예제 #1
0
        private TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest GetPasswordResetRequest(Guid accountID)
        {
            TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordResetRequest = null;

            //get the user by username first then we can figure out if the password is ok
            TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordRequestCriteria =
                new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME])
            {
                AccountID = accountID
            };

            TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest searchReturned =
                new TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]);

            searchReturned.FillByCriteriaExact(foundPasswordRequestCriteria);

            if (searchReturned != null && searchReturned.Count > 0)
            {
                //there should only be one
                if (searchReturned.Count == 1)
                {
                    foundPasswordResetRequest = (TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest)searchReturned[0];
                }
                else
                {
                    throw new ApplicationException("There should only be one email address with this profile, but there is more than one, contact administrator");
                }
            }
            return(foundPasswordResetRequest);
        }
예제 #2
0
        public bool ResetPassword(string username, string email, string passwordResetRequestCode, string newPassword)
        {
            bool success = false;

            //1) Find the passwordResetRequestCode Record if it exists, which gives the account id
            //2) Get the AccountRecord
            //3) Update the Password = newPassword and the Deleted flag = true, call update on bo to update in database
            TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordResetRequest = null;

            TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest passwordResetSearchCriteria =
                new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME])
            {
                PasswordResetCode = passwordResetRequestCode
            };

            TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest passwordResetSearchReturned =
                new TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]);
            passwordResetSearchReturned.FillByCriteriaExact(passwordResetSearchCriteria);

            if (passwordResetSearchReturned != null && passwordResetSearchReturned.Count > 0)
            {
                if (passwordResetSearchReturned.Count == 1)
                {
                    foundPasswordResetRequest = (TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest)passwordResetSearchReturned[0];
                    //make sure that the email or username is valid
                    TestSprocGenerator.Business.SingleTable.Bo.Account foundAccount = null;
                    string emailAddress = DetermineEmailGetAccountByEmailOrUsername(username, email, out foundAccount);
                    if (foundAccount != null)
                    {
                        //account is valid if the accountid of the returned record and the password request record accountID match
                        if (foundAccount.AccountID == foundPasswordResetRequest.AccountID)
                        {
                            //TODO: should probably do this in a transaction instead of having the possibility of one of these
                            //failing

                            foundAccount.Deleted         = false;
                            foundAccount.AccountPassword = HashSaltHelper.CreatePasswordHash(newPassword,
                                                                                             HashSaltHelper.CreateSalt());

                            foundAccount.Update();

                            foundPasswordResetRequest.Delete();
                            success = true;
                        }
                        else
                        {
                            throw new ApplicationException("Email or Username provided does not match the Password Reset Request code record");
                        }
                    }
                    else
                    {
                        throw new ApplicationException("Email or Username provided is not valid");
                    }
                }
            }
            return(success);
        }