public void ChangePasswordTest()
{
MembershipProvider p = CreateMembershipProvider();
MembershipCreateStatus st;
MembershipUser u = p.CreateUser("userpwd", "123123!", "*****@*****.**", "q", "a", true, null, out st);
bool b = p.ChangePassword("userpwd", "123123!", "123123!123");
Assert.IsTrue(b);
b = p.ChangePassword("userpwd", "123123!", "123123!123");
Assert.IsFalse(b);
}
public PasswordChangeReply CredentialChangePassword(PasswordChangeRequest request)
{
try
{
PasswordChangeReply response = new PasswordChangeReply();
response.ResultStatus = _membership.ChangePassword(request.UserName, request.OldPassword, request.NewPassword);
response.Status = ActionStatus.OK;
return(response);
}
catch (Exception ex)
{
throw ex.NewFault();
}
}
public ActionResult ChangePassword(ChangePasswordModel model)
{
if (ModelState.IsValid)
{
try
{
int status = _memberProvider.ChangePassword(User.Identity.Name, model.OldPassword, model.NewPassword);
switch (status)
{
case 0:
return(RedirectToAction("Index", "Home"));
case 2:
ModelState.AddModelError("", "旧密码错误");
break;
}
}
catch (Exception ex)
{
ModelState.AddModelError("", MessageConst.System_Error);
_logger.Info(ex);
}
}
return(View(model));
}
public bool ChangePassword(string userName, string oldPassword, string newPassword)
{
if (String.IsNullOrEmpty(userName))
{
throw new ArgumentException("Value cannot be null or empty.", "userName");
}
if (String.IsNullOrEmpty(oldPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "oldPassword");
}
if (String.IsNullOrEmpty(newPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "newPassword");
}
// The underlying ChangePassword() will throw an exception rather
// than return false in certain failure scenarios.
try
{
if (_provider.GetUser(userName, true /* userIsOnline */) != null)
{
return(_provider.ChangePassword(userName, oldPassword, newPassword));
}
return(false);
//return currentUser.ChangePassword(oldPassword, newPassword);
}
catch (ArgumentException)
{
return(false);
}
catch (MembershipPasswordException)
{
return(false);
}
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
if (!Initialized)
{
_prevProvider.ChangePassword(username, oldPassword, newPassword);
}
if (string.IsNullOrEmpty(username))
{
NullArgumentException("username");
}
if (string.IsNullOrEmpty(oldPassword))
{
NullArgumentException("oldPassword");
}
if (string.IsNullOrEmpty(newPassword))
{
NullArgumentException("newPassword");
}
int userid = GetUserId(username);
if (userid <= 0)
{
return(false);
}
if (VerifyPassword(userid, oldPassword, GetHashedUserPassword(userid)))
{
return(UpdatePassword(userid, newPassword) > 0);
}
return(false);
}
public bool ChangePassword(Guid userGuid, string oldPassword, string newPassword)
{
if (userGuid == Guid.Empty)
{
throw new ArgumentException("Value cannot be null or empty.", "userguid");
}
if (String.IsNullOrEmpty(oldPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "oldPassword");
}
if (String.IsNullOrEmpty(newPassword))
{
throw new ArgumentException("Value cannot be null or empty.", "newPassword");
}
// The underlying ChangePassword() will throw an exception rather
// than return false in certain failure scenarios.
