/// <summary> /// Change Users password Question and Answer /// </summary> /// <param name="username">Username to change Q&A for</param> /// <param name="password">Password</param> /// <param name="newPasswordQuestion">New question</param> /// <param name="newPasswordAnswer">New answer</param> /// <returns> Boolean depending on whether the change was successful</returns> public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer) { // Check arguments for null values if ((username == null) || (password == null) || (newPasswordQuestion == null) || (newPasswordAnswer == null)) { throw new ArgumentException("Username, Password, Password Question or Password Answer cannot be null"); } UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); newPasswordAnswer = YafMembershipProvider.EncodeString(newPasswordAnswer, currentPasswordInfo.PasswordFormat, currentPasswordInfo.PasswordSalt, this.UseSalt); if (currentPasswordInfo != null && currentPasswordInfo.IsCorrectPassword(password)) { try { DB.ChangePasswordQuestionAndAnswer(this.ApplicationName, username, newPasswordQuestion, newPasswordAnswer); return(true); } catch { // will return false... } } return(false); // Invalid password return false }
/// <summary> /// Validates a user by user name / password /// </summary> /// <param name="userName">Username</param> /// <param name="userName">Password</param> /// /// <returns>True/False whether username/password match what is on database.</returns> public override bool ValidateUser(string username, string password) { UserPasswordInfo currentUser = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); if (currentUser != null && currentUser.IsApproved) { return(currentUser.IsCorrectPassword(password)); } return(false); }
/// <summary> /// Reset a users password - * /// </summary> /// <param name="username">User to be found based by Name</param> /// <param name="answer">Verifcation that it is them</param> /// <returns>Username as string</returns> public override string ResetPassword(string username, string answer) { string newPassword = string.Empty, newPasswordEnc = string.Empty, newPasswordSalt = string.Empty, newPasswordAnswer = string.Empty; /// Check Password reset is enabled if (!(this.EnablePasswordReset)) { ExceptionReporter.ThrowNotSupported("MEMBERSHIP", "RESETNOTSUPPORTED"); } // Check arguments for null values if (username == null) { ExceptionReporter.ThrowArgument("MEMBERSHIP", "USERNAMEPASSWORDNULL"); } // get an instance of the current password information class UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); if (currentPasswordInfo != null) { if (UseSalt && String.IsNullOrEmpty(currentPasswordInfo.PasswordSalt)) { // get a new password salt... newPasswordSalt = YafMembershipProvider.GenerateSalt(); } else { // use existing salt... newPasswordSalt = currentPasswordInfo.PasswordSalt; } if (!String.IsNullOrEmpty(answer)) { // verify answer is correct... if (!currentPasswordInfo.IsCorrectAnswer(answer)) { return(null); } } // create a new password newPassword = YafMembershipProvider.GeneratePassword(this.MinRequiredPasswordLength, this.MinRequiredNonAlphanumericCharacters); // encode it... newPasswordEnc = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt); // save to the database DB.ResetPassword(this.ApplicationName, username, newPasswordEnc, newPasswordSalt, ( int )this.PasswordFormat, this.MaxInvalidPasswordAttempts, this.PasswordAttemptWindow); // Return unencrypted password return(newPassword); } return(null); }
/// <summary> /// Change Users password /// </summary> /// <param name="username">Username to change password for</param> /// <param name="oldpassword">Password</param> /// <param name="newPassword">New question</param> /// <returns> Boolean depending on whether the change was successful</returns> public override bool ChangePassword(string username, string oldPassword, string newPassword) { string newPasswordSalt = string.Empty; string newEncPassword = string.Empty; // Clean input // Check password meets requirements as set by Configuration settings if (!(this.IsPasswordCompliant(newPassword))) { return(false); } UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); // validate the correct user information was found... if (currentPasswordInfo == null) { return(false); } // validate the correct user password was entered... if (!currentPasswordInfo.IsCorrectPassword(oldPassword)) { return(false); } // generate a salt if desired... if (UseSalt) { newPasswordSalt = YafMembershipProvider.GenerateSalt(); } // encode new password newEncPassword = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt); // Call SQL Password to Change DB.ChangePassword(this.ApplicationName, username, newEncPassword, newPasswordSalt, ( int )this.PasswordFormat, currentPasswordInfo.PasswordAnswer); // Return True return(true); }
/// <summary> /// Retrieves the Users password (if EnablePasswordRetrieval is true) /// </summary> /// <param name="username">Username to retrieve password for</param> /// <param name="answer">Answer to the Users Membership Question</param> /// <param name="newPasswordQuestion">New question</param> /// <param name="newPasswordAnswer">New answer</param> /// <returns> Password unencrypted</returns> public override string GetPassword(string username, string answer) { if (!this.EnablePasswordRetrieval) { ExceptionReporter.ThrowNotSupported("MEMBERSHIP", "PASSWORDRETRIEVALNOTSUPPORTED"); } // Check for null arguments if ((username == null) || (answer == null)) { ExceptionReporter.ThrowArgument("MEMBERSHIP", "USERNAMEPASSWORDNULL"); } UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); if (currentPasswordInfo != null && currentPasswordInfo.IsCorrectAnswer(answer)) { return(YafMembershipProvider.DecodeString(currentPasswordInfo.Password, currentPasswordInfo.PasswordFormat)); } return(null); }