public ActionResult ChangePassword([Bind(Include = "CurrentPassword,Password,ConfirmPassword")] PasswordChange passwordChange) { // convnention for making it easier to pass messages between controllers if (TempData["Message"] != null) { ViewBag.Message += (" " + TempData["Message"].ToString()); } OrcaContext db = new OrcaContext(); if (ModelState.IsValid) { // change password for logged in user and get the success status PasswordChangeStatus status = OrcaHelper.ChangePassword(Convert.ToInt32(Session["OrcaUserID"].ToString()), passwordChange); switch (status) { case PasswordChangeStatus.SUCCESS: ViewBag.Message += " Your password has been changed."; break; case PasswordChangeStatus.INVALID_PASSWORD: ViewBag.Message += " The Current Password you entered was incorrect. Please try again"; break; case PasswordChangeStatus.INVALID_USER: default: ViewBag.Message += " Something went wrong. This may suggest an Invalid User login."; break; } } return(View()); }
public async Task <IActionResult> ChangePassword([FromBody] User model) { if ((model.userPassNew != model.userPassConfirm)) { return(StatusCode(StatusCodes.Status404NotFound)); } PasswordChangeStatus _status = await dal.changeUserPassword(model); return(Ok(_status)); }
/// <summary> /// Change password if it meets certain conditions, example with test PanoptoDBDataContext from constructor. /// </summary> /// <param name="newPassword">The new password</param> /// <returns>PasswordChangeStatus indicating success or failure based on conditions</returns> public PasswordChangeStatus ChangePassword(string newPassword) { PasswordChangeStatus status = PasswordChangeStatus.Success; if (newPassword.Length < MinimumPasswordLength) { status |= PasswordChangeStatus.LengthRequirement; } if (newPassword == newPassword.ToLower()) { status |= PasswordChangeStatus.UpperCaseLetterRequirement; } if (newPassword.IndexOfAny(Numbers) < 0) { status |= PasswordChangeStatus.NumberRequirement; } if (newPassword.IndexOfAny(SpecialCharacters) < 0) { status |= PasswordChangeStatus.SpecialCharacterRequirement; } // Really at this point you don't need the using statement, let the caller or a container control disposing using (IPanoptoDBDataContext db = DB ?? new PanoptoDBDataContext()) { if (db.PasswordHistoryMatches(newPassword, PasswordHistoryMax)) { status |= PasswordChangeStatus.HistoryRequirement; } // must meet all requirements or miss only one of uppercase letter, number, or special character if (status == PasswordChangeStatus.Success || status == PasswordChangeStatus.UpperCaseLetterRequirement || status == PasswordChangeStatus.NumberRequirement || status == PasswordChangeStatus.SpecialCharacterRequirement) { db.SetPassword(newPassword); status = PasswordChangeStatus.Success; } } return(status); }
/// <summary> /// Change password if it meets certain conditions /// </summary> /// <param name="newPassword">The new password</param> /// <returns>PasswordChangeStatus indicating success or failure based on conditions</returns> public PasswordChangeStatus ChangePassword(IPanoptoDBDataContext db, string newPassword) { PasswordChangeStatus status = PasswordChangeStatus.Success; if (newPassword.Length < MinimumPasswordLength) { status |= PasswordChangeStatus.LengthRequirement; } if (newPassword == newPassword.ToLower()) { status |= PasswordChangeStatus.UpperCaseLetterRequirement; } if (newPassword.IndexOfAny(Numbers) < 0) { status |= PasswordChangeStatus.NumberRequirement; } if (newPassword.IndexOfAny(SpecialCharacters) < 0) { status |= PasswordChangeStatus.SpecialCharacterRequirement; } if (db.PasswordHistoryMatches(newPassword, PasswordHistoryMax)) { status |= PasswordChangeStatus.HistoryRequirement; } // must meet all requirements or miss only one of uppercase letter, number, or special character if (status == PasswordChangeStatus.Success || status == PasswordChangeStatus.UpperCaseLetterRequirement || status == PasswordChangeStatus.NumberRequirement || status == PasswordChangeStatus.SpecialCharacterRequirement) { db.SetPassword(newPassword); db.SubmitChanges(); status = PasswordChangeStatus.Success; } return(status); }
public async Task <PasswordChangeStatus> changeUserPassword(User model) { PasswordChangeStatus _status = new PasswordChangeStatus(); using (SqlConnection con = SqlCon()) { SqlCommand cmd = SqlCmd(con); cmd.CommandText = "ChangeUserPassword"; cmd.Parameters.AddWithValue("@userName", model.userName); cmd.Parameters.AddWithValue("@userPass", model.userPassOld); cmd.Parameters.AddWithValue("@userPassNew", model.userPassNew); SqlParameter prm1 = new SqlParameter { ParameterName = "@status", SqlDbType = SqlDbType.NVarChar, Size = 50, Direction = ParameterDirection.Output }; cmd.Parameters.Add(prm1); SqlParameter prm2 = new SqlParameter { ParameterName = "@message", SqlDbType = SqlDbType.NVarChar, Size = 50, Direction = ParameterDirection.Output }; cmd.Parameters.Add(prm2); DataTable dt = new DataTable(); SqlDataAdapter da = new SqlDataAdapter(cmd); try { con.Open(); da.Fill(dt); _status.validateResult = (string)prm1.Value; //if (dt.Rows.Count > 0) //{ // User user = new User(); // DataRow dr = dt.Rows[0]; // user.userName = (string)dr[nameof(user.userName)]; // user.userFullName = (string)dr[nameof(user.userFullName)]; // user.userTitleCode = (string)dr[nameof(user.userTitleCode)]; // user.userDeptCode = (string)dr[nameof(user.userDeptCode)]; // user.userEnabled = (bool)dr[nameof(user.userEnabled)]; // user.userFailedLoginCount = (int)dr[nameof(user.userFailedLoginCount)]; // user.titleDesc = (string)dr[nameof(user.titleDesc)]; // user.deptDesc = (string)dr[nameof(user.deptDesc)]; // _userInfo.user = user; //} } catch (SqlException ex) { _status.validateResult = ex.Number.ToString(); } finally { if (con.State == System.Data.ConnectionState.Open) { con.Close(); } cmd.Dispose(); } } return(_status); }