Пример #1
0
        /// <summary>
        /// Updates the user password
        /// </summary>
        /// <param name="newPassword">new password</param>
        /// <param name="forceExpiration">force expiration</param>
        /// <returns>True if the password was set successfully; false otherwise</returns>
        public bool SetPassword(string newPassword, bool forceExpiration)
        {
            bool           isAdmin = this.IsAdmin;
            PasswordPolicy policy;

            if (isAdmin)
            {
                policy = new MerchantPasswordPolicy();
            }
            else
            {
                policy = new CustomerPasswordPolicy();
            }
            int      historyDays      = policy.HistoryDays;
            int      historyCount     = policy.HistoryCount;
            DateTime lastPasswordDate = LocaleHelper.LocalNow.AddDays(-1 * historyDays);
            UserPasswordCollection passwordCollection = this.Passwords;
            int passwordCount = passwordCollection.Count;

            for (int i = passwordCount - 1; i >= 0; i--)
            {
                UserPassword oldPassword = passwordCollection[i];
                if ((oldPassword.PasswordNumber >= historyCount) && (oldPassword.CreateDate <= lastPasswordDate))
                {
                    passwordCollection[i].Delete();
                    passwordCollection.RemoveAt(i);
                }
                else
                {
                    passwordCollection[i].PasswordNumber++;
                }
            }
            UserPassword userPassword = new UserPassword();

            userPassword.Password        = UserPasswordHelper.EncodePassword(newPassword, policy.PasswordFormat);
            userPassword.PasswordFormat  = policy.PasswordFormat;
            userPassword.PasswordNumber  = 1;
            userPassword.CreateDate      = LocaleHelper.LocalNow;
            userPassword.ForceExpiration = forceExpiration;
            passwordCollection.Add(userPassword);
            this.LastPasswordChangedDate = userPassword.CreateDate;
            bool result = (this.Save() != SaveResult.Failed);

            if (isAdmin)
            {
                Logger.Audit(AuditEventType.PasswordChanged, result, string.Empty);
            }
            return(result);
        }
Пример #2
0
        public static UserPasswordCollection LoadForUser(Int32 userId, int maximumRows, int startRowIndex, string sortExpression)
        {
            //CREATE THE DYNAMIC SQL TO LOAD OBJECT
            StringBuilder selectQuery = new StringBuilder();

            selectQuery.Append("SELECT");
            if (maximumRows > 0)
            {
                selectQuery.Append(" TOP " + (startRowIndex + maximumRows).ToString());
            }
            selectQuery.Append(" " + UserPassword.GetColumnNames(string.Empty));
            selectQuery.Append(" FROM ac_UserPasswords");
            selectQuery.Append(" WHERE UserId = @userId");
            if (!string.IsNullOrEmpty(sortExpression))
            {
                selectQuery.Append(" ORDER BY " + sortExpression);
            }
            Database  database      = Token.Instance.Database;
            DbCommand selectCommand = database.GetSqlStringCommand(selectQuery.ToString());

            database.AddInParameter(selectCommand, "@userId", System.Data.DbType.Int32, userId);
            //EXECUTE THE COMMAND
            UserPasswordCollection results = new UserPasswordCollection();
            int thisIndex = 0;
            int rowCount  = 0;

            using (IDataReader dr = database.ExecuteReader(selectCommand))
            {
                while (dr.Read() && ((maximumRows < 1) || (rowCount < maximumRows)))
                {
                    if (thisIndex >= startRowIndex)
                    {
                        UserPassword userPassword = new UserPassword();
                        UserPassword.LoadDataReader(userPassword, dr);
                        results.Add(userPassword);
                        rowCount++;
                    }
                    thisIndex++;
                }
                dr.Close();
            }
            return(results);
        }
Пример #3
0
        /// <summary>
        /// Validates the given username and password
        /// </summary>
        /// <param name="username">Name of user attempting login</param>
        /// <param name="password">Password provided by user</param>
        /// <returns>True if the login succeeds; false otherwise.</returns>
        public static bool Login(string username, string password)
        {
            User user = UserDataSource.LoadForUserName(username);

            if (user == null)
            {
                return(AuditLogin_InvalidUsername(username));
            }
            if (!user.IsApproved)
            {
                return(AuditLogin_Unapproved(user));
            }
            UserPasswordCollection passwordCollection = user.Passwords;

            if (passwordCollection.Count == 0)
            {
                return(AuditLogin_NoPassword(user));
            }
            UserPassword   storedPassword  = passwordCollection[0];
            bool           isPasswordValid = storedPassword.VerifyPassword(password);
            PasswordPolicy policy;

            if (user.IsAdmin)
            {
                policy = new MerchantPasswordPolicy();
            }
            else
            {
                policy = new CustomerPasswordPolicy();
            }
            if (user.IsLockedOut)
            {
                if (user.LastLockoutDate >= LocaleHelper.LocalNow.AddMinutes(-1 * policy.LockoutPeriod))
                {
                    //STILL LOCKED OUT
                    // BUG # 6688 (DONT RESET THE LOCKOUT TIME IF ACCOUNT ALREADY LOCKED)
                    // ALSO IGNORE THE LOGIN ATTEMPTS
                    //if (!isPasswordValid)
                    //{
                    //    user.LastLockoutDate = LocaleHelper.LocalNow;
                    //    user.FailedPasswordAttemptCount += 1;
                    //    user.Save();
                    //}
                    return(AuditLogin_AccountLocked(user));
                }
                user.IsLockedOut = false;
            }
            if (isPasswordValid)
            {
                user.FailedPasswordAttemptCount = 0;
                user.LastLoginDate = LocaleHelper.LocalNow;
                user.Save();
                return(AuditLogin_Success(user));
            }
            else
            {
                user.FailedPasswordAttemptCount += 1;
                if (user.FailedPasswordAttemptCount >= policy.MaxAttempts)
                {
                    user.IsLockedOut = true;
                    // RESET THE FAILED ATTEMPTS COUNT
                    user.FailedPasswordAttemptCount = 0;
                    user.LastLockoutDate            = LocaleHelper.LocalNow;
                }
                user.Save();
                return(AuditLogin_InvalidPassword(user));
            }
        }