try
{
return(_provider.ChangePassword(GetUser(userGuid, false).UserName, oldPassword, newPassword));
}
catch (ArgumentException)
{
return(false);
}
catch (MembershipPasswordException)
{
return(false);
}
}
public void Update(TUserType user)
{
// Try to fetch user
var membershipUser = MembershipProvider.GetUser(user.ProviderUserKey, false);
if (membershipUser == null)
{
return;
}
// Update user
_frameworkContext.TypeMappers.Map(user, membershipUser);
MembershipProvider.UpdateUser(membershipUser);
// Update password
if (!user.Password.IsNullOrWhiteSpace())
{
var tempPassword = MembershipProvider.ResetPassword(user.Username, user.PasswordAnswer);
MembershipProvider.ChangePassword(user.Username, tempPassword, user.Password);
}
// Update profile
var profile = GetProfileForUser(membershipUser.ProviderUserKey);
_frameworkContext.TypeMappers.Map(user, profile);
var hive = _hiveManager.GetWriter <ISecurityStore>(new Uri(_profileProviderMappingRoot));
using (var uow = hive.Create())
{
uow.Repositories.AddOrUpdate(profile);
uow.Complete();
}
// Update groups
var groupHive = _hiveManager.GetWriter <ISecurityStore>(new Uri(_groupsProviderMappingRoot));
using (var uow = groupHive.Create())
{
// Remove any removed user groups
foreach (var relation in uow.Repositories.GetParentRelations(profile.Id, FixedRelationTypes.UserGroupRelationType)
.Where(x => !user.Groups.Contains(x.SourceId)))
{
uow.Repositories.RemoveRelation(relation);
}
// Add any new user groups
var existingRelations = uow.Repositories.GetParentRelations(profile.Id, FixedRelationTypes.UserGroupRelationType).Select(x => x.SourceId).ToArray();
foreach (var groupId in user.Groups.Where(x => !existingRelations.Contains(x)))
{
uow.Repositories.AddRelation(new Relation(FixedRelationTypes.UserGroupRelationType, groupId, profile.Id));
}
uow.Complete();
}
}
public void ChangePassword()
{
CreateUserWithHashedPassword();
try
{
provider.ChangePassword("foo", "barbar!", "bar2");
Assert.Fail();
}
catch (ArgumentException ae1)
{
Assert.AreEqual("newPassword", ae1.ParamName);
Assert.IsTrue(ae1.Message.Contains("length of parameter"));
}
try
{
provider.ChangePassword("foo", "barbar!", "barbar2");
Assert.Fail();
}
catch (ArgumentException ae1)
{
Assert.AreEqual("newPassword", ae1.ParamName);
Assert.IsTrue(ae1.Message.Contains("alpha numeric"));
}
try
{
// now test regex strength testing
provider.ChangePassword("foo", "barbar!", "zzzxxx!");
Assert.Fail();
}
catch (ArgumentException ae1)
{
Assert.AreEqual("newPassword", ae1.ParamName);
Assert.IsTrue(ae1.Message.Contains("regular expression"));
}
// now do one that should work
bool result = provider.ChangePassword("foo", "barbar!", "barfoo!");
Assert.IsTrue(result);
provider.ValidateUser("foo", "barfoo!");
}
/// <summary>
/// Changes the password.
/// </summary>
/// <param name="userGuid">The user GUID.</param>
/// <param name="oldPassword">The old password.</param>
/// <param name="newPassword">The new password.</param>
/// <returns></returns>
public bool ChangePassword(Guid userGuid, string oldPassword, string newPassword)
{
var currentUser = _Provider.GetUser(userGuid, false);
if (currentUser != null && currentUser.ProviderUserKey != null)
{
return(_Provider.ChangePassword(currentUser.ProviderUserKey.ToString(), oldPassword, newPassword));
}
return(false);
}
public ActionResult EditAccountDetails(EditAccountDetailsViewModel model, HttpPostedFileBase image)
{
if (ModelState.IsValid)
{
//Fetch User entity from database
var user = _userRepo.Users.FirstOrDefault(u => u.UserId == model.UserId);
//Add new values to entity
if (user != null)
{
user.Name = model.Name;
user.Surname = model.Surname;
user.Mail = model.Mail;
//Update possible new image
if (image != null)
{
model.ImageMimetype = image.ContentType;
model.ImageData = new byte[image.ContentLength];
image.InputStream.Read(model.ImageData, 0, image.ContentLength);
//For a strange reason I have to put the data in the model first, and then in the user entity
user.ImageData = model.ImageData;
user.ImageMimeType = model.ImageMimetype;
}
//Change possible new password
