public async Task <IActionResult> Post([FromBody] ChangePasswordModel model)
{
// Validate the request
if (model == null)
{
return(BadRequest(ApiResult.InvalidRequest()));
}
var result = new ApiResult();
// Validate the model
if (ModelState.IsValid == false)
{
result.AddModelStateErrors(ModelState);
return(BadRequest(result));
}
// Validate the Captcha
try
{
if (await ValidateRecaptcha(model.Recaptcha) == false)
{
result.Errors.Add(new ApiErrorItem
{
ErrorType = ApiErrorType.GeneralFailure,
ErrorCode = ApiErrorCode.InvalidCaptcha
});
}
}
catch (Exception ex)
{
result.Errors.Add(new ApiErrorItem
{
ErrorType = ApiErrorType.GeneralFailure,
ErrorCode = ApiErrorCode.Generic,
Message = ex.Message
});
}
if (result.HasErrors)
{
return(BadRequest(result));
}
var resultPasswordChange = _passwordChangeProvider.PerformPasswordChange(model);
if (resultPasswordChange != null)
{
result.Errors.Add(resultPasswordChange);
}
if (result.HasErrors)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
}
return(Json(result));
}
public async Task <IActionResult> Post([FromBody] ChangePasswordModel model)
{
// Validate the request
if (model == null)
{
return(BadRequest(ApiResult.InvalidRequest()));
}
var result = new ApiResult();
// Validate the model
if (ModelState.IsValid == false)
{
result.AddModelStateErrors(ModelState);
return(BadRequest(result));
}
// Validate the Captcha
try
{
if (await ValidateRecaptcha(model.Recaptcha) == false)
{
result.Errors.Add(new ApiErrorItem {
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.InvalidCaptcha
});
}
}
catch (Exception ex)
{
result.Errors.Add(new ApiErrorItem {
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.Generic, Message = ex.Message
});
}
if (result.HasErrors)
{
return(BadRequest(result));
}
// perform the password change
try
{
#if SWAN
var distinguishedName = await GetDN(model.Username);
if (string.IsNullOrEmpty(distinguishedName))
{
result.Errors.Add(new ApiErrorItem()
{
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.InvalidCredentials, Message = "Invalid Username or Password"
});
return(BadRequest(result));
}
var cn = new LdapConnection();
await cn.Connect(_options.PasswordChangeOptions.LdapHostname, _options.PasswordChangeOptions.LdapPort);
await cn.Bind(_options.PasswordChangeOptions.LdapUsername, _options.PasswordChangeOptions.LdapPassword);
var modList = new ArrayList();
var attribute = new LdapAttribute("userPassword", model.NewPassword);
modList.Add(new LdapModification(LdapModificationOp.Replace, attribute));
var mods = (LdapModification[])modList.ToArray(typeof(LdapModification));
await cn.Modify(distinguishedName, mods);
cn.Disconnect();
#else
using (var principalContext = AcquirePrincipalContext())
{
var userPrincipal = AcquireUserPricipal(principalContext, model.Username);
// Check if the user principal exists
if (userPrincipal == null)
{
result.Errors.Add(new ApiErrorItem {
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.UserNotFound, Message = "Invalid Username or Password"
});
return(BadRequest(result));
}
// Check if password change is allowed
if (userPrincipal.UserCannotChangePassword)
{
throw new Exception(_options.ClientSettings.Alerts.ErrorPasswordChangeNotAllowed);
}
// Validate user credentials
if (principalContext.ValidateCredentials(model.Username, model.CurrentPassword) == false)
{
throw new Exception(_options.ClientSettings.Alerts.ErrorInvalidCredentials);
}
// Verify user is not a member of an excluded group
if (_options.ClientSettings.CheckRestrictedAdGroups)
{
foreach (Principal userPrincipalAuthGroup in userPrincipal.GetAuthorizationGroups())
{
if (_options.ClientSettings.RestrictedADGroups.Contains(userPrincipalAuthGroup.Name))
{
throw new Exception(_options.ClientSettings.Alerts.ErrorPasswordChangeNotAllowed);
}
}
}
// Change the password via 2 different methods. Try SetPassword if ChangePassword fails.
