/*************************************************************************************************/ public ChangeUserPasswordResult ChangeUserPassword(string originalPassword, string newPassword, string confirmPassword) { ChangeUserPasswordResult result = ChangeUserPasswordResult.Failed; if (IsLoggedIn()) { if (newPassword == confirmPassword) { bool validPassword = VerifyCurrentUserPassword(originalPassword); if (validPassword) { ChangeUserPasswordResult verifyPass = VerifyPasswordRequirements(newPassword); if (verifyPass != ChangeUserPasswordResult.Success) { result = verifyPass; } else { User user = _dbcontext.GetUserByGUID(_currentUser.GUID); UserEncrypedData newEncryptedData = _masterPassword.GenerateNewUserEncryptedDataFromPassword(newPassword); User newUser = new User( user.GUID, _encryptDecrypt.Encrypt(_currentUser.PlainTextRandomKey, newPassword), // Encrypt the random key with the users password user.Username, newEncryptedData.Iterations.ToString(CultureInfo.CurrentCulture), newEncryptedData.Salt, newEncryptedData.Hash, user.FirstName, user.LastName, user.PhoneNumber, user.Email ); if (_dbcontext.ModifyUser(user, newUser)) { result = ChangeUserPasswordResult.Success; } else { result = ChangeUserPasswordResult.Failed; } } } } else { result = ChangeUserPasswordResult.PasswordsDoNotMatch; } } return(result); }
/*************************************************************************************************/ public void DisplayChangePasswordResult(ChangeUserPasswordResult result) { switch (result) { case ChangeUserPasswordResult.Failed: statusLabel.Text = "Failed!"; break; case ChangeUserPasswordResult.PasswordsDoNotMatch: statusLabel.Text = "Passwords do not match!"; statusLabel.ForeColor = Color.Red; break; case ChangeUserPasswordResult.LengthRequirementNotMet: statusLabel.Text = "Passwords do not match!"; statusLabel.ForeColor = Color.Red; break; case ChangeUserPasswordResult.NoLowerCaseCharacter: statusLabel.Text = "Passwords do not match!"; statusLabel.ForeColor = Color.Red; break; case ChangeUserPasswordResult.NoNumber: statusLabel.Text = "Passwords do not match!"; statusLabel.ForeColor = Color.Red; break; case ChangeUserPasswordResult.NoSpecialCharacter: statusLabel.Text = "Passwords do not match!"; statusLabel.ForeColor = Color.Red; break; case ChangeUserPasswordResult.NoUpperCaseCharacter: statusLabel.Text = "Passwords do not match!"; statusLabel.ForeColor = Color.Red; break; case ChangeUserPasswordResult.Success: ClearChangePasswordView(); this.Close(); break; } }
/*************************************************************************************************/ private ChangeUserPasswordResult VerifyPasswordRequirements(string passphrase) { ChangeUserPasswordResult result = ChangeUserPasswordResult.Success; bool isNotEmptyOrNull = true; bool containsNumber = false; bool containsLowerCase = false; bool containsUpperCase = false; if (string.IsNullOrEmpty(passphrase)) { isNotEmptyOrNull = false; return(ChangeUserPasswordResult.Failed); } if (passphrase.Length >= MAXIMUM_PASSWORD_LENGTH) { result = ChangeUserPasswordResult.Failed; } if (passphrase.Length <= MINIMUM_PASSWORD_LENGTH) { result = ChangeUserPasswordResult.LengthRequirementNotMet; } if (isNotEmptyOrNull) { foreach (var character in passphrase) { if (char.IsUpper(character)) { containsUpperCase = true; } else if (char.IsLower(character)) { containsLowerCase = true; } else if (char.IsDigit(character)) { containsNumber = true; } } } if (!containsLowerCase) { result = ChangeUserPasswordResult.NoLowerCaseCharacter; } if (!containsUpperCase) { result = ChangeUserPasswordResult.NoUpperCaseCharacter; } if (!containsNumber) { result = ChangeUserPasswordResult.NoNumber; } if (!System.Text.RegularExpressions.Regex.IsMatch(passphrase, @"[!@#$%^&*()_+=\[{\]};:<>|./?,-]")) { result = ChangeUserPasswordResult.NoSpecialCharacter; } return(result); }
