protected internal virtual void CloseAccount()
{
Tracing.Information("[UserAccount.CloseAccount] called for accountID: {0}", this.ID);
this.ClearVerificationKey();
this.ClearMobileAuthCode();
IsLoginAllowed = false;
CurrentTwoFactorAuthStatus = TwoFactorAuthMode.None;
if (!IsAccountClosed)
{
Tracing.Verbose("[UserAccount.CloseAccount] success");
IsAccountClosed = true;
AccountClosed = UtcNow;
this.AddEvent(new AccountClosedEvent {
Account = this
});
}
else
{
Tracing.Warning("[UserAccount.CloseAccount] account already closed");
}
}
protected internal virtual void ClearMobilePhoneNumber()
{
Tracing.Information("[UserAccount.ClearMobilePhoneNumber] called for accountID: {0}", this.ID);
if (this.AccountTwoFactorAuthMode == TwoFactorAuthMode.Mobile)
{
Tracing.Verbose("[UserAccount.ClearMobilePhoneNumber] disabling two factor auth");
this.ConfigureTwoFactorAuthentication(TwoFactorAuthMode.None);
}
if (String.IsNullOrWhiteSpace(MobilePhoneNumber))
{
Tracing.Warning("[UserAccount.ClearMobilePhoneNumber] nothing to do -- no mobile associated with account");
return;
}
Tracing.Verbose("[UserAccount.ClearMobilePhoneNumber] success");
this.ClearMobileAuthCode();
this.MobilePhoneNumber = null;
this.AddEvent(new MobilePhoneRemovedEvent {
Account = this
});
}
public virtual bool ChangeMobilePhoneFromCode(Guid accountID, string code)
{
Tracing.Information(String.Format("[UserAccountService.ChangeMobileFromCode] called: {0}", accountID));
if (String.IsNullOrWhiteSpace(code))
{
return(false);
}
var account = this.GetByID(accountID);
if (account == null)
{
throw new ArgumentException("Invalid AccountID");
}
Tracing.Verbose(String.Format("[UserAccountService.ChangeMobileFromCode] account located: {0}, {1}", account.Tenant, account.Username));
var result = account.ConfirmMobilePhoneNumberFromCode(code);
Update(account);
Tracing.Warning(String.Format("[UserAccountService.ChangeMobileFromCode] outcome: {0}, {1}, {2}", account.Tenant, account.Username, result));
return(result);
}
public virtual UserAccount GetByEmail(string tenant, string email)
{
if (!SecuritySettings.MultiTenant)
{
Tracing.Verbose("[UserAccountService.GetByEmail] applying default tenant");
tenant = SecuritySettings.DefaultTenant;
}
if (String.IsNullOrWhiteSpace(tenant))
{
return(null);
}
if (String.IsNullOrWhiteSpace(email))
{
return(null);
}
var account = userRepository.GetAll().Where(x => x.Tenant == tenant && x.Email == email).SingleOrDefault();
if (account == null)
{
Tracing.Warning("[UserAccountService.GetByEmail] failed to locate account: {0}, {1}", tenant, email);
}
return(account);
}
public virtual UserAccount GetByCertificate(string tenant, string thumbprint)
{
if (!SecuritySettings.MultiTenant)
{
Tracing.Verbose("[UserAccountService.GetByCertificate] applying default tenant");
tenant = SecuritySettings.DefaultTenant;
}
if (String.IsNullOrWhiteSpace(tenant))
{
return(null);
}
if (String.IsNullOrWhiteSpace(thumbprint))
{
return(null);
}
var query =
from u in userRepository.GetAll()
where u.Tenant == tenant
from c in u.Certificates
where c.Thumbprint == thumbprint
select u;
var account = query.SingleOrDefault();
if (account == null)
{
Tracing.Warning("[UserAccountService.GetByCertificate] failed to locate by certificate thumbprint: {0}, {1}", tenant, thumbprint);
}
return(account);
}
public virtual bool ChangeEmailFromKey(
string password, string key, string newEmail,
int failedLoginCount, TimeSpan lockoutDuration)
{
Tracing.Information(String.Format("[UserAccountService.ChangeEmailFromKey] called: {0}, {1}", key, newEmail));
if (String.IsNullOrWhiteSpace(password))
{
return(false);
}
