private TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest GetPasswordResetRequest(Guid accountID)
{
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordResetRequest = null;
//get the user by username first then we can figure out if the password is ok
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordRequestCriteria =
new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME])
{
AccountID = accountID
};
TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest searchReturned =
new TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]);
searchReturned.FillByCriteriaExact(foundPasswordRequestCriteria);
if (searchReturned != null && searchReturned.Count > 0)
{
//there should only be one
if (searchReturned.Count == 1)
{
foundPasswordResetRequest = (TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest)searchReturned[0];
}
else
{
throw new ApplicationException("There should only be one email address with this profile, but there is more than one, contact administrator");
}
}
return(foundPasswordResetRequest);
}
public bool ResetPassword(string username, string email, string passwordResetRequestCode, string newPassword)
{
bool success = false;
//1) Find the passwordResetRequestCode Record if it exists, which gives the account id
//2) Get the AccountRecord
//3) Update the Password = newPassword and the Deleted flag = true, call update on bo to update in database
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordResetRequest = null;
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest passwordResetSearchCriteria =
new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME])
{
PasswordResetCode = passwordResetRequestCode
};
TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest passwordResetSearchReturned =
new TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]);
passwordResetSearchReturned.FillByCriteriaExact(passwordResetSearchCriteria);
if (passwordResetSearchReturned != null && passwordResetSearchReturned.Count > 0)
{
if (passwordResetSearchReturned.Count == 1)
{
foundPasswordResetRequest = (TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest)passwordResetSearchReturned[0];
//make sure that the email or username is valid
TestSprocGenerator.Business.SingleTable.Bo.Account foundAccount = null;
string emailAddress = DetermineEmailGetAccountByEmailOrUsername(username, email, out foundAccount);
if (foundAccount != null)
{
//account is valid if the accountid of the returned record and the password request record accountID match
if (foundAccount.AccountID == foundPasswordResetRequest.AccountID)
{
//TODO: should probably do this in a transaction instead of having the possibility of one of these
//failing
foundAccount.Deleted = false;
foundAccount.AccountPassword = HashSaltHelper.CreatePasswordHash(newPassword,
HashSaltHelper.CreateSalt());
foundAccount.Update();
foundPasswordResetRequest.Delete();
success = true;
}
else
{
throw new ApplicationException("Email or Username provided does not match the Password Reset Request code record");
}
}
else
{
throw new ApplicationException("Email or Username provided is not valid");
}
}
}
return(success);
}
private string ProcessPasswordReset(string username, string email)
{
TestSprocGenerator.Business.SingleTable.Bo.Account foundAccount = null;
string emailAddress = DetermineEmailGetAccountByEmailOrUsername(username, email, out foundAccount);
string passwordResetRequestCode = null;
if (!string.IsNullOrEmpty(emailAddress) && (foundAccount != null))
{
bool passwordResetRequestOK = false;
//check if a reset request is already in the table, we already have the account by username or email determined
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest passwordResetRequestFound =
GetPasswordResetRequest(foundAccount.AccountID);
if (passwordResetRequestFound != null)
{
passwordResetRequestCode = passwordResetRequestFound.PasswordResetCode;
passwordResetRequestOK = true;
}
else
{
passwordResetRequestCode = GenerateNewPasswordResetCode();
passwordResetRequestOK = InsertNewPasswordResetRequestAndSetAccountDeleted(foundAccount, passwordResetRequestCode);
}
if (passwordResetRequestOK)
{
bool emailOK = EmailPasswordResetRequestCode(foundAccount, emailAddress, passwordResetRequestCode);
if (!emailOK)
{
throw new ApplicationException("Error sending email for password Reset, Account is Disabled, please try password reset request later and contact Administrator");
}
}
else
{
throw new ApplicationException("Error processing Password Reset, contact administrator");
}
//if no request already present then generate random reset password code,
//determine the email (which we do in both cases anyway), insert a record into the table,
//set the account to deleted = true (basically disabled) then finally email the code to the email address determined
}
else
{
throw new ApplicationException("Cannot determine email address password and or Account, reset not possible without it");
}
return(passwordResetRequestCode);
}
private bool InsertNewPasswordResetRequestAndSetAccountDeleted(TestSprocGenerator.Business.SingleTable.Bo.Account foundAccount, string passwordResetRequestCode)
{
bool success = false;
AccountDataAccess dataAccess = new AccountDataAccess();
TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest passwordResetRequest =
new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]);
passwordResetRequest.PasswordResetRequestID = Guid.NewGuid();
passwordResetRequest.AccountID = foundAccount.AccountID;
passwordResetRequest.PasswordResetCode = passwordResetRequestCode;
foundAccount.Deleted = true;
success = dataAccess.InsertNewPasswordResetRequestAndSetAccountDeleted(foundAccount, passwordResetRequestCode);
return(success);
}