/*************************************************************************************************/ public CreateUserResult CreateNewUser(User user) { CreateUserResult createUserResult = CreateUserResult.Failed; if (user != null) { User queryResult = _dbcontext.GetUserByUsername(user.Username); if (queryResult != null) { createUserResult = CreateUserResult.UsernameTaken; } else { UserInformationResult verifyUser = VerifyUserInformation(user); ChangeUserPasswordResult verifyPassword = VerifyPasswordRequirements(user.PlainTextPassword); // Verify that username and password pass requirements if (!VerifyUsernameRequirements(user.Username)) { createUserResult = CreateUserResult.UsernameNotValid; } else if (verifyPassword != ChangeUserPasswordResult.Success) { switch (verifyPassword) { case ChangeUserPasswordResult.Failed: createUserResult = CreateUserResult.PasswordNotValid; break; case ChangeUserPasswordResult.LengthRequirementNotMet: createUserResult = CreateUserResult.LengthRequirementNotMet; break; case ChangeUserPasswordResult.NoLowerCaseCharacter: createUserResult = CreateUserResult.NoLowerCaseCharacter; break; case ChangeUserPasswordResult.NoNumber: createUserResult = CreateUserResult.NoNumber; break; case ChangeUserPasswordResult.NoSpecialCharacter: createUserResult = CreateUserResult.NoSpecialCharacter; break; case ChangeUserPasswordResult.NoUpperCaseCharacter: createUserResult = CreateUserResult.NoUpperCaseCharacter; break; case ChangeUserPasswordResult.PasswordsDoNotMatch: createUserResult = CreateUserResult.PasswordNotValid; break; default: createUserResult = CreateUserResult.PasswordNotValid; break; } } else if (verifyUser != UserInformationResult.Success) { switch (verifyUser) { case UserInformationResult.InvalidEmail: createUserResult = CreateUserResult.EmailNotValid; break; case UserInformationResult.InvalidFirstName: createUserResult = CreateUserResult.FirstNameNotValid; break; case UserInformationResult.InvalidLastName: createUserResult = CreateUserResult.LastNameNotValid; break; case UserInformationResult.InvalidPhoneNumber: createUserResult = CreateUserResult.PhoneNumberNotValid; break; case UserInformationResult.Failed: createUserResult = CreateUserResult.Failed; break; } } else { createUserResult = CreateUserResult.Successful; UserEncrypedData newEncryptedData = _masterPassword.GenerateNewUserEncryptedDataFromPassword(user.PlainTextPassword); User newUser = new User( newEncryptedData.UniqueGUID, // Leave unique guid in plaintext _encryptDecrypt.Encrypt(newEncryptedData.RandomGeneratedKey, user.PlainTextPassword), // Encrypt the random key with the users password user.Username, // Leave username in plaintext newEncryptedData.Iterations.ToString(CultureInfo.CurrentCulture), // Leave iterations in plaintext newEncryptedData.Salt, newEncryptedData.Hash, _encryptDecrypt.Encrypt(user.FirstName, newEncryptedData.RandomGeneratedKey), // Encrypt with decrypted random key _encryptDecrypt.Encrypt(user.LastName, newEncryptedData.RandomGeneratedKey), // Encrypt with decrypted random key _encryptDecrypt.Encrypt(user.PhoneNumber, newEncryptedData.RandomGeneratedKey), // Encrypt with decrypted random key _encryptDecrypt.Encrypt(user.Email, newEncryptedData.RandomGeneratedKey) // Encrypt with decrypted random key ); _dbcontext.AddUser(newUser); } } } return(createUserResult); }
/*************************************************************************************************/ private void ModifyPassword(string originalPassword, string password, string confirmPassword) { ChangeUserPasswordResult passresult = _passwordService.ChangeUserPassword(originalPassword, password, confirmPassword); _changePasswordView.DisplayChangePasswordResult(passresult); }