try
{
// Try by regular ChangePassword method
userPrincipal.ChangePassword(model.CurrentPassword, model.NewPassword);
}
catch (Exception ex2)
{
// If the previous attempt failed, use the SetPassword method.
if (_options.PasswordChangeOptions.UseAutomaticContext == false)
{
userPrincipal.SetPassword(model.NewPassword);
}
else
{
throw ex2;
}
}
userPrincipal.Save();
}
#endif
}
catch (Exception ex)
{
result.Errors.Add(new ApiErrorItem {
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.Generic, Message = ex.Message
});
return(BadRequest(result));
}
if (result.HasErrors)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
}
return(Json(result));
}
public async Task <IActionResult> Post([FromBody] ChangePasswordModel model)
{
// Validate the request
if (model == null)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(ApiResult.InvalidRequest()));
}
var result = new ApiResult();
// Validate the model
if (ModelState.IsValid == false)
{
result.AddModelStateErrors(ModelState);
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(result));
}
// Validate the Captcha
try
{
if (await ValidateRecaptcha(model.Recaptcha) == false)
{
result.Errors.Add(new ApiErrorItem()
{
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.InvalidCaptcha
});
}
}
catch (Exception ex)
{
result.Errors.Add(new ApiErrorItem()
{
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.Generic, Message = ex.Message
});
}
if (result.HasErrors)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(result));
}
// perform the password change
try
{
var principalContext = new PrincipalContext(ContextType.Domain);
var userPrincipal = UserPrincipal.FindByIdentity(principalContext, model.Username);
if (userPrincipal == null)
{
result.Errors.Add(new ApiErrorItem()
{
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.UserNotFound
});
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(result));
}
userPrincipal.ChangePassword(model.CurrentPassword, model.NewPassword);
userPrincipal.Save();
}
catch (Exception ex)
{
result.Errors.Add(new ApiErrorItem()
{
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.Generic, Message = ex.Message
});
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(result));
}
if (result.HasErrors)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
}
return(Json(result));
}
public async Task <IActionResult> Post([FromBody] ChangePasswordModel model)
{
// Validate the request
if (model == null)
{
return(BadRequest(ApiResult.InvalidRequest()));
}
var result = new ApiResult();
// Validate the model
if (ModelState.IsValid == false)
{
result.AddModelStateErrors(ModelState);
return(BadRequest(result));
}
// Validate the Captcha
try
{
// Sonar-Codacy suggested ConfigureAwait
if (await ValidateRecaptcha(model.Recaptcha).ConfigureAwait(false) == false)
{
result.Errors.Add(new ApiErrorItem {
ErrorCode = ApiErrorCode.InvalidCaptcha
});
}
}
catch (Exception ex)
{
result.Errors.Add(new ApiErrorItem
{
ErrorCode = ApiErrorCode.Generic,
Message = ex.Message
});
}
if (result.HasErrors)
{
return(BadRequest(result));
}
var currentUsername = GetUserName(model, result);
if (result.HasErrors)
{
return(BadRequest(result));
}
var resultPasswordChange = _passwordChangeProvider.PerformPasswordChange(currentUsername, model.CurrentPassword, model.NewPassword);
if (resultPasswordChange != null)
{
result.Errors.Add(resultPasswordChange);
}
if (result.HasErrors)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
}
return(Json(result));
}
public async Task <IActionResult> Post([FromBody] ChangePasswordModel model)
{
// Validate the request
if (model == null)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(ApiResult.InvalidRequest()));
}
var result = new ApiResult();
// Validate the model
if (ModelState.IsValid == false)
{
result.AddModelStateErrors(ModelState);
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(result));
}
// Validate the Captcha
try
{
if (await ValidateRecaptcha(model.Recaptcha) == false)
{
result.Errors.Add(new ApiErrorItem()
{
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.InvalidCaptcha
});
}
}
catch (Exception ex)
{
result.Errors.Add(new ApiErrorItem()
{
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.Generic, Message = ex.Message
});
}
if (result.HasErrors)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(result));
}
// perform the password change
try
{
using (var principalContext = AcquirePrincipalContext())
{
var userPrincipal = AcquireUserPricipal(principalContext, model.Username);
// Check if the user principal exists
if (userPrincipal == null)
{
result.Errors.Add(new ApiErrorItem()
{
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.UserNotFound
});
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(result));
}
// Check if password change is allowed
if (userPrincipal.UserCannotChangePassword)
{
throw new Exception(Settings.ClientSettings.Alerts.ErrorPasswordChangeNotAllowed);
}
// Validate user credentials
if (principalContext.ValidateCredentials(model.Username, model.CurrentPassword) == false)
{
throw new Exception(Settings.ClientSettings.Alerts.ErrorInvalidCredentials);
}
// Change the password via 2 different methods. Try SetPassword if ChangePassword fails.
