public ChangePasswordStatus ChangePassword(int applicationId, IUserBasic userBasic, string oldPassword, string newPassword)
{
wm_User_GetPassword_QueryResult getPasswordResult = null;
try
{
using (IDataStoreContext dataStoreContext = this.DataStore.CreateContext())
{
getPasswordResult = dataStoreContext.wm_Users_GetPassword(applicationId, userBasic.UserName, null);
}
}
catch (Exception ex)
{
_Log.Error("Error at Users_GetPassword", ex);
throw new DataStoreException(ex, true);
}
if (!this.CheckPassword(oldPassword, getPasswordResult.Password, getPasswordResult.PasswordSalt, ((MembershipPasswordFormat)getPasswordResult.PasswordFormat)))
{
return(ChangePasswordStatus.OldPasswordValidationFailed);
}
string text = this.GenerateSalt();
ValidatePasswordStatus result = ValidatePasswordStatus.Valid;
if (!this.IsPasswordValid(newPassword, text, out result))
{
return((ChangePasswordStatus)result);
}
ChangePasswordStatus changePasswordStatus;
try
{
using (IDataStoreContext dataStoreContext = this.DataStore.CreateContext())
{
changePasswordStatus = dataStoreContext.wm_Users_SetPassword(userBasic.UserId, this.EncodePassword(newPassword, text, this.PasswordFormat), text, (byte)this.PasswordFormat) == 0
? ChangePasswordStatus.NoRecordRowAffected
: ChangePasswordStatus.Success;
}
}
catch (Exception ex)
{
_Log.Error("Error at ChangePassword.Users_SetPassword", ex);
throw new DataStoreException(ex, true);
}
return(changePasswordStatus);
}
public ValidateUserStatus ValidateUser(int applicationId, string usernameOrEmail, string password, out IUserBasic userBasic)
{
userBasic = UserBasic.GetAnonymousUserInstance();
wm_User_GetPassword_QueryResult getPasswordResult = null;
string userName = null;
string email = null;
this.GetEmailOrUsername(usernameOrEmail, out userName, out email);
using (IDataStoreContext dataStoreContext = this.DataStore.CreateContext())
{
// first, get the password information
try { getPasswordResult = dataStoreContext.wm_Users_GetPassword(applicationId, userName, email); }
catch (Exception ex)
{
_Log.Error("Error at Users_GetPassword", ex);
return(ValidateUserStatus.SqlError);
}
if (getPasswordResult == null)
{
return(ValidateUserStatus.UserNotFound);
}
if (getPasswordResult.AccountStatus == AccountStatus.Locked)
{
return(ValidateUserStatus.UserIsLockedOut);
}
if (getPasswordResult.AccountStatus == AccountStatus.Valid || getPasswordResult.AccountStatus == AccountStatus.AwaitingEmailVerification)
{
int returnValue;
DateTime? lastActivityDateUtc = null;
DateTime? lastLoginDateUtc = null;
AccountStatus?status = null;
int? failedPasswordAttemptCount = null;
DateTime? lastLockoutDateUtc = null;
if (!this.CheckPassword(password, getPasswordResult.Password, getPasswordResult.PasswordSalt, ((MembershipPasswordFormat)getPasswordResult.PasswordFormat)))
{// wrong password
try
{
returnValue = dataStoreContext.wm_Users_UpdateUserInfo(getPasswordResult.UserId, false, false, this.MaxInvalidPasswordAttempts
, out lastActivityDateUtc, out lastLoginDateUtc, out status, out failedPasswordAttemptCount, out lastLockoutDateUtc);
}
catch (Exception ex)
{
_Log.Error("Error at Users_GetPassword", ex);
return(ValidateUserStatus.SqlError);
}
if (returnValue < 0)
{
_Log.Error("Error at Users_UpdateUserInfo, ErrorCode: " + returnValue);
}
_Log.InfoFormat("User {0} entered an invalid password.", getPasswordResult.UserId);
return(ValidateUserStatus.WrongPassword); // we return wrong password for now, if the user was locked out due to too many invalid password attempts, we will get this information at the next login attempt
}
else
{
try
{
returnValue = dataStoreContext.wm_Users_UpdateUserInfo(getPasswordResult.UserId, true, true, this.MaxInvalidPasswordAttempts
, out lastActivityDateUtc, out lastLoginDateUtc, out status, out failedPasswordAttemptCount, out lastLockoutDateUtc);
}
catch (Exception ex)
{
_Log.Error("Error at Users_GetPassword", ex);
return(ValidateUserStatus.SqlError);
}
if (returnValue < 0)
{
_Log.Error("Error at Users_UpdateUserInfo, ErrorCode: " + returnValue);
return(ValidateUserStatus.SqlError);
}
else
{
try
{
userBasic = new UserBasic(
getPasswordResult.UserId
, getPasswordResult.UserName
, getPasswordResult.Email
, lastActivityDateUtc.Value
, status.Value
, getPasswordResult.DateCreatedUtc
, lastLoginDateUtc.Value
, getPasswordResult.ProfileImageId
, getPasswordResult.TimeZoneInfoId
, dataStoreContext.wm_Roles_GetByUserId(getPasswordResult.UserId));
}
catch (Exception ex)
{
_Log.Error("Error at Roles_GetByUserId", ex);
return(ValidateUserStatus.SqlError);
}
switch (status.Value)
{
case AccountStatus.AwaitingEmailVerification: return(ValidateUserStatus.AccountStatusAwaitingEmail);
case AccountStatus.LockedAwaitingEmailVerification:
case AccountStatus.Locked: return(ValidateUserStatus.UserIsLockedOut);
case AccountStatus.Valid:
_Log.DebugFormat("User {0} successfully validated", userBasic.UserId);
return(ValidateUserStatus.Valid);
default: return(ValidateUserStatus.SqlError);
}
}
}
}
else
{
switch (getPasswordResult.AccountStatus)
{
case AccountStatus.Pending: return(ValidateUserStatus.AccountStatusPending);
case AccountStatus.Deleted: return(ValidateUserStatus.AccountStatusDeleted);
case AccountStatus.Banned: return(ValidateUserStatus.AccountStatusBanned);
case AccountStatus.LockedAwaitingEmailVerification:
case AccountStatus.Locked: return(ValidateUserStatus.UserIsLockedOut);
default: return(ValidateUserStatus.SqlError);
}
}
}
}
