/// <summary>
/// Updates the user password
/// </summary>
/// <param name="newPassword">new password</param>
/// <param name="forceExpiration">force expiration</param>
/// <returns>True if the password was set successfully; false otherwise</returns>
public bool SetPassword(string newPassword, bool forceExpiration)
{
bool isAdmin = this.IsAdmin;
PasswordPolicy policy;
if (isAdmin)
{
policy = new MerchantPasswordPolicy();
}
else
{
policy = new CustomerPasswordPolicy();
}
int historyDays = policy.HistoryDays;
int historyCount = policy.HistoryCount;
DateTime lastPasswordDate = LocaleHelper.LocalNow.AddDays(-1 * historyDays);
UserPasswordCollection passwordCollection = this.Passwords;
int passwordCount = passwordCollection.Count;
for (int i = passwordCount - 1; i >= 0; i--)
{
UserPassword oldPassword = passwordCollection[i];
if ((oldPassword.PasswordNumber >= historyCount) && (oldPassword.CreateDate <= lastPasswordDate))
{
passwordCollection[i].Delete();
passwordCollection.RemoveAt(i);
}
else
{
passwordCollection[i].PasswordNumber++;
}
}
UserPassword userPassword = new UserPassword();
userPassword.Password = UserPasswordHelper.EncodePassword(newPassword, policy.PasswordFormat);
userPassword.PasswordFormat = policy.PasswordFormat;
userPassword.PasswordNumber = 1;
userPassword.CreateDate = LocaleHelper.LocalNow;
userPassword.ForceExpiration = forceExpiration;
passwordCollection.Add(userPassword);
this.LastPasswordChangedDate = userPassword.CreateDate;
bool result = (this.Save() != SaveResult.Failed);
if (isAdmin)
{
Logger.Audit(AuditEventType.PasswordChanged, result, string.Empty);
}
return(result);
}
public static UserPasswordCollection LoadForUser(Int32 userId, int maximumRows, int startRowIndex, string sortExpression)
{
//CREATE THE DYNAMIC SQL TO LOAD OBJECT
StringBuilder selectQuery = new StringBuilder();
selectQuery.Append("SELECT");
if (maximumRows > 0)
{
selectQuery.Append(" TOP " + (startRowIndex + maximumRows).ToString());
}
selectQuery.Append(" " + UserPassword.GetColumnNames(string.Empty));
selectQuery.Append(" FROM ac_UserPasswords");
selectQuery.Append(" WHERE UserId = @userId");
if (!string.IsNullOrEmpty(sortExpression))
{
selectQuery.Append(" ORDER BY " + sortExpression);
}
Database database = Token.Instance.Database;
DbCommand selectCommand = database.GetSqlStringCommand(selectQuery.ToString());
database.AddInParameter(selectCommand, "@userId", System.Data.DbType.Int32, userId);
//EXECUTE THE COMMAND
UserPasswordCollection results = new UserPasswordCollection();
int thisIndex = 0;
int rowCount = 0;
using (IDataReader dr = database.ExecuteReader(selectCommand))
{
while (dr.Read() && ((maximumRows < 1) || (rowCount < maximumRows)))
{
if (thisIndex >= startRowIndex)
{
UserPassword userPassword = new UserPassword();
UserPassword.LoadDataReader(userPassword, dr);
results.Add(userPassword);
rowCount++;
}
thisIndex++;
}
dr.Close();
}
return(results);
}
/// <summary>
/// Validates the given username and password
/// </summary>
/// <param name="username">Name of user attempting login</param>
/// <param name="password">Password provided by user</param>
/// <returns>True if the login succeeds; false otherwise.</returns>
public static bool Login(string username, string password)
{
User user = UserDataSource.LoadForUserName(username);
if (user == null)
{
return(AuditLogin_InvalidUsername(username));
}
if (!user.IsApproved)
{
return(AuditLogin_Unapproved(user));
}
UserPasswordCollection passwordCollection = user.Passwords;
if (passwordCollection.Count == 0)
{
return(AuditLogin_NoPassword(user));
}
UserPassword storedPassword = passwordCollection[0];
bool isPasswordValid = storedPassword.VerifyPassword(password);
PasswordPolicy policy;
if (user.IsAdmin)
{
policy = new MerchantPasswordPolicy();
}
else
{
policy = new CustomerPasswordPolicy();
}
if (user.IsLockedOut)
{
if (user.LastLockoutDate >= LocaleHelper.LocalNow.AddMinutes(-1 * policy.LockoutPeriod))
{
//STILL LOCKED OUT
// BUG # 6688 (DONT RESET THE LOCKOUT TIME IF ACCOUNT ALREADY LOCKED)
// ALSO IGNORE THE LOGIN ATTEMPTS
//if (!isPasswordValid)
//{
// user.LastLockoutDate = LocaleHelper.LocalNow;
// user.FailedPasswordAttemptCount += 1;
// user.Save();
//}
return(AuditLogin_AccountLocked(user));
}
user.IsLockedOut = false;
}
if (isPasswordValid)
{
user.FailedPasswordAttemptCount = 0;
user.LastLoginDate = LocaleHelper.LocalNow;
user.Save();
return(AuditLogin_Success(user));
}
else
{
user.FailedPasswordAttemptCount += 1;
if (user.FailedPasswordAttemptCount >= policy.MaxAttempts)
{
user.IsLockedOut = true;
// RESET THE FAILED ATTEMPTS COUNT
user.FailedPasswordAttemptCount = 0;
user.LastLockoutDate = LocaleHelper.LocalNow;
}
user.Save();
return(AuditLogin_InvalidPassword(user));
}
}