static void ConvertOldPasswordFormat()
{
int processed = 0;
var toBeUpdated = new List <IUser>();
foreach (var user in DataFacade.GetData <IUser>())
{
if (string.IsNullOrEmpty(user.EncryptedPassword) || !string.IsNullOrEmpty(user.PasswordHashSalt))
{
continue;
}
string password = Cryptographer.Decrypt(user.EncryptedPassword);
var salt = UserFormLoginManager.GenerateHashSalt();
user.PasswordHashSalt = Convert.ToBase64String(salt);
user.EncryptedPassword = UserFormLoginManager.GeneratePasswordHash(password, salt);
toBeUpdated.Add(user);
processed++;
}
if (toBeUpdated.Any())
{
DataFacade.Update(toBeUpdated);
}
if (processed > 0)
{
Log.LogInformation(LogTitle, "User passwords converted to a new format: " + processed);
}
}
public void AddNewUser(string userName, string password, string folder, string email)
{
var user = DataFacade.BuildNew <IUser>();
user.Id = Guid.NewGuid();
user.Username = userName.Trim().ToLowerInvariant();
user.Email = email;
user = DataFacade.AddNew(user);
UserFormLoginManager.CreateUserFormLogin(user.Id, password, folder);
Log.LogVerbose(LogTitle, "Added new userFormLogin '{0}'", userName);
}
public void SetUserPassword(string username, string password)
{
using (var transactionScope = TransactionsFacade.CreateNewScope())
{
IUser user = DataFacade.GetData <IUser>().FirstOrDefault(u => u.Username == username);
Verify.IsNotNull(user, "The userFormLogin '{0}' does not exists", username);
var userFormLogin = user.GetUserFormLogin();
UserFormLoginManager.SetPassword(userFormLogin, password);
transactionScope.Complete();
}
}
public LoginResult Validate(string username, string password)
{
username = username.ToLower(CultureInfo.InvariantCulture);
FailedLoginInfo failedLoginInfo;
_loginHistory.TryGetValue(username, out failedLoginInfo);
if (!BruteForcePreventionCheck(username, failedLoginInfo))
{
return(LoginResult.PolicyViolated);
}
IUser user =
(from u in DataFacade.GetData <IUser>()
where string.Compare(u.Username, username, StringComparison.InvariantCultureIgnoreCase) == 0
select u).FirstOrDefault();
if (user == null)
{
return(LoginResult.UserDoesNotExist);
}
var userFormLogin = DataFacade.GetData <IUserFormLogin>().FirstOrDefault(u => u.UserId == user.Id);
if (userFormLogin == null)
{
if (!user.EncryptedPassword.IsNullOrEmpty())
{
throw new InvalidOperationException("User form login data is missing or present in obsolete format.");
}
throw new InvalidOperationException("User form login data is missing.");
}
bool passwordIsCorrect = UserFormLoginManager.ValidatePassword(userFormLogin, password);
if (passwordIsCorrect)
{
if (userFormLogin.IsLocked)
{
if (userFormLogin.LockoutReason == (int)UserLockoutReason.LockedByAdministrator)
{
return(LoginResult.UserLockedByAdministrator);
}
return(LoginResult.UserLockedAfterMaxLoginAttempts);
}
int passwordExpirationDays = PasswordPolicyFacade.PasswordExpirationTimeInDays;
if (passwordExpirationDays > 0 && DateTime.Now > userFormLogin.LastPasswordChangeDate + TimeSpan.FromDays(passwordExpirationDays))
{
return(LoginResult.PasswordUpdateRequired);
}
}
UpdateLoginHistory(username, passwordIsCorrect, failedLoginInfo);
if (!passwordIsCorrect && failedLoginInfo != null && failedLoginInfo.LoginAttemptCount >= _maxLoginAttemptsBeforeLockout)
{
LockUser(userFormLogin);
}
return(passwordIsCorrect ? LoginResult.Success : LoginResult.IncorrectPassword);
}