if (!string.IsNullOrEmpty(model.Password) && !string.IsNullOrEmpty(model.OldPassword))
{
var succes = _members.ChangePassword(User.Identity.Name, model.OldPassword, model.Password);
if (!succes)
{
ModelState.AddModelError("",
"Password did not change! Is it strong (6 characters, 1 number and 1 special character) enough? ");
return(View(model));
}
}
//Save Entity
_userRepo.UpdateUser(user);
var username = user.Username;
TempData["message"] = string.Format("{0}, your profile has been updated!", username);
return(RedirectToAction("EditAccountDetails"));
}
return(RedirectToAction("Index", "Home"));
}
return(View(model));
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
LogDebug("Entering ChangePassword");
bool result = _provider.ChangePassword(username, oldPassword, newPassword);
if (result)
{
if (_cache.ContainsKey(username))
{
UserPassword userPass = (UserPassword)_cache[username];
string hashedNewPass = HashPassword(Encoding.Unicode.GetBytes(newPassword), userPass.PasswordKey);
userPass.Password = hashedNewPass;
}
}
return(result);
}
public void Can_Change_Password()
{
var username = "******";
var password = "******";
var user = new User {
Username = username, Password = password
};
MembershipProvider.CreateAccount(user);
var firstEncodedPassword = Verifier.Query <User>().Single(u => u.Username == "sallen").Password;
MembershipProvider.ChangePassword(username, password, "foo");
var secondEncodedPassword = Verifier.Query <User>().Single(u => u.Username == "sallen").Password;
Assert.NotEqual(firstEncodedPassword, secondEncodedPassword);
}
public void Can_Change_Password()
{
var username = "******";
var password = "******";
var user = new User {
Username = username, Password = password
};
MembershipProvider.CreateAccount(user);
var firstEncodedPassword = _db.GetPassword(username);
MembershipProvider.ChangePassword(username, password, "foo");
var secondEncodedPassword = _db.GetPassword(username);
Assert.NotEqual(firstEncodedPassword, secondEncodedPassword);
}
public override bool ChangePassword(string oldPassword, string newPassword)
{
Assert.IsNotNull(oldPassword, "oldPassword");
Assert.IsNotNull(newPassword, "newPassword");
MembershipProvider provider = Membership.Providers[this.ProviderName];
if (provider == null)
{
return(false);
}
if (!provider.ChangePassword(UserName, oldPassword, newPassword))
{
return(false);
}
UpdateInnerUser();
return(true);
}
/// <summary>
/// UpdateUser
/// Autogenerated by CodeWizard 04/04/2003 17.55.40
/// </summary>
/// <param name="userID">The user ID.</param>
/// <param name="name">The name.</param>
/// <param name="company">The company.</param>
/// <param name="address">The address.</param>
/// <param name="city">The city.</param>
/// <param name="zip">The zip.</param>
/// <param name="countryID">The country ID.</param>
/// <param name="stateID">The state ID.</param>
/// <param name="phone">The phone.</param>
/// <param name="fax">The fax.</param>
/// <param name="password">The password.</param>
/// <param name="email">The email.</param>
/// <param name="sendNewsletter">if set to <c>true</c> [send newsletter].</param>
public void UpdateUser(Guid userID, string name, string company, string address, string city,
string zip, string countryID, int stateID, string phone,
string fax, string password, string email, bool sendNewsletter)
{
RainbowUser user = MembershipProvider.GetUser(userID, true) as RainbowUser;
user.Email = email;
user.Name = name;
user.Company = company;
user.Address = address;
user.Zip = zip;
user.City = city;
user.CountryID = countryID;
user.StateID = stateID;
user.Fax = fax;
user.Phone = phone;
user.SendNewsletter = sendNewsletter;
MembershipProvider.ChangePassword(CurrentPortalSettings.PortalAlias, user.UserName, user.GetPassword(), password);
MembershipProvider.UpdateUser(user);
}
/// <summary>
/// Update User
/// Autogenerated by CodeWizard 04/04/2003 17.55.40
/// </summary>
/// <param name="userId">
/// The user ID.
/// </param>
/// <param name="name">
/// The user name.
/// </param>
/// <param name="company">
/// The company.
/// </param>
/// <param name="address">
/// The address.
