Exemplo n.º 1
0
        /// <summary>
        /// Resets the password for the user related to the password token specified to the newPassword specified
        /// It'll then remove the password reset token entity specified
        /// </summary>
        /// <param name="newPassword">the new password specified</param>
        /// <param name="passwordResetToken">the reset token. Will be removed in this method if password reset is successful</param>
        /// <returns>true if successful, false otherwise</returns>
        public static async Task <bool> ResetPasswordAsync(string newPassword, PasswordResetTokenEntity passwordResetToken)
        {
            if (string.IsNullOrWhiteSpace(newPassword) || passwordResetToken == null)
            {
                return(false);
            }

            using (var adapter = new DataAccessAdapter())
            {
                var q    = new QueryFactory().User.Where(UserFields.UserID.Equal(passwordResetToken.UserID));
                var user = await adapter.FetchFirstAsync(q).ConfigureAwait(false);

                if (user == null)
                {
                    return(false);
                }

                user.Password = HnDGeneralUtils.HashPassword(newPassword, performPreMD5Hashing: true);
                var uow = new UnitOfWork2();
                uow.AddForSave(user);
                uow.AddForDelete(passwordResetToken);
                var toReturn = await uow.CommitAsync(adapter);

                return(toReturn == 2);
            }
        }
Exemplo n.º 2
0
        /// <summary>
        /// Registers a new user, using the properties of this class.
        /// </summary>
        /// <param name="nickName">Name of the nick.</param>
        /// <param name="dateOfBirth">The date of birth.</param>
        /// <param name="emailAddress">The email address.</param>
        /// <param name="emailAddressIsPublic">flag to signal if the emailaddress is visible for everyone or not</param>
        /// <param name="iconUrl">The icon URL.</param>
        /// <param name="ipNumber">The ip number.</param>
        /// <param name="location">The location.</param>
        /// <param name="occupation">The occupation.</param>
        /// <param name="signature">The signature.</param>
        /// <param name="website">The website.</param>
        /// <param name="emailData">The email data.</param>
        /// <param name="autoSubscribeThreads">Default value when user creates new threads.</param>
        /// <param name="defaultMessagesPerPage">Messages per page to display</param>
        /// <returns>
        /// UserID of new user or 0 if registration failed.
        /// </returns>
        public static async Task <int> RegisterNewUserAsync(string nickName, DateTime?dateOfBirth, string emailAddress, bool emailAddressIsPublic, string iconUrl,
                                                            string ipNumber, string location, string occupation, string signature, string website,
                                                            Dictionary <string, string> emailData, bool autoSubscribeThreads, short defaultMessagesPerPage)
        {
            var newUser = new UserEntity
            {
                AmountOfPostings     = 0,
                DateOfBirth          = dateOfBirth,
                EmailAddress         = emailAddress,
                EmailAddressIsPublic = emailAddressIsPublic,
                IPNumber             = ipNumber,
                IconURL    = iconUrl,
                IsBanned   = false,
                JoinDate   = DateTime.Now,
                Location   = location,
                NickName   = nickName,
                Occupation = occupation,
                Signature  = signature,
                Website    = website
            };

            var password = HnDGeneralUtils.GenerateRandomPassword();

            newUser.Password = HnDGeneralUtils.HashPassword(password, performPreMD5Hashing: true);

            //Preferences
            newUser.AutoSubscribeToThread          = autoSubscribeThreads;
            newUser.DefaultNumberOfMessagesPerPage = defaultMessagesPerPage;

            //Fetch the SystemDataEntity to use the "DefaultUserTitleNewUser" as the user title & the "DefaultRoleNewUser" as the roleID of the newly
            //created RoleUserEntity.
            var systemData = await SystemGuiHelper.GetSystemSettingsAsync();

            newUser.UserTitleID = systemData.DefaultUserTitleNewUser;
            newUser.RoleUser.Add(new RoleUserEntity {
                RoleID = systemData.DefaultRoleNewUser
            });

            // first encode fields which could lead to cross-site-scripting attacks
            EncodeUserTextFields(newUser);

            // now save the new user entity and the new RoleUser entity recursively in one go.
            using (var adapter = new DataAccessAdapter())
            {
                if (await adapter.SaveEntityAsync(newUser).ConfigureAwait(false))
                {
                    // all ok, Email the password
                    await HnDGeneralUtils.EmailPassword(password, emailAddress, emailData);
                }
            }

            return(newUser.UserID);
        }
Exemplo n.º 3
0
        /// <summary>
        /// Initializes the system, by running a stored procedure passing in the new admin password.
        /// </summary>
        /// <param name="newAdminPassword"></param>
        /// <param name="emailAddress"></param>
        /// <returns></returns>
        public static async Task Initialize(string newAdminPassword, string emailAddress)
        {
            if (string.IsNullOrWhiteSpace(newAdminPassword))
            {
                return;
            }

            var passwordHashed = HnDGeneralUtils.HashPassword(newAdminPassword, performPreMD5Hashing: true);

            using (var adapter = new DataAccessAdapter())
            {
                await ActionProcedures.InstallAsync(emailAddress, passwordHashed, adapter, CancellationToken.None);

