/// <summary> /// Creates a restriction on accounts with the specified e-mail address indication that the user is not allowed to log in while their account is being reset. /// </summary> /// <param name="accounts">A list of user accounts associated with the e-mail address</param> /// <param name="emailAddress">The e-mail address entered from the Reset page</param> /// <param name="haveUsername">If the username has also been forgotten or a normal reset where the user knows their username</param> /// <returns></returns> private string CreateRestriction(IEnumerable <UserEntity> accounts, string emailAddress, bool haveUsername) { var restrictionKey = EpicMembershipProvider.CreateSalt(16); var accountRestriction = new AccountRestrictionEntity { AccountRestrictionType = haveUsername ? AccountRestrictionType.PasswordReset : AccountRestrictionType.LostUsername, RestrictionKey = restrictionKey, EmailAddress = emailAddress, IPAddress = Request.ServerVariables["REMOTE_ADDR"] }; foreach (var account in accounts) { // If account is already restricted, don't create a new restriction. // It could be restricted because it's a new account or due to a prior // password reset. if (account.UserAccountRestrictions.Count == 0) { var restriction = accountRestriction.UserAccountRestrictions.AddNew(); restriction.UserId = account.UserId; } } accountRestriction.Save(true); return(restrictionKey); }
protected override void TestCleanup() { new LinqMetaData().User .Where(x => x.FirstName == "UserTest" || x.FirstName == "UserTest1") .ToList().ForEach(x => { var ars = x.UserAccountRestrictions.Select(y => y.AccountRestriction).ToList(); x.UserAccountRestrictions.DeleteMulti(); ars.ForEach(y => y.Delete()); x.Delete(); }); // delete restrictions on epic admin var user = TestData.OrgAdminUser; Assert.IsNotNull(user); var adminArs = user.UserAccountRestrictions.Select(y => y.AccountRestriction).ToList(); user.UserAccountRestrictions.DeleteMulti(); adminArs.ForEach(y => y.Delete()); var transaction = new Transaction(IsolationLevel.ReadCommitted, "reset"); EpicMembershipProvider.SetPassword(user, TestData.OrgAdminPassword, transaction); transaction.Add(user); user.Save(); transaction.Commit(); base.TestCleanup(); }
/// <summary> /// Sets the password for a user, not typically allowed by MembershipProvider. /// </summary> /// <param name="user"></param> /// <param name="password"></param> /// <returns></returns> public static bool SetPassword(this MembershipUser user, string password) { Transaction transaction = new Transaction(System.Data.IsolationLevel.ReadCommitted, "password change"); try { int userId = user.GetUserId().Id; UserEntity userEntity = new UserEntity(userId); if (!userEntity.IsNew) { transaction.Add(userEntity); EpicMembershipProvider.SetPassword(userEntity, password, transaction); userEntity.Save(); transaction.Commit(); return(true); } else { return(false); } } catch { transaction.Rollback(); return(false); } finally { transaction.Dispose(); } }
private static void Cleanup() { var user = new LinqMetaData().User.FirstOrDefault(x => x.Username == TestData.OrgAdminUsername); var transaction = new Transaction(IsolationLevel.ReadCommitted, "reset"); EpicMembershipProvider.SetPassword(user, TestData.OrgAdminPassword, transaction); transaction.Add(user); user.Save(); transaction.Commit(); }
private static void Cleanup() { var user = TestData.OrgAdminUser; var transaction = new Transaction(IsolationLevel.ReadCommitted, "reset"); EpicMembershipProvider.SetPassword(user, TestData.OrgAdminPassword, transaction); transaction.Add(user); user.Save(); transaction.Commit(); }
public ActionResult Add(int organizationId, AddUserModel model) { var organization = new OrganizationEntity(organizationId); if (organization.IsNew) { throw new HttpException(404, SharedRes.Error.NotFound_Organization); } var restrictionKey = EpicMembershipProvider.CreateSalt(16); if (ModelState.IsValid) { if (!Permissions.UserHasPermission("Edit", organization)) { throw new HttpException(401, SharedRes.Error.Unauthorized_OrganizationEdit); } // Validate submitted role. if (!model.Role.HasValue || !(OrganizationUtils.GetAllowedRoles(organizationId).Any(r => r.RoleId == model.Role))) { throw new HttpException(417, ControllerRes.Account.Invalid_RoleSpecified); } // Locations are only valid for non-admin users. bool isAdmin = RoleUtils.IsRoleForAdmin(model.Role.Value); if (!isAdmin) { // Validate submitted locations are locations of the organization. if (model.Locations.Except(new LinqMetaData().Location.Where(l => l.OrganizationId == organizationId).Select(l => l.LocationId).ToList()).Any()) { throw new HttpException(404, SharedRes.Error.NotFound_Location); } } Transaction transaction = new Transaction(IsolationLevel.ReadCommitted, "user add"); try { UserEntity user = new UserEntity { OrganizationId = organizationId, FirstName = model.FirstName, LastName = model.LastName, EmailAddress = model.EmailAddress, Username = string.Empty, Password = string.Empty }; transaction.Add(user); // If role is non-admin, set up locations. if (!isAdmin) { foreach (var loc in model.Locations) { var assignedLocation = user.UserAssignedLocations.AddNew(); assignedLocation.LocationId = loc; } } var userRole = user.Roles.AddNew(); userRole.RoleId = model.Role.Value; var accountRestriction = new AccountRestrictionEntity { AccountRestrictionType = AccountRestrictionType.NewUser, RestrictionKey = restrictionKey, EmailAddress = model.EmailAddress, Parameters = string.IsNullOrWhiteSpace(model.Pin) ? string.Empty : model.Pin, CreatedBy = Membership.GetUser().GetUserId().Id, IPAddress = Request.ServerVariables["REMOTE_ADDR"] }; transaction.Add(accountRestriction); accountRestriction.Save(); var userRestriction = user.UserAccountRestrictions.AddNew(); userRestriction.AccountRestrictionId = accountRestriction.AccountRestrictionId; // Save recursively ... so assigned locations, role and restriction are saved, too. user.Save(true); transaction.Commit(); } catch (Exception) { transaction.Rollback(); throw new HttpException(500, SharedRes.Error.Error_DatabaseUnknown); } finally { transaction.Dispose(); } // Send email for registration validation. SendRegistrationEmail(model, restrictionKey); // Add user complete. Modal dialog will close, so no response except "success". return(new EmptyResult()); } Response.StatusCode = 417; Response.TrySkipIisCustomErrors = true; return(PartialView(model)); }