/// </param>
/// <param name="city">
/// The user's city.
/// </param>
/// <param name="zip">
/// The zip code.
/// </param>
/// <param name="countryId">
/// The country ID.
/// </param>
/// <param name="stateId">
/// The state ID.
/// </param>
/// <param name="phone">
/// The phone.
/// </param>
/// <param name="fax">
/// The fax number.
/// </param>
/// <param name="password">
/// The password.
/// </param>
/// <param name="email">
/// The email.
/// </param>
/// <param name="sendNewsletter">
/// if set to <c>true</c> [send newsletter].
/// </param>
/// <param name="portalAlias">
/// The portal Alias.
/// </param>
public void UpdateUser(
Guid userId,
string name,
string company,
string address,
string city,
string zip,
string countryId,
int stateId,
string phone,
string fax,
string password,
string email,
bool sendNewsletter,
string portalAlias)
{
var user = MembershipProvider.GetUser(userId, false) as AppleseedUser;
if (user == null)
{
return;
}
user.Email = email;
user.Name = name;
user.Company = company;
user.Address = address;
user.Zip = zip;
user.City = city;
user.CountryID = countryId;
user.StateID = stateId;
user.Fax = fax;
user.Phone = phone;
user.SendNewsletter = sendNewsletter;
MembershipProvider.ChangePassword(
/*CurrentPortalSettings.PortalAlias*/ portalAlias, user.UserName, user.GetPassword(), password);
MembershipProvider.UpdateUser(user);
}
public void UpdateUser(string userName, string password, string oldPassword, string email, string role)
{
if (String.IsNullOrEmpty(email))
{
throw new ArgumentException("Value cannot be null or empty.", "email");
}
MembershipUser user = _provider.GetUser(userName, false /* userIsOnline */);
if (user == null)
{
throw new Exception("Usuario no encontrado");
}
user.Email = email;
if (string.IsNullOrEmpty(oldPassword) || string.IsNullOrEmpty(password))
{
string[] users = { userName };
string[] roles = { role };
ResetRoles(userName);
_roleProvider.AddUsersToRoles(users, roles);
_provider.UpdateUser(user);
}
else
{
if (_provider.ChangePassword(userName, oldPassword, password))
{
_provider.UpdateUser(user);
}
else
{
throw new Exception("Ha ocurrido un error al cambiar la clave.");
}
}
}
public bool ChangePassword(string username, string oldPassword, string newPassword)
{
return(MembershipProvider.ChangePassword(username, oldPassword, newPassword));
}
public bool ChangePassword(string usermame, string password, string newPassword)
{
return(_provider.ChangePassword(usermame, password, newPassword));
}
/// <summary>
/// Changes password for a member/user given the membership provider and the password change model
/// </summary>
/// <param name="username"></param>
/// <param name="passwordModel"></param>
/// <param name="membershipProvider"></param>
/// <returns></returns>
public virtual Attempt <PasswordChangedModel> ChangePassword(string username, ChangingPasswordModel passwordModel, MembershipProvider membershipProvider)
{
// YES! It is completely insane how many options you have to take into account based on the membership provider. yikes!
if (passwordModel == null)
{
throw new ArgumentNullException("passwordModel");
}
if (membershipProvider == null)
{
throw new ArgumentNullException("membershipProvider");
}
//Are we resetting the password??
if (passwordModel.Reset.HasValue && passwordModel.Reset.Value)
{
if (membershipProvider.EnablePasswordReset == false)
{
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password reset is not enabled", new[] { "resetPassword" })
}));
}
if (membershipProvider.RequiresQuestionAndAnswer && passwordModel.Answer.IsNullOrWhiteSpace())
{
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password reset requires a password answer", new[] { "resetPassword" })
}));
}
//ok, we should be able to reset it
try
{
var newPass = membershipProvider.ResetPassword(
username,
membershipProvider.RequiresQuestionAndAnswer ? passwordModel.Answer : null);
//return the generated pword
return(Attempt.Succeed(new PasswordChangedModel {
ResetPassword = newPass
}));
}
catch (Exception ex)
{
LogHelper.WarnWithException <WebSecurity>("Could not reset member password", ex);
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not reset password, error: " + ex.Message + " (see log for full details)", new[] { "resetPassword" })
}));
}
}
//we're not resetting it so we need to try to change it.