if (String.IsNullOrWhiteSpace(key))
{
return(false);
}
if (String.IsNullOrWhiteSpace(newEmail))
{
return(false);
}
var account = this.GetByVerificationKey(key);
if (account == null)
{
return(false);
}
Tracing.Verbose(String.Format("[UserAccountService.ChangeEmailFromKey] account located: {0}, {1}", account.Tenant, account.Username));
if (!Authenticate(account, password, failedLoginCount, lockoutDuration))
{
return(false);
}
var oldEmail = account.Email;
var result = account.ChangeEmailFromKey(key, newEmail);
if (result && SecuritySettings.Instance.EmailIsUsername)
{
Tracing.Warning(String.Format("[UserAccountService.ChangeEmailFromKey] security setting EmailIsUsername is true and AllowEmailChangeWhenEmailIsUsername is true, so changing username: {0}, to: {1}", account.Username, newEmail));
account.Username = newEmail;
}
Tracing.Verbose(String.Format("[UserAccountService.ChangeEmailFromKey] change email outcome: {0}, {1}, {2}", account.Tenant, account.Username, result ? "Successful" : "Failed"));
if (result)
{
using (var tx = new TransactionScope())
{
this.userRepository.SaveChanges();
if (this.notificationService != null)
{
this.notificationService.SendEmailChangedNotice(account, oldEmail);
}
tx.Complete();
}
}
return(result);
}
public virtual UserAccount GetByID(Guid id)
{
var account = this.userRepository.Get(id);
if (account == null)
{
Tracing.Warning("[UserAccountService.GetByID] failed to locate account: {0}", id);
}
return(account);
}
public virtual UserAccount GetByVerificationKey(string key)
{
if (String.IsNullOrWhiteSpace(key))
{
return(null);
}
var account = userRepository.GetAll().Where(x => x.VerificationKey == key).SingleOrDefault();
if (account == null)
{
Tracing.Warning("[UserAccountService.GetByVerificationKey] failed to locate account: {0}", key);
}
return(account);
}
public virtual bool ChangeEmailFromKey(Guid accountID, string password, string key, string newEmail)
{
Tracing.Information(String.Format("[UserAccountService.ChangeEmailFromKey] called: {0}, {1}, {2}", accountID, key, newEmail));
if (String.IsNullOrWhiteSpace(password))
{
throw new ValidationException("Invalid password.");
}
if (String.IsNullOrWhiteSpace(key))
{
throw new ValidationException("Invalid key.");
}
if (String.IsNullOrWhiteSpace(newEmail))
{
throw new ValidationException("Invalid email.");
}
var account = this.GetByID(accountID);
if (account == null)
{
throw new ArgumentException("Invalid AccountID");
}
Tracing.Verbose(String.Format("[UserAccountService.ChangeEmailFromKey] account located: {0}, {1}", account.Tenant, account.Username));
if (!Authenticate(account, password, AuthenticationPurpose.VerifyPassword))
{
throw new ValidationException("Invalid password.");
}
ValidateEmail(account, newEmail);
var result = account.ChangeEmailFromKey(key, newEmail);
if (result && SecuritySettings.EmailIsUsername)
{
Tracing.Warning(String.Format("[UserAccountService.ChangeEmailFromKey] security setting EmailIsUsername is true and AllowEmailChangeWhenEmailIsUsername is true, so changing username: {0}, to: {1}", account.Username, newEmail));
account.Username = newEmail;
}
Update(account);
Tracing.Verbose(String.Format("[UserAccountService.ChangeEmailFromKey] change email outcome: {0}, {1}, {2}", account.Tenant, account.Username, result ? "Successful" : "Failed"));
return(result);
}
protected internal virtual void ConfigureTwoFactorAuthentication(TwoFactorAuthMode mode)
{
Tracing.Information("[UserAccount.ConfigureTwoFactorAuthentication] called for accountID: {0}, mode: {1}", this.ID, mode);
if (this.AccountTwoFactorAuthMode == mode)
{
