public bool ProcessRegex(string target, string regexExpression)
{
if (target == null)
{
target = String.Empty;
}
// Adding timeout for Regex in case of malicious string causing DoS
Regex regex = RegexUtil.CreateRegex(regexExpression, RegexOptions.ExplicitCapture);
Match match = regex.Match(target);
if (match.Success == false)
{
return(false);
}
string[] groups = regex.GetGroupNames();
if (groups.Length > 0)
{
if (_groups == null)
{
_groups = new Hashtable();
}
for (int i = 0; i < groups.Length; i++)
{
_groups[groups[i]] = match.Groups[i].Value;
}
}
return(true);
}
/// <summary>
/// Overrider of <see cref="ValidationAttribute.IsValid(object,validationContext)"/>.
/// </summary>
/// <remarks>
/// Checks if the given value meets the password requirements such as minimum length, minimum number of non-alpha numeric characters
/// and password strength regular expression set in current <see cref="Membership.Provider"/>
/// </remarks>
/// <param name="value">The value to validate.</param>
/// <param name="validationContext">A <see cref="ValidationContext"/> instance that provides
/// context about the validation operation, such as the object and member being validated.</param>
/// <returns>
/// When validation is valid, <see cref="ValidationResult.Success"/>.
/// <para>
/// When validation is invalid, an instance of <see cref="ValidationResult"/>.
/// </para>
/// </returns>
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
string valueAsString = value as string;
string name = (validationContext != null) ? validationContext.DisplayName : String.Empty;
string[] memberNames = (validationContext != null) ? new[] { validationContext.MemberName } : null;
string errorMessage;
if (String.IsNullOrEmpty(valueAsString))
{
return(ValidationResult.Success);
}
if (valueAsString.Length < MinRequiredPasswordLength)
{
errorMessage = GetMinPasswordLengthError();
return(new ValidationResult(FormatErrorMessage(errorMessage, name, MinRequiredPasswordLength), memberNames));
}
int nonAlphanumericCharacters = valueAsString.Count(c => !Char.IsLetterOrDigit(c));
if (nonAlphanumericCharacters < MinRequiredNonAlphanumericCharacters)
{
errorMessage = GetMinNonAlphanumericCharactersError();
return(new ValidationResult(FormatErrorMessage(errorMessage, name, MinRequiredNonAlphanumericCharacters), memberNames));
}
string passwordStrengthRegularExpression = PasswordStrengthRegularExpression;
if (passwordStrengthRegularExpression != null)
{
Regex passwordStrengthRegex;
try {
// Adding timeout for Regex in case of malicious string causing DoS
passwordStrengthRegex = RegexUtil.CreateRegex(passwordStrengthRegularExpression, RegexOptions.None, PasswordStrengthRegexTimeout);
}
catch (ArgumentException ex) {
throw new InvalidOperationException(SR.GetString(SR.MembershipPasswordAttribute_InvalidRegularExpression), ex);
}
if (!passwordStrengthRegex.IsMatch(valueAsString))
{
errorMessage = GetPasswordStrengthError();
return(new ValidationResult(FormatErrorMessage(errorMessage, name, additionalArgument: String.Empty), memberNames));
}
}
return(ValidationResult.Success);
}