/// <summary>
/// Resetira lozinku tako da izgenerira slucajan znakovni niz uz ispravan
/// odgovor.
/// </summary>
/// <param name="passwordAnswer">odgovor na pitanje</param>
/// <param name="minPasswordLenght">minimalna duljina lozinke</param>
/// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param>
/// <returns></returns>
public virtual string ResetPassword(string passwordAnswer, int minPasswordLenght, IPasswordCoder passwordCoder)
{
if (passwordFormat != passwordCoder.PasswordFormat) {
throw new ArgumentException("PasswordCoder isn't suited for this password.");
}
if(IsLockedOut) {
return null;
}
if(ComparePasswordAnswerTo(passwordAnswer, passwordCoder)) {
return ResetPassword(minPasswordLenght, passwordCoder);
} else {
IncrementFailedPasswordAnswerAttemptCount();
return null;
}
}
/// <summary>
/// Resetira lozinku tako da izgenerira slucajan znakovni niz
/// </summary>
/// <param name="minPasswordLenght">minimalna duljina lozinke</param>
/// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param>
/// <returns>nova izgenerirana lozinka, null ako resetiranje nije uspjelo</returns>
public virtual string ResetPassword(int minPasswordLenght, IPasswordCoder passwordCoder)
{
if (passwordFormat != passwordCoder.PasswordFormat) {
throw new ArgumentException("PasswordCoder isn't suited for this password.");
}
if(IsLockedOut) {
return null;
}
var passwordLenght = minPasswordLenght <= SYSTEM_GENERATED_PASSWORD_LENGHT
? SYSTEM_GENERATED_PASSWORD_LENGHT
: minPasswordLenght;
var newPassword = generateRandomString(passwordLenght, NBR_OF_NON_ALPHANUMBERIC_CHARACTERS);
password = Encode(newPassword, passwordCoder);
return newPassword;
}
/// <summary>
/// Dohvaca lozinku u plain-textu ukoliko je to moguce (ako nije hashirana).
/// Metoda baca ArgumentException iznimku ukoliko koder ne odgovara formatu lozinke, te
/// baca NotSupportedException ukoliko je lozinka hashirana.
/// </summary>
/// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka moze dekodirati</param>
/// <returns>loznka u plain-textu ukoliko korisnik nije zakljucan, inace null</returns>
public virtual string GetPassword(IPasswordCoder passwordCoder)
{
if(passwordFormat != passwordCoder.PasswordFormat) {
throw new ArgumentException("PasswordCoder isn'd suited for this password.");
}
if(passwordFormat == MembershipPasswordFormat.Hashed) {
throw new NotSupportedException("For hashed password retreival isn't supported.");
}
return !IsLockedOut
? Encoding.Default.GetString(passwordCoder.Decode(Convert.FromBase64String(password)))
: null;
}
/// <summary>
/// Dohvaca lozinku u plain-textu ukoliko je to moguce i ukoliko je predan
/// ispravan odgovor.
/// Metoda baca ArgumentException iznimku ukoliko koder ne odgovara formatu lozinke, te
/// baca NotSupportedExcepton ukoliko je lozinka hashirana.
/// </summary>
/// <param name="otherPasswordAnswer">odgovor za dohvacanje lozinke</param>
/// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka moze dekodirati</param>
/// <returns>loznka u plain-textu ukoliko je dohvacanje uspjesno, inace null</returns>
public virtual string GetPassword(string otherPasswordAnswer, IPasswordCoder passwordCoder)
{
if (passwordFormat != passwordCoder.PasswordFormat) {
throw new ArgumentException("PasswordCoder isn't suited for this password.");
}
if (passwordFormat == MembershipPasswordFormat.Hashed) {
throw new NotSupportedException("For hashed password retreival isn't supported.");
}
if(!IsLockedOut) {
if (ComparePasswordAnswerTo(otherPasswordAnswer, passwordCoder)) {
return GetPassword(passwordCoder);
} else {
IncrementFailedPasswordAnswerAttemptCount();
}
}
return null;
}
/// <summary>
/// Usporeduje zadanu lozinku sa trenutnom lozinkom instance
/// </summary>
/// <param name="otherPassword">lozinka koja se usporeduje s trenutnom lozinkom instance</param>
/// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka moze dekodirati</param>
/// <returns>true ukoliko su lozinke jednake, inace false</returns>
public virtual bool ComparePasswordTo(string otherPassword, IPasswordCoder passwordCoder)
{
if (passwordFormat != passwordCoder.PasswordFormat) {
throw new ArgumentException("PasswordCoder isn't suited for this password.");
}
var encodedPassword = Encode(otherPassword, passwordCoder);
return encodedPassword == password;
}
/// <summary>
/// Kodira lozinku ili odgovor odgovarajucim koderom
/// </summary>
/// <param name="stringForEncoding">string koja se kodira</param>
/// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param>
/// <returns>kodiran string</returns>
public virtual string Encode(string stringForEncoding, IPasswordCoder passwordCoder)
{
if (passwordCoder.PasswordFormat == MembershipPasswordFormat.Hashed) {
if(string.IsNullOrEmpty(passwordSalt)) {
throw new ApplicationException("Password salt can't be null or empty.");
}
var passwordData = calculatePasswordWithSalt(stringForEncoding, passwordSalt);
return Convert.ToBase64String(passwordCoder.Encode(passwordData));
} else {
return Convert.ToBase64String(passwordCoder.Encode(Encoding.Default.GetBytes(stringForEncoding)));
}
}
/// <summary>
/// Mijenja pitanje i odgovor za dohvacanje ili resetiranje lozinke.