Tracing.Warning("[UserAccount.ConfigureTwoFactorAuthentication] nothing to do -- mode is same as current value");
return;
}
if (mode == TwoFactorAuthMode.Mobile &&
String.IsNullOrWhiteSpace(this.MobilePhoneNumber))
{
Tracing.Error("[UserAccount.ConfigureTwoFactorAuthentication] failed -- mobile requested but no mobile phone for account");
throw new ValidationException("Register a mobile phone number to enable mobile two factor authentication.");
}
if (mode == TwoFactorAuthMode.Certificate &&
!this.Certificates.Any())
{
Tracing.Error("[UserAccount.ConfigureTwoFactorAuthentication] failed -- certificate requested but no certificates for account");
throw new ValidationException("Add a client certificate to enable certificate two factor authentication.");
}
this.ClearMobileAuthCode();
this.AccountTwoFactorAuthMode = mode;
if (mode == TwoFactorAuthMode.None)
{
Tracing.Verbose("[UserAccount.ConfigureTwoFactorAuthentication] success -- two factor auth disabled");
this.AddEvent(new TwoFactorAuthenticationDisabledEvent {
Account = this
});
}
else
{
Tracing.Verbose("[UserAccount.ConfigureTwoFactorAuthentication] success -- two factor auth enabled, mode: {0}", mode);
this.AddEvent(new TwoFactorAuthenticationEnabledEvent {
Account = this, Mode = mode
});
}
}
public virtual UserAccount GetByLinkedAccount(string tenant, string provider, string id)
{
if (!SecuritySettings.MultiTenant)
{
Tracing.Verbose("[UserAccountService.GetByLinkedAccount] applying default tenant");
tenant = SecuritySettings.DefaultTenant;
}
if (String.IsNullOrWhiteSpace(tenant))
{
return(null);
}
if (String.IsNullOrWhiteSpace(provider))
{
return(null);
}
if (String.IsNullOrWhiteSpace(id))
{
return(null);
}
var query =
from u in userRepository.GetAll()
where u.Tenant == tenant
from l in u.LinkedAccounts
where l.ProviderName == provider && l.ProviderAccountID == id
select u;
var account = query.SingleOrDefault();
if (account == null)
{
Tracing.Warning("[UserAccountService.GetByLinkedAccount] failed to locate by tenant: {0}, provider: {1}, id: {2}", tenant, provider, id);
}
return(account);
}
public virtual bool ResetPassword(string tenant, string email)
{
Tracing.Information(String.Format("[UserAccountService.ResetPassword] called: {0}, {1}", tenant, email));
if (!SecuritySettings.Instance.MultiTenant)
{
tenant = SecuritySettings.Instance.DefaultTenant;
}
if (String.IsNullOrWhiteSpace(tenant))
{
return(false);
}
if (String.IsNullOrWhiteSpace(email))
{
return(false);
}
var account = this.GetByEmail(tenant, email);
if (account == null)
{
return(false);
}
if (!account.IsAccountVerified)
{
// if they're not verified, resend the new account email
if (SecuritySettings.Instance.RequireAccountVerification &&
this.notificationService != null)
{
Tracing.Verbose(String.Format("[UserAccountService.ResetPassword] account not verified, re-sending account create notification: {0}, {1}", account.Tenant, account.Username));
this.notificationService.SendAccountCreate(account);
return(true);
}
// if we don't have a notification system then not much we can do
Tracing.Warning(String.Format("[UserAccountService.ResetPassword] account not verified, no notification to re-send invite: {0}, {1}", account.Tenant, account.Username));
return(false);
}
var result = account.ResetPassword();
Tracing.Verbose(String.Format("[UserAccountService.ResetPassword] reset password outcome: {0}, {1}, {2}", account.Tenant, account.Username, result ? "Successful" : "Failed"));
if (result)
{
using (var tx = new TransactionScope())
{
this.userRepository.SaveChanges();
if (this.notificationService != null)
{
this.notificationService.SendResetPassword(account);
}
tx.Complete();
}
}
return(result);
}
