public ChangePasswordStatus ChangePassword(int applicationId, IUserBasic userBasic, string oldPassword, string newPassword) { wm_User_GetPassword_QueryResult getPasswordResult = null; try { using (IDataStoreContext dataStoreContext = this.DataStore.CreateContext()) { getPasswordResult = dataStoreContext.wm_Users_GetPassword(applicationId, userBasic.UserName, null); } } catch (Exception ex) { _Log.Error("Error at Users_GetPassword", ex); throw new DataStoreException(ex, true); } if (!this.CheckPassword(oldPassword, getPasswordResult.Password, getPasswordResult.PasswordSalt, ((MembershipPasswordFormat)getPasswordResult.PasswordFormat))) { return(ChangePasswordStatus.OldPasswordValidationFailed); } string text = this.GenerateSalt(); ValidatePasswordStatus result = ValidatePasswordStatus.Valid; if (!this.IsPasswordValid(newPassword, text, out result)) { return((ChangePasswordStatus)result); } ChangePasswordStatus changePasswordStatus; try { using (IDataStoreContext dataStoreContext = this.DataStore.CreateContext()) { changePasswordStatus = dataStoreContext.wm_Users_SetPassword(userBasic.UserId, this.EncodePassword(newPassword, text, this.PasswordFormat), text, (byte)this.PasswordFormat) == 0 ? ChangePasswordStatus.NoRecordRowAffected : ChangePasswordStatus.Success; } } catch (Exception ex) { _Log.Error("Error at ChangePassword.Users_SetPassword", ex); throw new DataStoreException(ex, true); } return(changePasswordStatus); }
public ValidateUserStatus ValidateUser(int applicationId, string usernameOrEmail, string password, out IUserBasic userBasic) { userBasic = UserBasic.GetAnonymousUserInstance(); wm_User_GetPassword_QueryResult getPasswordResult = null; string userName = null; string email = null; this.GetEmailOrUsername(usernameOrEmail, out userName, out email); using (IDataStoreContext dataStoreContext = this.DataStore.CreateContext()) { // first, get the password information try { getPasswordResult = dataStoreContext.wm_Users_GetPassword(applicationId, userName, email); } catch (Exception ex) { _Log.Error("Error at Users_GetPassword", ex); return(ValidateUserStatus.SqlError); } if (getPasswordResult == null) { return(ValidateUserStatus.UserNotFound); } if (getPasswordResult.AccountStatus == AccountStatus.Locked) { return(ValidateUserStatus.UserIsLockedOut); } if (getPasswordResult.AccountStatus == AccountStatus.Valid || getPasswordResult.AccountStatus == AccountStatus.AwaitingEmailVerification) { int returnValue; DateTime? lastActivityDateUtc = null; DateTime? lastLoginDateUtc = null; AccountStatus?status = null; int? failedPasswordAttemptCount = null; DateTime? lastLockoutDateUtc = null; if (!this.CheckPassword(password, getPasswordResult.Password, getPasswordResult.PasswordSalt, ((MembershipPasswordFormat)getPasswordResult.PasswordFormat))) {// wrong password try { returnValue = dataStoreContext.wm_Users_UpdateUserInfo(getPasswordResult.UserId, false, false, this.MaxInvalidPasswordAttempts , out lastActivityDateUtc, out lastLoginDateUtc, out status, out failedPasswordAttemptCount, out lastLockoutDateUtc); } catch (Exception ex) { _Log.Error("Error at Users_GetPassword", ex); return(ValidateUserStatus.SqlError); } if (returnValue < 0) { _Log.Error("Error at Users_UpdateUserInfo, ErrorCode: " + returnValue); } _Log.InfoFormat("User {0} entered an invalid password.", getPasswordResult.UserId); return(ValidateUserStatus.WrongPassword); // we return wrong password for now, if the user was locked out due to too many invalid password attempts, we will get this information at the next login attempt } else { try { returnValue = dataStoreContext.wm_Users_UpdateUserInfo(getPasswordResult.UserId, true, true, this.MaxInvalidPasswordAttempts , out lastActivityDateUtc, out lastLoginDateUtc, out status, out failedPasswordAttemptCount, out lastLockoutDateUtc); } catch (Exception ex) { _Log.Error("Error at Users_GetPassword", ex); return(ValidateUserStatus.SqlError); } if (returnValue < 0) { _Log.Error("Error at Users_UpdateUserInfo, ErrorCode: " + returnValue); return(ValidateUserStatus.SqlError); } else { try { userBasic = new UserBasic( getPasswordResult.UserId , getPasswordResult.UserName , getPasswordResult.Email , lastActivityDateUtc.Value , status.Value , getPasswordResult.DateCreatedUtc , lastLoginDateUtc.Value , getPasswordResult.ProfileImageId , getPasswordResult.TimeZoneInfoId , dataStoreContext.wm_Roles_GetByUserId(getPasswordResult.UserId)); } catch (Exception ex) { _Log.Error("Error at Roles_GetByUserId", ex); return(ValidateUserStatus.SqlError); } switch (status.Value) { case AccountStatus.AwaitingEmailVerification: return(ValidateUserStatus.AccountStatusAwaitingEmail); case AccountStatus.LockedAwaitingEmailVerification: case AccountStatus.Locked: return(ValidateUserStatus.UserIsLockedOut); case AccountStatus.Valid: _Log.DebugFormat("User {0} successfully validated", userBasic.UserId); return(ValidateUserStatus.Valid); default: return(ValidateUserStatus.SqlError); } } } } else { switch (getPasswordResult.AccountStatus) { case AccountStatus.Pending: return(ValidateUserStatus.AccountStatusPending); case AccountStatus.Deleted: return(ValidateUserStatus.AccountStatusDeleted); case AccountStatus.Banned: return(ValidateUserStatus.AccountStatusBanned); case AccountStatus.LockedAwaitingEmailVerification: case AccountStatus.Locked: return(ValidateUserStatus.UserIsLockedOut); default: return(ValidateUserStatus.SqlError); } } } }