/// </summary>
/// <param name="password">trenutna lozinka</param>
/// <param name="newPasswordQuestion">novo pitanje za dohvacanje ili resetiranje lozinke</param>
/// <param name="newPasswordAnswer">novi odgovor na pitanje za dohvacanje ili resetiranje lozinke </param>
/// <returns>true ukoliko je promjena uspjela, false inace</returns>
public virtual bool ChangePasswordQuestionAndAnswer(string password,
string newPasswordQuestion, string newPasswordAnswer, IPasswordCoder passwordCoder)
{
if (passwordFormat != passwordCoder.PasswordFormat) {
throw new ArgumentException("PasswordCoder isn't suited for this password.");
}
if (IsLockedOut) {
return false;
}
if (ComparePasswordTo(password, passwordCoder)) {
passwordQuestion = newPasswordQuestion;
var encodedNewPasswordAnswer = Encode(newPasswordAnswer, passwordCoder);
passwordAnswer = encodedNewPasswordAnswer;
return true;
} else {
IncrementFailedPasswordAttemptCount();
return false;
}
}
/// <summary>
/// Usporeduje zadani odgovor sa trenutnim odgovorom instance
/// </summary>
/// <param name="otherPasswordAnswer">odgovor koji se usporeduje s trenutnim odgovorom instance</param>
/// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka moze dekodirati</param>
/// <returns>true ukoliko su lozinke jednake, inace false</returns>
public virtual bool ComparePasswordAnswerTo(string otherPasswordAnswer, IPasswordCoder passwordCoder)
{
if(string.IsNullOrEmpty(passwordQuestion)) {
throw new InvalidOperationException("Password question and answer aren't set/defined.");
}
if (passwordFormat != passwordCoder.PasswordFormat) {
throw new ArgumentException("PasswordCoder isn't suited for this password.");
}
var encodedPasswordAnswer = Encode(otherPasswordAnswer, passwordCoder);
return encodedPasswordAnswer == passwordAnswer;
}
/// <summary>
/// Postavlja novu lozinku.
/// </summary>
/// <param name="oldPassword">stara lozinka</param>
/// <param name="newPassword">nova lozinka</param>
/// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param>
/// <returns>true ukoliko je promjena uspjela, false inace</returns>
public virtual bool ChangePassword(string oldPassword, string newPassword, IPasswordCoder passwordCoder)
{
if (passwordFormat != passwordCoder.PasswordFormat) {
throw new ArgumentException("PasswordCoder isn't suited for this password.");
}
if (IsLockedOut) {
return false;
}
if (ComparePasswordTo(oldPassword, passwordCoder)) {
password = Encode(newPassword, passwordCoder);
LastPasswordChangedDate = DateTime.Now;
return true;
} else {
IncrementFailedPasswordAttemptCount();
return false;
}
}
/// <summary>
/// Konstruktor
/// </summary>
/// <param name="username">korisnicko ime</param>
/// <param name="password">lozinka</param>
/// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param>
public User(string username, string password, IPasswordCoder passwordCoder)
{
this.userName = username;
roles = new HashedSet<Role>();
passwordFormat = passwordCoder.PasswordFormat;
if(passwordFormat == MembershipPasswordFormat.Hashed) {
passwordSalt = generatePasswordSalt();
}
this.password = Encode(password, passwordCoder);
CreationDate = DateTime.Now.ToUniversalTime();
}
public void SetUp()
{
Mock<IPasswordCoder> passwordCoderMock = new Mock<IPasswordCoder>();
passwordCoderMock.Setup(pc => pc.PasswordFormat).Returns(MembershipPasswordFormat.Clear);
var passwordData = Encoding.Default.GetBytes(password);
passwordCoderMock.Setup(pc => pc.Encode(passwordData))
.Returns(passwordData);
passwordCoderMock.Setup(pc => pc.Decode(passwordData))
.Returns(passwordData);
var fakePasswordData = Encoding.Default.GetBytes(password);
passwordCoderMock.Setup(pc => pc.Encode(fakePasswordData))
.Returns(fakePasswordData);
passwordCoder = passwordCoderMock.Object;
}
/// <summary>
/// Incijalizira i postavlja koder lozinke
/// </summary>
private void setPasswordCoder()
{
switch(passwordFormat) {
case MembershipPasswordFormat.Clear:
passwordCoder = new ClearPassCoder();
break;
case MembershipPasswordFormat.Encrypted:
passwordCoder = new EncryptionPassCoder(EncryptPassword, DecryptPassword);
break;
case MembershipPasswordFormat.Hashed:
// inace bolje je koristiti Membership.HashAlgorithmType, ali zbog toga sto se ova metoda
// poziva u Initialize metodi, informacije iz Membership statickih metoda nisu dosupne (aplikacija puca)
//Configuration cfg = WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);
//MembershipSection membershipSection = (MembershipSection) cfg.GetSection("system.web/membership");
//passwordCoder = new HashPassCoder(HashAlgorithmFactory.Create(membershipSection.HashAlgorithmType));
passwordCoder = new HashPassCoder(HashAlgorithmFactory.Create(Membership.HashAlgorithmType));
break;
default:
throw new ProviderException("Unsupported password format.");
}
}
/// <summary>
/// Konstruktor
/// </summary>
/// <param name="username">korisnicko ime</param>
/// <param name="password">lozinka</param>
/// <param name="passwordCoder">koder lozinke pomocu kojeg se lozinka kodira</param>
public HousingMgmtUser(string username, string password, IPasswordCoder passwordCoder)
: base(username, password, passwordCoder)
{
}
