public void SaveQuestion(PasswordQuestion question) { // Get a list of security questions. // If they do not yet exist for this user then return empty ones. var rbacEntities = new PEMRBACEntities(); var securityQuestion = (from securityQuestions in rbacEntities.UserPasswordQuestions where securityQuestions.UserId == _userId && securityQuestions.QuestionNumber == question.QuestionNumber select securityQuestions).FirstOrDefault(); if (securityQuestion == null) { // Add new record securityQuestion = new UserPasswordQuestion { UserId = _userId, QuestionNumber = question.QuestionNumber, Question = question.Question, Answer = question.Answer // EncryptionManager.Hash(question.Answer.ToLower(), _salt) }; rbacEntities.UserPasswordQuestions.Add(securityQuestion); } else { // Update existing record securityQuestion.Question = question.Question; securityQuestion.Answer = question.Answer; // EncryptionManager.Hash(question.Answer.ToLower(), _salt); } rbacEntities.SaveChanges(); }
public List <PasswordQuestion> GetQuestions() { // Get a list of security questions. // If they do not yet exist for this user then return empty ones. var rbacEntities = new PEMRBACEntities(); var questionList = new List <PasswordQuestion>(); var questions = from securityQuestions in rbacEntities.UserPasswordQuestions orderby securityQuestions.QuestionNumber ascending where securityQuestions.UserId == _userId select securityQuestions; foreach (var userPasswordQuestion in questions) { var question = new PasswordQuestion(userPasswordQuestion.QuestionNumber, userPasswordQuestion.Question, userPasswordQuestion.Answer); questionList.Add(question); } // Are there enough questions? (For now, assume 0 or 2.) if (questionList.Count == 0) { questionList.Add(new PasswordQuestion(1, "", "")); questionList.Add(new PasswordQuestion(2, "", "")); } return(questionList); }
public static Prompter Password(this Prompter prompter, string name, FunctionOrColorString message, Action <PasswordQuestion> setupQuestion = null) { var question = new PasswordQuestion(name, message); setupQuestion?.Invoke(question); prompter.Add(question); return(prompter); }
public override bool DeleteUser(string username, bool deleteAllRelatedData) { User user = User.GetByUserName(username); bool result = false; try { if (user != null) { user.IsDeleted = true; user.IsApproved = false; user.Save(); if (deleteAllRelatedData) { UserRoleCollection roles = UserRole.Where(c => c.UserId == user.Id); AccountCollection accounts = Account.Where(c => c.UserId == user.Id); PasswordCollection passwords = Password.Where(c => c.UserId == user.Id); PasswordResetCollection resets = PasswordReset.Where(c => c.UserId == user.Id); PasswordFailureCollection failures = PasswordFailure.Where(c => c.UserId == user.Id); LockOutCollection lockouts = LockOut.Where(c => c.UserId == user.Id); LoginCollection logins = Login.Where(c => c.UserId == user.Id); PasswordQuestionCollection questions = PasswordQuestion.Where(c => c.UserId == user.Id); SettingCollection settings = Setting.Where(c => c.UserId == user.Id); SessionCollection session = Session.Where(c => c.UserId == user.Id); Database db = Db.For <User>(); SqlStringBuilder sql = db.ServiceProvider.Get <SqlStringBuilder>(); roles.WriteDelete(sql); accounts.WriteDelete(sql); passwords.WriteDelete(sql); resets.WriteDelete(sql); failures.WriteDelete(sql); lockouts.WriteDelete(sql); logins.WriteDelete(sql); questions.WriteDelete(sql); settings.WriteDelete(sql); session.WriteDelete(sql); sql.Execute(db); } } } catch (Exception ex) { result = false; Log.AddEntry("{0}.{1}::{2}", ex, this.GetType().Name, MethodBase.GetCurrentMethod().Name, ex.Message); } return(result); }
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { status = MembershipCreateStatus.Success; User user = User.OneWhere(c => c.Id == Convert.ToInt32(providerUserKey)); if (user != null) { status = MembershipCreateStatus.DuplicateProviderUserKey; } if (!email.Contains("@") && !email.Contains(".")) // bare minimum email check { status = MembershipCreateStatus.InvalidEmail; } try { user = User.Create(username, email, password, isApproved); } catch (UserNameInUseException uniue) { Log.AddEntry("{0}.{1}::{2}", uniue, this.GetType().Name, MethodBase.GetCurrentMethod().Name, uniue.Message); status = MembershipCreateStatus.DuplicateUserName; } catch (EmailAlreadyRegisteredException eare) { Log.AddEntry("{0}.{1}::{2}", eare, this.GetType().Name, MethodBase.GetCurrentMethod().Name, eare.Message); status = MembershipCreateStatus.DuplicateEmail; } PasswordQuestion question = user.PasswordQuestionsByUserId.FirstOrDefault(); if (status == MembershipCreateStatus.Success) { if (question == null) { question = user.PasswordQuestionsByUserId.AddNew(); question.Value = passwordQuestion; question.Answer = passwordAnswer; question.Save(); user.PasswordResetsByUserId.Reload(); } } MembershipUser result = User.GetMembershipUser(user); return(result); }
public bool CheckAnswer(PasswordQuestion question) { bool answerMatches = false; var rbacEntities = new PEMRBACEntities(); var securityQuestion = (from securityQuestions in rbacEntities.UserPasswordQuestions where securityQuestions.UserId == _userId && securityQuestions.QuestionNumber == question.QuestionNumber select securityQuestions).First(); if (securityQuestion != null) { answerMatches = securityQuestion.Answer.Equals(question.Answer, StringComparison.CurrentCultureIgnoreCase); // securityQuestion.Answer.Equals(EncryptionManager.Hash(question.Answer.ToLower(), _salt)); } return(answerMatches); }
public PasswordQuestion.QuestionState QuestionState(PasswordQuestion question) { // Is question number valid? if (question.QuestionNumber == 0) { if (!string.IsNullOrEmpty(question.Question) && !string.IsNullOrEmpty(question.Answer)) { return(PasswordQuestion.QuestionState.New); } return(PasswordQuestion.QuestionState.Empty); } var rbacEntities = new PEMRBACEntities(); var securityQuestion = (from securityQuestions in rbacEntities.UserPasswordQuestions where securityQuestions.UserId == _userId && securityQuestions.QuestionNumber == question.QuestionNumber select securityQuestions).FirstOrDefault(); if (securityQuestion == null) { if (!string.IsNullOrEmpty(question.Question) && !string.IsNullOrEmpty(question.Answer)) { return(PasswordQuestion.QuestionState.New); } return(PasswordQuestion.QuestionState.Invalid); } // Has the question changed? if (!securityQuestion.Question.Equals(question.Question, StringComparison.CurrentCultureIgnoreCase)) { //if ( securityQuestion.Answer.Equals( Utilities.Constants.Security.DummyAnswer ) ) //{ // return PasswordQuestion.QuestionState.QuestionChangedNeedAnswer; //} return(PasswordQuestion.QuestionState.Changed); } // At this point only thing left to check is whether the Answer is still the same as the original stored answer. //return securityQuestion.Answer.Equals( EncryptionManager.Hash(question.Answer.ToLower(), _salt)) // ? PasswordQuestion.QuestionState.NoChange : PasswordQuestion.QuestionState.Changed; return(securityQuestion.Answer.Equals(question.Answer, StringComparison.CurrentCultureIgnoreCase) ? PasswordQuestion.QuestionState.NoChange : PasswordQuestion.QuestionState.Changed); }