                CacheController.PurgeResultsets(CacheKeys.AnonymousUserQueryResultset);
            }
        }
Exemplo n.º 4
0
        private static void ConvertUsers()
        {
            // as in the new version we'll just use plain text, we'll reset all signatures to the empty string and users have to type in their signatures again.
            Console.WriteLine("Converting users.");
            using (var adapter = new DataAccessAdapter())
            {
                Console.WriteLine("\tResetting all signature texts with 1 statement.");
                var updater = new UserEntity()
                {
                    Signature = string.Empty
                };
                Console.Write("\t\tUpdating users...");
                var result = adapter.UpdateEntitiesDirectly(updater, null);
                Console.WriteLine("\tDONE. Users updated: {0}", result);

                Console.WriteLine("\n\tRehashing passwords with PBKDF2...");
                var allUsers = (EntityCollection <UserEntity>)adapter.FetchQuery(new QueryFactory().User);
                Console.WriteLine("\t\tNumber of users to process: {0}", allUsers.Count);
                int count = 0;
                foreach (var user in allUsers)
                {
                    count++;
                    user.Password = HnDGeneralUtils.HashPassword(user.Password, performPreMD5Hashing: false);
                    if (count % 500 == 0)
                    {
                        Console.WriteLine("\t\tRehashed {0} users", count);
                    }
                }

                Console.WriteLine("\t\tDONE rehashing, persisting entities in batches to database");
                adapter.BatchSize = 150;
                adapter.SaveEntityCollection(allUsers);
                Console.WriteLine("\tDONE rehashing passwords");

                Console.WriteLine("DONE converting users.");
            }
        }
Exemplo n.º 5
0
        /// <summary>
        /// Updates the given user's profile data using the values of the properties of this class.
        /// </summary>
        /// <param name="userId">The user ID.</param>
        /// <param name="dateOfBirth">The date of birth.</param>
        /// <param name="emailAddress">The email address.</param>
        /// <param name="emailAddressIsPublic">flag to signal if the emailaddress is visible for everyone or not</param>
        /// <param name="iconUrl">The icon URL.</param>
        /// <param name="location">The location.</param>
        /// <param name="occupation">The occupation.</param>
        /// <param name="password">The password.</param>
        /// <param name="signature">The signature.</param>
        /// <param name="website">The website.</param>
        /// <param name="userTitleId">The user title ID.</param>
        /// <param name="autoSubscribeThreads">Default value when user creates new threads.</param>
        /// <param name="defaultMessagesPerPage">Messages per page to display</param>
        /// <param name="isBanned">flag whether the user is banned or not. Can be null, in which case the value is left untouched</param>
        /// <param name="roleIds">The RoleIDs of the roles the user is in. Can be null, in which case no roles are updated</param>
        /// <returns>true if succeeded, false otherwise</returns>
        public static async Task <bool> UpdateUserProfileAsync(int userId, DateTime?dateOfBirth, string emailAddress, bool emailAddressIsPublic, string iconUrl,
                                                               string location, string occupation, string password, string signature, string website, int userTitleId,
                                                               bool autoSubscribeThreads, short defaultMessagesPerPage, bool?isBanned = null, List <int> roleIds = null)
        {
            var user = await UserGuiHelper.GetUserAsync(userId);

            if (user == null)
            {
                // not found
                return(false);
            }

            user.DateOfBirth          = dateOfBirth;
            user.EmailAddress         = emailAddress;
            user.EmailAddressIsPublic = emailAddressIsPublic;
            user.IconURL     = iconUrl;
            user.Location    = location;
            user.Occupation  = occupation;
            user.UserTitleID = userTitleId;
            if (isBanned.HasValue)
            {
                user.IsBanned = isBanned.Value;
            }

            if (!string.IsNullOrWhiteSpace(password))
            {
                user.Password = HnDGeneralUtils.HashPassword(password, performPreMD5Hashing: true);
            }

            user.Signature = signature;
            user.Website   = website;

            //Preferences
            user.AutoSubscribeToThread          = autoSubscribeThreads;
            user.DefaultNumberOfMessagesPerPage = defaultMessagesPerPage;

            // first encode fields which could lead to cross-site-scripting attacks
            EncodeUserTextFields(user);

            if (roleIds != null)
            {
                // Add new entities for the user for all roleid's in the list specified. We'll first delete the ones the user is already in below directly
                foreach (var roleId in roleIds)
                {
                    user.RoleUser.Add(new RoleUserEntity()
                    {
                        RoleID = roleId
                    });
                }
            }

            using (var adapter = new DataAccessAdapter())
            {
                await adapter.StartTransactionAsync(IsolationLevel.ReadCommitted, "Update User Info").ConfigureAwait(false);

                try
                {
                    if (roleIds != null)
                    {
                        // first remove the user from all roles, we'll do that directly.
                        await adapter.DeleteEntitiesDirectlyAsync(typeof(RoleUserEntity),
                                                                  new RelationPredicateBucket(RoleUserFields.UserID.Equal(userId)))
                        .ConfigureAwait(false);
                    }

                    // then save everything in one go.
                    var toReturn = await adapter.SaveEntityAsync(user).ConfigureAwait(false);

                    adapter.Commit();
                    return(toReturn);
                }
                catch
                {
                    adapter.Rollback();
                    throw;
                }
            }
        }