailure;

            Establishment establishment     = null;
            var           loadEstablishment = new Expression <Func <Establishment, object> >[]
                e => e.SamlSignOn,

            Person person     = null;
            var    loadPerson = new Expression <Func <Person, object> >[]
                p => p.Emails,
                p => p.User

            RuleFor(p => p.EmailAddress)
            // email address cannot be empty
            // must be valid against email address regular expression
            // the email address must match a non-saml establishment
            .Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
                         p => p.EmailAddress)
            // the email address must match a member establishment
            .Must(p => ValidateEstablishment.EmailMatchesEntity(p, entities, loadEstablishment, out establishment))
                         p => p.EmailAddress)
            // the email address may match a person
            .Must(p =>
                ValidateEmailAddress.ValueMatchesPerson(p, entities, loadPerson, out person);

            // when establishment is not null,
            When(p => establishment != null, () =>
                 RuleFor(p => p.EmailAddress)
                 // it must not have saml sign on
                 .Must(p => !establishment.HasSamlSignOn())
                              p => establishment.RevisionId)
                 // it must be a member
                 .Must(p => establishment.IsMember)
                              p => person.User.Name)

            // when person is not null,
            When(p => person != null, () =>
                 RuleFor(p => p.EmailAddress)
                 // it must not have a registered user
                 .Must(p => person.User == null || !person.User.IsRegistered)
                              p => person.DisplayName)
                 // it must not have a local member account
                 .Must(p => person.User == null || !passwords.Exists(person.User.Name))
                              p => person.User.Name)
예제 #22
        public ResetPasswordValidator(IQueryEntities entities, IStorePasswords passwords)
            CascadeMode = CascadeMode.StopOnFirstFailure;

            EmailConfirmation confirmation = null;

            RuleFor(p => p.Token)
            // token cannot be an empty guid
                         p => p.Token)
            // token must match a confirmation
            .Must(p => ValidateEmailConfirmation.TokenMatchesEntity(p, entities, out confirmation))
                         p => p.Token)

            RuleFor(p => p.Ticket)
            // ticket cannot be empty

            RuleFor(p => p.Password)
            // cannot be empty
            // length must be between 6 and 100 characters
            .Length(passwords.MinimumPasswordLength, int.MaxValue)

            RuleFor(p => p.PasswordConfirmation)
            // cannot be empty

            RuleFor(p => p.PasswordConfirmation)
            // must match password unless password is invalid or password confirmation is empty
            .Equal(p => p.Password)
            .Unless(p =>
                    string.IsNullOrWhiteSpace(p.PasswordConfirmation) ||
                    string.IsNullOrWhiteSpace(p.Password) ||
                    p.Password.Length < passwords.MinimumPasswordLength)

            // when confirmation is not null,
            When(p => confirmation != null, () =>
                RuleFor(p => p.Token)
                // its intent must be to reset password
                .Must(p => confirmation.Intent == EmailConfirmationIntent.ResetPassword)
                             p => confirmation.Intent, p => confirmation.Token)
                // it cannot be expired
                .Must(p => !confirmation.IsExpired)
                             p => confirmation.Token, p => confirmation.ExpiresOnUtc)
                // it cannot be retired
                .Must(p => !confirmation.IsRetired)
                             p => confirmation.Token, p => confirmation.RetiredOnUtc)
                // it must be redeemed
                .Must(p => confirmation.IsRedeemed)
                             p => confirmation.Token)
                // email address must be confirmed
                .Must(p => ValidateEmailAddress.IsConfirmed(confirmation.EmailAddress))
                             p => confirmation.EmailAddress.Value)
                // it must be attached to a user
                .Must(p => ValidatePerson.UserIsNotNull(confirmation.EmailAddress.Person))
                             p => confirmation.EmailAddress.Person.DisplayName)
                // user cannot have a saml account
                .Must(p => ValidateUser.EduPersonTargetedIdIsEmpty(confirmation.EmailAddress.Person.User))
                             p => confirmation.EmailAddress.Person.User.Name)
                // user name must match local member account
                .Must(p => ValidateUser.NameMatchesLocalMember(confirmation.EmailAddress.Person.User.Name, passwords))
                             p => confirmation.EmailAddress.Person.User.Name)

                RuleFor(p => p.Ticket)
                // its ticket must match the command ticket
                .Must(p => ValidateEmailConfirmation.TicketIsCorrect(confirmation, p))
                             p => p.Ticket, p => p.Token)
 private static ResetPasswordValidator CreateValidator(IQueryEntities entities = null, IStorePasswords passwords = null)
     return new ResetPasswordValidator(entities, passwords);
 private static ResetPasswordValidator CreateValidator(IStorePasswords passwords)
     return new ResetPasswordValidator(null, passwords);