if (passwordModel.NewPassword.IsNullOrWhiteSpace())
{
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Cannot set an empty password", new[] { "value" })
}));
}
//This is an edge case and is only necessary for backwards compatibility:
var umbracoBaseProvider = membershipProvider as MembershipProviderBase;
if (umbracoBaseProvider != null && umbracoBaseProvider.AllowManuallyChangingPassword)
{
//this provider allows manually changing the password without the old password, so we can just do it
try
{
var result = umbracoBaseProvider.ChangePassword(username, "", passwordModel.NewPassword);
return(result == false
? Attempt.Fail(new PasswordChangedModel { ChangeError = new ValidationResult("Could not change password, invalid username or password", new[] { "value" }) })
: Attempt.Succeed(new PasswordChangedModel()));
}
catch (Exception ex)
{
LogHelper.WarnWithException <WebSecurity>("Could not change member password", ex);
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex.Message + " (see log for full details)", new[] { "value" })
}));
}
}
//The provider does not support manually chaning the password but no old password supplied - need to return an error
if (passwordModel.OldPassword.IsNullOrWhiteSpace() && membershipProvider.EnablePasswordRetrieval == false)
{
//if password retrieval is not enabled but there is no old password we cannot continue
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password cannot be changed without the old password", new[] { "value" })
}));
}
if (passwordModel.OldPassword.IsNullOrWhiteSpace() == false)
{
//if an old password is suplied try to change it
try
{
var result = membershipProvider.ChangePassword(username, passwordModel.OldPassword, passwordModel.NewPassword);
return(result == false
? Attempt.Fail(new PasswordChangedModel { ChangeError = new ValidationResult("Could not change password, invalid username or password", new[] { "value" }) })
: Attempt.Succeed(new PasswordChangedModel()));
}
catch (Exception ex)
{
LogHelper.WarnWithException <WebSecurity>("Could not change member password", ex);
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex.Message + " (see log for full details)", new[] { "value" })
}));
}
}
if (membershipProvider.EnablePasswordRetrieval == false)
{
//we cannot continue if we cannot get the current password
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password cannot be changed without the old password", new[] { "value" })
}));
}
if (membershipProvider.RequiresQuestionAndAnswer && passwordModel.Answer.IsNullOrWhiteSpace())
{
//if the question answer is required but there isn't one, we cannot continue
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password cannot be changed without the password answer", new[] { "value" })
}));
}
//lets try to get the old one so we can change it
try
{
var oldPassword = membershipProvider.GetPassword(
username,
membershipProvider.RequiresQuestionAndAnswer ? passwordModel.Answer : null);
try
{
var result = membershipProvider.ChangePassword(username, oldPassword, passwordModel.NewPassword);
return(result == false
? Attempt.Fail(new PasswordChangedModel { ChangeError = new ValidationResult("Could not change password", new[] { "value" }) })
: Attempt.Succeed(new PasswordChangedModel()));
}
catch (Exception ex1)
{
LogHelper.WarnWithException <WebSecurity>("Could not change member password", ex1);
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex1.Message + " (see log for full details)", new[] { "value" })
}));
}
}
catch (Exception ex2)
{
LogHelper.WarnWithException <WebSecurity>("Could not retrieve member password", ex2);
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex2.Message + " (see log for full details)", new[] { "value" })
}));
}
}
/// <summary>
/// Changes password for a member/user given the membership provider and the password change model
/// </summary>
/// <param name="username">The username of the user having their password changed</param>
/// <param name="passwordModel"></param>
/// <param name="membershipProvider"></param>
/// <returns></returns>
public Attempt <PasswordChangedModel> ChangePasswordWithMembershipProvider(string username, ChangingPasswordModel passwordModel, MembershipProvider membershipProvider)
{
var umbracoBaseProvider = membershipProvider as MembershipProviderBase;
// YES! It is completely insane how many options you have to take into account based on the membership provider. yikes!
