/// <summary> /// Change Users password Question and Answer /// </summary> /// <param name="username">Username to change Q&A for</param> /// <param name="password">Password</param> /// <param name="newPasswordQuestion">New question</param> /// <param name="newPasswordAnswer">New answer</param> /// <returns> Boolean depending on whether the change was successful</returns> public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer) { // Check arguments for null values if ((username == null) || (password == null) || (newPasswordQuestion == null) || (newPasswordAnswer == null)) { throw new ArgumentException("Username, Password, Password Question or Password Answer cannot be null"); } UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); newPasswordAnswer = YafMembershipProvider.EncodeString(newPasswordAnswer, currentPasswordInfo.PasswordFormat, currentPasswordInfo.PasswordSalt, this.UseSalt); if (currentPasswordInfo != null && currentPasswordInfo.IsCorrectPassword(password)) { try { DB.ChangePasswordQuestionAndAnswer(this.ApplicationName, username, newPasswordQuestion, newPasswordAnswer); return(true); } catch { // will return false... } } return(false); // Invalid password return false }
/// <summary> /// Reset a users password - * /// </summary> /// <param name="username">User to be found based by Name</param> /// <param name="answer">Verifcation that it is them</param> /// <returns>Username as string</returns> public override string ResetPassword(string username, string answer) { string newPassword = string.Empty, newPasswordEnc = string.Empty, newPasswordSalt = string.Empty, newPasswordAnswer = string.Empty; /// Check Password reset is enabled if (!(this.EnablePasswordReset)) { ExceptionReporter.ThrowNotSupported("MEMBERSHIP", "RESETNOTSUPPORTED"); } // Check arguments for null values if (username == null) { ExceptionReporter.ThrowArgument("MEMBERSHIP", "USERNAMEPASSWORDNULL"); } // get an instance of the current password information class UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); if (currentPasswordInfo != null) { if (UseSalt && String.IsNullOrEmpty(currentPasswordInfo.PasswordSalt)) { // get a new password salt... newPasswordSalt = YafMembershipProvider.GenerateSalt(); } else { // use existing salt... newPasswordSalt = currentPasswordInfo.PasswordSalt; } if (!String.IsNullOrEmpty(answer)) { // verify answer is correct... if (!currentPasswordInfo.IsCorrectAnswer(answer)) { return(null); } } // create a new password newPassword = YafMembershipProvider.GeneratePassword(this.MinRequiredPasswordLength, this.MinRequiredNonAlphanumericCharacters); // encode it... newPasswordEnc = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt); // save to the database DB.ResetPassword(this.ApplicationName, username, newPasswordEnc, newPasswordSalt, ( int )this.PasswordFormat, this.MaxInvalidPasswordAttempts, this.PasswordAttemptWindow); // Return unencrypted password return(newPassword); } return(null); }
/// <summary> /// Checks the password against the one provided for validity /// </summary> /// <param name="passwordToCheck"> /// </param> /// <returns> /// The is correct password. /// </returns> public bool IsCorrectPassword(string passwordToCheck) { return (this.Password.Equals( YafMembershipProvider.EncodeString( passwordToCheck, this.PasswordFormat, this.PasswordSalt, this.UseSalt, this.HashHex, this.hashCase, this.hashRemoveChars, this.msCompliant))); }
/// <summary> /// Change Users password /// </summary> /// <param name="username">Username to change password for</param> /// <param name="oldpassword">Password</param> /// <param name="newPassword">New question</param> /// <returns> Boolean depending on whether the change was successful</returns> public override bool ChangePassword(string username, string oldPassword, string newPassword) { string newPasswordSalt = string.Empty; string newEncPassword = string.Empty; // Clean input // Check password meets requirements as set by Configuration settings if (!(this.IsPasswordCompliant(newPassword))) { return(false); } UserPasswordInfo currentPasswordInfo = UserPasswordInfo.CreateInstanceFromDB(this.ApplicationName, username, false, this.UseSalt); // validate the correct user information was found... if (currentPasswordInfo == null) { return(false); } // validate the correct user password was entered... if (!currentPasswordInfo.IsCorrectPassword(oldPassword)) { return(false); } // generate a salt if desired... if (UseSalt) { newPasswordSalt = YafMembershipProvider.GenerateSalt(); } // encode new password newEncPassword = YafMembershipProvider.EncodeString(newPassword, ( int )this.PasswordFormat, newPasswordSalt, this.UseSalt); // Call SQL Password to Change DB.ChangePassword(this.ApplicationName, username, newEncPassword, newPasswordSalt, ( int )this.PasswordFormat, currentPasswordInfo.PasswordAnswer); // Return True return(true); }
/// <summary> /// Create user and add to provider /// </summary> /// <param name="username">Username</param> /// <param name="password">Password</param> /// <param name="email">Email Address</param> /// <param name="passwordQuestion">Password Question</param> /// <param name="passwordAnswer">Password Answer - used for password retrievals.</param> /// <param name="isApproved">Is the User approved?</param> /// <param name="providerUserKey">Provider User Key to identify the User</param> /// <param name="status">Out - MembershipCreateStatus object containing status of the Create User process</param> /// <returns> Boolean depending on whether the deletion was successful</returns> public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { // ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, password, true ); // OnValidatingPassword( e ); // //if ( e.Cancel ) //{ // status = MembershipCreateStatus.InvalidPassword; // return null; //} string salt = string.Empty, pass = string.Empty; // Check password meets requirements as set out in the web.config if (!(this.IsPasswordCompliant(password))) { status = MembershipCreateStatus.InvalidPassword; return(null); } // Check password Question and Answer requirements. if (this.RequiresQuestionAndAnswer) { if (String.IsNullOrEmpty(passwordQuestion)) { status = MembershipCreateStatus.InvalidQuestion; return(null); } if (String.IsNullOrEmpty(passwordAnswer)) { status = MembershipCreateStatus.InvalidAnswer; return(null); } } // Check provider User Key if (!(providerUserKey == null)) { // IS not a duplicate key if (!(this.GetUser(providerUserKey, false) == null)) { status = MembershipCreateStatus.DuplicateProviderUserKey; return(null); } } // Check for unique email if (this.RequiresUniqueEmail) { if (!(String.IsNullOrEmpty(this.GetUserNameByEmail(email)))) { status = MembershipCreateStatus.DuplicateEmail; // Email exists return(null); } } // Check for unique user name if (!(this.GetUser(username, false) == null)) { status = MembershipCreateStatus.DuplicateUserName; // Username exists return(null); } if (UseSalt) { salt = YafMembershipProvider.GenerateSalt(); } pass = YafMembershipProvider.EncodeString(password, ( int )this.PasswordFormat, salt, this.UseSalt); // Encode Password Answer string encodedPasswordAnswer = YafMembershipProvider.EncodeString(passwordAnswer, ( int )this.PasswordFormat, salt, this.UseSalt); // Process database user creation request DB.CreateUser(this.ApplicationName, username, pass, salt, ( int )this.PasswordFormat, email, passwordQuestion, encodedPasswordAnswer, isApproved, providerUserKey); status = MembershipCreateStatus.Success; return(this.GetUser(username, false)); }