/// <summary>
/// Change Users password Question and Answer
/// </summary>
/// <param name="username">Username to change Q&A for</param>
/// <param name="password">Password</param>
/// <param name="newPasswordQuestion">New question</param>
/// <param name="newPasswordAnswer">New answer</param>
/// <returns> Boolean depending on whether the change was successful</returns>
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
// Check arguments for null values
if ((username == null) || (password == null) || (newPasswordQuestion == null) || (newPasswordAnswer == null))
{
throw new ArgumentException("Username, Password, Password Question or Password Answer cannot be null");
}
UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
newPasswordAnswer = YafMembershipProvider.EncodeString(newPasswordAnswer, currentPasswordInfo.PasswordFormat, currentPasswordInfo.PasswordSalt, this.UseSalt);
if (currentPasswordInfo != null && currentPasswordInfo.IsCorrectPassword(password))
{
try
{
DB.ChangePasswordQuestionAndAnswer(this.ApplicationName, username, newPasswordQuestion, newPasswordAnswer);
return(true);
}
catch
{
// will return false...
}
}
return(false); // Invalid password return false
}
/// <summary>
/// Reset a users password - *
/// </summary>
/// <param name="username">User to be found based by Name</param>
/// <param name="answer">Verifcation that it is them</param>
/// <returns>Username as string</returns>
public override string ResetPassword(string username, string answer)
{
string newPassword = string.Empty, newPasswordEnc = string.Empty, newPasswordSalt = string.Empty, newPasswordAnswer = string.Empty;
/// Check Password reset is enabled
if (!(this.EnablePasswordReset))
{
ExceptionReporter.ThrowNotSupported("MEMBERSHIP", "RESETNOTSUPPORTED");
}
// Check arguments for null values
if (username == null)
{
ExceptionReporter.ThrowArgument("MEMBERSHIP", "USERNAMEPASSWORDNULL");
}
// get an instance of the current password information class
UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
if (currentPasswordInfo != null)
{
if (UseSalt && String.IsNullOrEmpty(currentPasswordInfo.PasswordSalt))
{
// get a new password salt...
newPasswordSalt = YafMembershipProvider.GenerateSalt();
}
else
{
// use existing salt...
newPasswordSalt = currentPasswordInfo.PasswordSalt;
}
if (!String.IsNullOrEmpty(answer))
{
// verify answer is correct...
if (!currentPasswordInfo.IsCorrectAnswer(answer))
{
return(null);
}
}
// create a new password
newPassword = YafMembershipProvider.GeneratePassword(this.MinRequiredPasswordLength, this.MinRequiredNonAlphanumericCharacters);
// encode it...
newPasswordEnc = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt);
// save to the database
DB.ResetPassword(this.ApplicationName, username, newPasswordEnc, newPasswordSalt, ( int )this.PasswordFormat, this.MaxInvalidPasswordAttempts, this.PasswordAttemptWindow);
// Return unencrypted password
return(newPassword);
}
return(null);
}
/// <summary>
/// Checks the password against the one provided for validity
/// </summary>
/// <param name="passwordToCheck">
/// </param>
/// <returns>
/// The is correct password.
/// </returns>
public bool IsCorrectPassword(string passwordToCheck)
{
return
(this.Password.Equals(
YafMembershipProvider.EncodeString(
passwordToCheck,
this.PasswordFormat,
this.PasswordSalt,
this.UseSalt,
this.HashHex,
this.hashCase,
this.hashRemoveChars,
this.msCompliant)));
}
/// <summary>
/// Change Users password
/// </summary>
/// <param name="username">Username to change password for</param>
/// <param name="oldpassword">Password</param>
/// <param name="newPassword">New question</param>
/// <returns> Boolean depending on whether the change was successful</returns>
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
string newPasswordSalt = string.Empty;
string newEncPassword = string.Empty;
// Clean input
// Check password meets requirements as set by Configuration settings
if (!(this.IsPasswordCompliant(newPassword)))
{
return(false);
}
UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
// validate the correct user information was found...
if (currentPasswordInfo == null)
{
return(false);
}
// validate the correct user password was entered...
if (!currentPasswordInfo.IsCorrectPassword(oldPassword))
{
return(false);
}
// generate a salt if desired...
if (UseSalt)
{
newPasswordSalt = YafMembershipProvider.GenerateSalt();
}
// encode new password
newEncPassword = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt);
// Call SQL Password to Change
DB.ChangePassword(this.ApplicationName, username, newEncPassword, newPasswordSalt, ( int )this.PasswordFormat, currentPasswordInfo.PasswordAnswer);
// Return True
return(true);
}
/// <summary>
/// Retrieves the Users password (if EnablePasswordRetrieval is true)
/// </summary>
/// <param name="username">Username to retrieve password for</param>
/// <param name="answer">Answer to the Users Membership Question</param>
/// <param name="newPasswordQuestion">New question</param>
/// <param name="newPasswordAnswer">New answer</param>
/// <returns> Password unencrypted</returns>
public override string GetPassword(string username, string answer)
{
if (!this.EnablePasswordRetrieval)
{
ExceptionReporter.ThrowNotSupported("MEMBERSHIP", "PASSWORDRETRIEVALNOTSUPPORTED");
}
// Check for null arguments
if ((username == null) || (answer == null))
{
ExceptionReporter.ThrowArgument("MEMBERSHIP", "USERNAMEPASSWORDNULL");
}
UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt);
if (currentPasswordInfo != null && currentPasswordInfo.IsCorrectAnswer(answer))
{
return(YafMembershipProvider.DecodeString(currentPasswordInfo.Password, currentPasswordInfo.PasswordFormat));
}
return(null);
}
/// <summary>
/// Encrypt string to hash method.