if (passwordModel == null)
{
throw new ArgumentNullException(nameof(passwordModel));
}
if (membershipProvider == null)
{
throw new ArgumentNullException(nameof(membershipProvider));
}
BackOfficeUserManager <BackOfficeIdentityUser> backofficeUserManager = null;
var userId = -1;
if (membershipProvider.IsUmbracoUsersProvider())
{
backofficeUserManager = _httpContext.GetOwinContext().GetBackOfficeUserManager();
if (backofficeUserManager != null)
{
var profile = _userService.GetProfileByUserName(username);
if (profile != null)
{
int.TryParse(profile.Id.ToString(), out userId);
}
}
}
//Are we resetting the password?
//This flag indicates that either an admin user is changing another user's password without knowing the original password
// or that the password needs to be reset to an auto-generated one.
if (passwordModel.Reset.HasValue && passwordModel.Reset.Value)
{
//if a new password is supplied then it's an admin user trying to change another user's password without knowing the original password
//this is only possible when using a membership provider if the membership provider supports AllowManuallyChangingPassword
if (passwordModel.NewPassword.IsNullOrWhiteSpace() == false)
{
if (umbracoBaseProvider != null && umbracoBaseProvider.AllowManuallyChangingPassword)
{
//this provider allows manually changing the password without the old password, so we can just do it
try
{
var result = umbracoBaseProvider.ChangePassword(username, string.Empty, passwordModel.NewPassword);
if (result && backofficeUserManager != null && userId >= 0)
{
backofficeUserManager.RaisePasswordChangedEvent(userId);
}
return(result == false
? Attempt.Fail(new PasswordChangedModel { ChangeError = new ValidationResult("Could not change password, invalid username or password", new[] { "value" }) })
: Attempt.Succeed(new PasswordChangedModel()));
}
catch (Exception ex)
{
_logger.Warn <PasswordChanger>("Could not change member password", ex);
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex.Message + " (see log for full details)", new[] { "value" })
}));
}
}
else
{
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Provider does not support manually changing passwords", new[] { "value" })
}));
}
}
//we've made it here which means we need to generate a new password
var canReset = membershipProvider.CanResetPassword(_userService);
if (canReset == false)
{
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password reset is not enabled", new[] { "resetPassword" })
}));
}
if (membershipProvider.RequiresQuestionAndAnswer && passwordModel.Answer.IsNullOrWhiteSpace())
{
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password reset requires a password answer", new[] { "resetPassword" })
}));
}
//ok, we should be able to reset it
try
{
var newPass = membershipProvider.ResetPassword(
username,
membershipProvider.RequiresQuestionAndAnswer ? passwordModel.Answer : null);
if (membershipProvider.IsUmbracoUsersProvider() && backofficeUserManager != null && userId >= 0)
{
backofficeUserManager.RaisePasswordResetEvent(userId);
}
//return the generated pword
return(Attempt.Succeed(new PasswordChangedModel {
ResetPassword = newPass
}));
}
catch (Exception ex)
{
_logger.Warn <PasswordChanger>(ex, "Could not reset member password");
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not reset password, error: " + ex.Message + " (see log for full details)", new[] { "resetPassword" })
}));
}
}
//we're not resetting it so we need to try to change it.