try
{
// Try by regular ChangePassword method
userPrincipal.ChangePassword(model.CurrentPassword, model.NewPassword);
}
catch (Exception ex2)
{
// If the previous attempt failed, use the SetPassword method.
if (Settings.PasswordChangeOptions.UseAutomaticContext == false)
{
userPrincipal.SetPassword(model.NewPassword);
}
else
{
throw ex2;
}
}
userPrincipal.Save();
}
}
catch (Exception ex)
{
result.Errors.Add(new ApiErrorItem()
{
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.Generic, Message = ex.Message
});
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(result));
}
if (result.HasErrors)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
}
return(Json(result));
}
public async Task <IActionResult> Post([FromBody] ChangePasswordModel model)
{
// Validate the request
if (model == null)
{
return(BadRequest(ApiResult.InvalidRequest()));
}
var result = new ApiResult();
// Validate the model
if (ModelState.IsValid == false)
{
result.AddModelStateErrors(ModelState);
return(BadRequest(result));
}
// Validate the Captcha
try
{
if (await ValidateRecaptcha(model.Recaptcha) == false)
{
result.Errors.Add(new ApiErrorItem {
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.InvalidCaptcha
});
}
}
catch (Exception ex)
{
result.Errors.Add(new ApiErrorItem {
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.Generic, Message = ex.Message
});
}
if (result.HasErrors)
{
return(BadRequest(result));
}
// perform the password change
try
{
#if SWAN
var distinguishedName = await GetDN(model.Username);
if (string.IsNullOrEmpty(distinguishedName))
{
result.Errors.Add(new ApiErrorItem()
{
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.InvalidCredentials, Message = "Invalid Username or Password"
});
return(BadRequest(result));
}
var cn = new LdapConnection();
await cn.Connect(_options.PasswordChangeOptions.LdapHostname, _options.PasswordChangeOptions.LdapPort);
await cn.Bind(_options.PasswordChangeOptions.LdapUsername, _options.PasswordChangeOptions.LdapPassword);
var modList = new ArrayList();
var attribute = new LdapAttribute("userPassword", model.NewPassword);
modList.Add(new LdapModification(LdapModificationOp.Replace, attribute));
var mods = (LdapModification[])modList.ToArray(typeof(LdapModification));
await cn.Modify(distinguishedName, mods);
cn.Disconnect();
#else
using (var principalContext = AcquirePrincipalContext())
{
var userPrincipal = AcquireUserPricipal(principalContext, model.Username);
// Check if the user principal exists
if (userPrincipal == null)
{
result.Errors.Add(new ApiErrorItem {
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.UserNotFound, Message = "Invalid Username or Password"
});
return(BadRequest(result));
}
// Check if password change is allowed
if (userPrincipal.UserCannotChangePassword)
{
throw new Exception(_options.ClientSettings.Alerts.ErrorPasswordChangeNotAllowed);
}
// Validate user credentials
if (principalContext.ValidateCredentials(model.Username, model.CurrentPassword) == false)
{
// Your new authenticate code snippet
IntPtr token = IntPtr.Zero;
try
{
var parts = userPrincipal.UserPrincipalName.Split(new [] { '@' }, StringSplitOptions.RemoveEmptyEntries);
string domain = parts.Length > 1 ? parts[1] : null;
if (domain == null)
{
throw new Exception(_options.ClientSettings.Alerts.ErrorInvalidCredentials);
}