/// </summary>
/// <param name="unencryptedString">String to be encrypted</param>
/// <param name="hastMethod">Hash method to be used for encryption</param>
/// <param name="salt">Salt to be used in Hash method</param>
/// <returns> Encrypted string</returns>
internal static string EncodeString(string unencodedString, int encFormat, string salt, bool useSalt)
{
string encodedPass = string.Empty;
MembershipPasswordFormat passwordFormat = ( MembershipPasswordFormat )Enum.ToObject(typeof(MembershipPasswordFormat), encFormat);
// Check to ensure string is not null or empty.
if (String.IsNullOrEmpty(unencodedString))
{
return(String.Empty);
}
if (useSalt && String.IsNullOrEmpty(salt))
{
// not a valid salt so disable...
useSalt = false;
}
if (useSalt && passwordFormat == MembershipPasswordFormat.Encrypted)
{
// cannot use a salt with encryption
useSalt = false;
}
byte [] unencodedBytes = Encoding.Unicode.GetBytes(unencodedString);
// compute total size of new buffer
int bufferLength = unencodedBytes.Length;
// handle salt buffer
byte [] saltBytes = null;
if (useSalt)
{
saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString());
// add salt length to buffer...
bufferLength += saltBytes.Length;
}
// Buffer used for algorithms...
byte [] buffer = new byte [bufferLength];
// copy password to hash buffer + salt
System.Buffer.BlockCopy(unencodedBytes, 0, buffer, 0, unencodedBytes.Length);
if (useSalt)
{
System.Buffer.BlockCopy(saltBytes, 0, buffer, unencodedBytes.Length - 1, saltBytes.Length);
}
// Check Encoding format / method
switch (passwordFormat)
{
case MembershipPasswordFormat.Clear:
// plain text
encodedPass = unencodedString;
break;
case MembershipPasswordFormat.Hashed:
if (useSalt)
{
encodedPass = Convert.ToBase64String(HashAlgorithm.Create(YafMembershipProvider.HashType()).ComputeHash(buffer));
}
else
{
encodedPass = FormsAuthentication.HashPasswordForStoringInConfigFile(unencodedString, YafMembershipProvider.HashType());
}
break;
case MembershipPasswordFormat.Encrypted:
encodedPass = Convert.ToBase64String((new YafMembershipProvider()).EncryptPassword(buffer));
break;
default:
encodedPass = FormsAuthentication.HashPasswordForStoringInConfigFile(unencodedString, YafMembershipProvider.HashType());
break;
}
return(encodedPass);
}
/// <summary>
/// Create user and add to provider
/// </summary>
/// <param name="username">Username</param>
/// <param name="password">Password</param>
/// <param name="email">Email Address</param>
/// <param name="passwordQuestion">Password Question</param>
/// <param name="passwordAnswer">Password Answer - used for password retrievals.</param>
/// <param name="isApproved">Is the User approved?</param>
/// <param name="providerUserKey">Provider User Key to identify the User</param>
/// <param name="status">Out - MembershipCreateStatus object containing status of the Create User process</param>
/// <returns> Boolean depending on whether the deletion was successful</returns>
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
// ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, password, true );
// OnValidatingPassword( e );
//
//if ( e.Cancel )
//{
// status = MembershipCreateStatus.InvalidPassword;
// return null;
//}
string salt = string.Empty, pass = string.Empty;
// Check password meets requirements as set out in the web.config
if (!(this.IsPasswordCompliant(password)))
{
status = MembershipCreateStatus.InvalidPassword;
return(null);
}
// Check password Question and Answer requirements.
if (this.RequiresQuestionAndAnswer)
{
if (String.IsNullOrEmpty(passwordQuestion))
{
status = MembershipCreateStatus.InvalidQuestion;
return(null);
}
if (String.IsNullOrEmpty(passwordAnswer))
{
status = MembershipCreateStatus.InvalidAnswer;
return(null);
}
}
// Check provider User Key
if (!(providerUserKey == null))
{
// IS not a duplicate key
if (!(this.GetUser(providerUserKey, false) == null))
{
status = MembershipCreateStatus.DuplicateProviderUserKey;
return(null);
}
}
// Check for unique email
if (this.RequiresUniqueEmail)
{
if (!(String.IsNullOrEmpty(this.GetUserNameByEmail(email))))
{
status = MembershipCreateStatus.DuplicateEmail; // Email exists
return(null);
}
}
// Check for unique user name
if (!(this.GetUser(username, false) == null))
{
status = MembershipCreateStatus.DuplicateUserName; // Username exists
return(null);
}
if (UseSalt)
{
salt = YafMembershipProvider.GenerateSalt();
}
pass = YafMembershipProvider.EncodeString(password, ( int )this.PasswordFormat, salt, this.UseSalt);
// Encode Password Answer
string encodedPasswordAnswer = YafMembershipProvider.EncodeString(passwordAnswer, ( int )this.PasswordFormat, salt, this.UseSalt);
// Process database user creation request
DB.CreateUser(this.ApplicationName, username, pass, salt, ( int )this.PasswordFormat, email, passwordQuestion, encodedPasswordAnswer, isApproved, providerUserKey);
status = MembershipCreateStatus.Success;
return(this.GetUser(username, false));
}
/// <summary>
/// Check to see if password(string) matches required criteria.
/// </summary>
/// <param name="password">Password to be checked</param>
/// <returns> True/False </returns>
private bool IsPasswordCompliant(string passsword)
{
return(YafMembershipProvider.IsPasswordCompliant(passsword, this.MinRequiredPasswordLength, this.MinRequiredNonAlphanumericCharacters, this.PasswordStrengthRegularExpression));
}