if (passwordModel.NewPassword.IsNullOrWhiteSpace())
{
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Cannot set an empty password", new[] { "value" })
}));
}
//without being able to retrieve the original password,
//we cannot arbitrarily change the password without knowing the old one and no old password was supplied - need to return an error
if (passwordModel.OldPassword.IsNullOrWhiteSpace() && membershipProvider.EnablePasswordRetrieval == false)
{
//if password retrieval is not enabled but there is no old password we cannot continue
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password cannot be changed without the old password", new[] { "oldPassword" })
}));
}
if (passwordModel.OldPassword.IsNullOrWhiteSpace() == false)
{
//if an old password is supplied try to change it
try
{
var result = membershipProvider.ChangePassword(username, passwordModel.OldPassword, passwordModel.NewPassword);
if (result && backofficeUserManager != null && userId >= 0)
{
backofficeUserManager.RaisePasswordChangedEvent(userId);
}
return(result == false
? Attempt.Fail(new PasswordChangedModel { ChangeError = new ValidationResult("Could not change password, invalid username or password", new[] { "oldPassword" }) })
: Attempt.Succeed(new PasswordChangedModel()));
}
catch (Exception ex)
{
_logger.Warn <PasswordChanger>(ex, "Could not change member password");
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex.Message + " (see log for full details)", new[] { "value" })
}));
}
}
if (membershipProvider.EnablePasswordRetrieval == false)
{
//we cannot continue if we cannot get the current password
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password cannot be changed without the old password", new[] { "oldPassword" })
}));
}
if (membershipProvider.RequiresQuestionAndAnswer && passwordModel.Answer.IsNullOrWhiteSpace())
{
//if the question answer is required but there isn't one, we cannot continue
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password cannot be changed without the password answer", new[] { "value" })
}));
}
//lets try to get the old one so we can change it
try
{
var oldPassword = membershipProvider.GetPassword(
username,
membershipProvider.RequiresQuestionAndAnswer ? passwordModel.Answer : null);
try
{
var result = membershipProvider.ChangePassword(username, oldPassword, passwordModel.NewPassword);
return(result == false
? Attempt.Fail(new PasswordChangedModel { ChangeError = new ValidationResult("Could not change password", new[] { "value" }) })
: Attempt.Succeed(new PasswordChangedModel()));
}
catch (Exception ex1)
{
_logger.Warn <PasswordChanger>(ex1, "Could not change member password");
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex1.Message + " (see log for full details)", new[] { "value" })
}));
}
}
catch (Exception ex2)
{
_logger.Warn <PasswordChanger>(ex2, "Could not retrieve member password");
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex2.Message + " (see log for full details)", new[] { "value" })
}));
}
}
/// <summary>
/// Changes password for a member/user given the membership provider and the password change model
/// </summary>
/// <param name="username">The username of the user having their password changed</param>
/// <param name="passwordModel"></param>
/// <param name="membershipProvider"></param>
/// <returns></returns>
public Attempt <PasswordChangedModel> ChangePasswordWithMembershipProvider(string username, ChangingPasswordModel passwordModel, MembershipProvider membershipProvider)
{
// YES! It is completely insane how many options you have to take into account based on the membership provider. yikes!
if (passwordModel == null)
{
throw new ArgumentNullException("passwordModel");
}
if (membershipProvider == null)
{
throw new ArgumentNullException("membershipProvider");
}
BackOfficeUserManager <BackOfficeIdentityUser> backofficeUserManager = null;
var userId = -1;
if (membershipProvider.IsUmbracoUsersProvider())
{
backofficeUserManager = _httpContext.GetOwinContext().GetBackOfficeUserManager();
if (backofficeUserManager != null)
{
var profile = _userService.GetProfileByUserName(username);
if (profile != null)
{
int.TryParse(profile.Id.ToString(), out userId);
}
}
}
//Are we resetting the password??
//TODO: I don't think this is required anymore since from 7.7 we no longer display the reset password checkbox since that didn't make sense.
if (passwordModel.Reset.HasValue && passwordModel.Reset.Value)
{
var canReset = membershipProvider.CanResetPassword(_userService);
if (canReset == false)
{
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password reset is not enabled", new[] { "resetPassword" })
}));
}
if (membershipProvider.RequiresQuestionAndAnswer && passwordModel.Answer.IsNullOrWhiteSpace())
{
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password reset requires a password answer", new[] { "resetPassword" })
}));
}
//ok, we should be able to reset it
try
{
var newPass = membershipProvider.ResetPassword(
username,
membershipProvider.RequiresQuestionAndAnswer ? passwordModel.Answer : null);
if (membershipProvider.IsUmbracoUsersProvider() && backofficeUserManager != null && userId >= 0)
{
backofficeUserManager.RaisePasswordResetEvent(userId);
}
//return the generated pword
return(Attempt.Succeed(new PasswordChangedModel {
ResetPassword = newPass
}));
}
catch (Exception ex)
{
_logger.WarnWithException <PasswordChanger>("Could not reset member password", ex);
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not reset password, error: " + ex.Message + " (see log for full details)", new[] { "resetPassword" })
}));
}
}
//we're not resetting it so we need to try to change it.