if (!PasswordChangeFallBack.LogonUser(model.Username, domain, model.CurrentPassword, PasswordChangeFallBack.LogonTypes.Network, PasswordChangeFallBack.LogonProviders.Default, out token))
{
int errorCode = System.Runtime.InteropServices.Marshal.GetLastWin32Error();
switch (errorCode)
{
case PasswordChangeFallBack.ERROR_PASSWORD_MUST_CHANGE:
case PasswordChangeFallBack.ERROR_PASSWORD_EXPIRED:
// Both of these means that the password CAN change and that we got the correct password
break;
default:
throw new Exception(_options.ClientSettings.Alerts.ErrorInvalidCredentials);
}
}
}
finally
{
PasswordChangeFallBack.CloseHandle(token);
}
}
// Verify user is not a member of an excluded group
if (_options.ClientSettings.CheckRestrictedAdGroups)
{
foreach (Principal userPrincipalAuthGroup in userPrincipal.GetAuthorizationGroups())
{
if (_options.ClientSettings.RestrictedADGroups.Contains(userPrincipalAuthGroup.Name))
{
throw new Exception(_options.ClientSettings.Alerts.ErrorPasswordChangeNotAllowed);
}
}
}
// Change the password via 2 different methods. Try SetPassword if ChangePassword fails.
try
{
// Try by regular ChangePassword method
userPrincipal.ChangePassword(model.CurrentPassword, model.NewPassword);
}
catch (Exception ex2)
{
// If the previous attempt failed, use the SetPassword method.
if (_options.PasswordChangeOptions.UseAutomaticContext == false)
{
userPrincipal.SetPassword(model.NewPassword);
}
else
{
throw ex2;
}
}
userPrincipal.Save();
}
#endif
}
catch (Exception ex)
{
result.Errors.Add(new ApiErrorItem {
ErrorType = ApiErrorType.GeneralFailure, ErrorCode = ApiErrorCode.Generic, Message = ex.Message
});
return(BadRequest(result));
}
if (result.HasErrors)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
}
return(Json(result));
}
public async Task <IActionResult> Post([FromBody] ChangePasswordModel model)
{
// Validate the request
if (model == null)
{
return(BadRequest(ApiResult.InvalidRequest()));
}
var result = new ApiResult();
// Validate the model
if (ModelState.IsValid == false)
{
result.AddModelStateErrors(ModelState);
return(BadRequest(result));
}
// Validate the Captcha
try
{
// Sonar-Codacy suggested ConfigureAwait
if (await ValidateRecaptcha(model.Recaptcha).ConfigureAwait(false) == false)
{
result.Errors.Add(new ApiErrorItem {
ErrorCode = ApiErrorCode.InvalidCaptcha
});
}
}
catch (Exception ex)
{
result.Errors.Add(new ApiErrorItem
{
ErrorCode = ApiErrorCode.Generic,
Message = ex.Message
});
}
if (result.HasErrors)
{
return(BadRequest(result));
}
// Check for default domain: if none given, ensure EFLD can be used as an override.
var parts = model.Username.Split(new[] { '@' }, StringSplitOptions.RemoveEmptyEntries);
var domain = parts.Length > 1 ? parts[1] : _options.ClientSettings.DefaultDomain;
// Domain-determinance
if (string.IsNullOrEmpty(domain))
{
result.Errors.Add(new ApiErrorItem {
ErrorCode = ApiErrorCode.InvalidDomain
});
return(BadRequest(result));
}
var currentUsername = parts.Length > 1 ? model.Username : $"{model.Username}@{domain}";
var resultPasswordChange = _passwordChangeProvider.PerformPasswordChange(currentUsername, model.CurrentPassword, model.NewPassword);
if (resultPasswordChange != null)
{
result.Errors.Add(resultPasswordChange);
}
if (result.HasErrors)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
}
return(Json(result));
}