if (passwordModel.NewPassword.IsNullOrWhiteSpace())
{
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Cannot set an empty password", new[] { "value" })
}));
}
//This is an edge case and is only necessary for backwards compatibility:
var umbracoBaseProvider = membershipProvider as MembershipProviderBase;
if (umbracoBaseProvider != null && umbracoBaseProvider.AllowManuallyChangingPassword)
{
//this provider allows manually changing the password without the old password, so we can just do it
try
{
var result = umbracoBaseProvider.ChangePassword(username, "", passwordModel.NewPassword);
return(result == false
? Attempt.Fail(new PasswordChangedModel { ChangeError = new ValidationResult("Could not change password, invalid username or password", new[] { "value" }) })
: Attempt.Succeed(new PasswordChangedModel()));
}
catch (Exception ex)
{
_logger.WarnWithException <PasswordChanger>("Could not change member password", ex);
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex.Message + " (see log for full details)", new[] { "value" })
}));
}
}
//The provider does not support manually chaning the password but no old password supplied - need to return an error
if (passwordModel.OldPassword.IsNullOrWhiteSpace() && membershipProvider.EnablePasswordRetrieval == false)
{
//if password retrieval is not enabled but there is no old password we cannot continue
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password cannot be changed without the old password", new[] { "oldPassword" })
}));
}
if (passwordModel.OldPassword.IsNullOrWhiteSpace() == false)
{
//if an old password is suplied try to change it
try
{
var result = membershipProvider.ChangePassword(username, passwordModel.OldPassword, passwordModel.NewPassword);
if (result && backofficeUserManager != null && userId >= 0)
{
backofficeUserManager.RaisePasswordChangedEvent(userId);
}
return(result == false
? Attempt.Fail(new PasswordChangedModel { ChangeError = new ValidationResult("Could not change password, invalid username or password", new[] { "oldPassword" }) })
: Attempt.Succeed(new PasswordChangedModel()));
}
catch (Exception ex)
{
_logger.WarnWithException <PasswordChanger>("Could not change member password", ex);
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex.Message + " (see log for full details)", new[] { "value" })
}));
}
}
if (membershipProvider.EnablePasswordRetrieval == false)
{
//we cannot continue if we cannot get the current password
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password cannot be changed without the old password", new[] { "oldPassword" })
}));
}
if (membershipProvider.RequiresQuestionAndAnswer && passwordModel.Answer.IsNullOrWhiteSpace())
{
//if the question answer is required but there isn't one, we cannot continue
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Password cannot be changed without the password answer", new[] { "value" })
}));
}
//lets try to get the old one so we can change it
try
{
var oldPassword = membershipProvider.GetPassword(
username,
membershipProvider.RequiresQuestionAndAnswer ? passwordModel.Answer : null);
try
{
var result = membershipProvider.ChangePassword(username, oldPassword, passwordModel.NewPassword);
return(result == false
? Attempt.Fail(new PasswordChangedModel { ChangeError = new ValidationResult("Could not change password", new[] { "value" }) })
: Attempt.Succeed(new PasswordChangedModel()));
}
catch (Exception ex1)
{
_logger.WarnWithException <PasswordChanger>("Could not change member password", ex1);
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex1.Message + " (see log for full details)", new[] { "value" })
}));
}
}
catch (Exception ex2)
{
_logger.WarnWithException <PasswordChanger>("Could not retrieve member password", ex2);
return(Attempt.Fail(new PasswordChangedModel {
ChangeError = new ValidationResult("Could not change password, error: " + ex2.Message + " (see log for full details)", new[] { "value" })
}));
}
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
return(_Provider.ChangePassword(username, oldPassword, newPassword));
}
