protected void SubmitButton_Click(object sender, EventArgs e) { if (Page.IsValid) { //VERIFY THE NEW PASSWORD MEETS POLICY PasswordPolicy policy; if (_User.IsAdmin) { policy = new MerchantPasswordPolicy(); } else { policy = new CustomerPasswordPolicy(); } PasswordTestResult result = policy.TestPasswordWithFeedback(_User, Password.Text); if ((result & PasswordTestResult.Success) == PasswordTestResult.Success) { _User.SetPassword(Password.Text); _User.Comment = string.Empty; _User.Save(); CommerceBuilder.Users.User.Migrate(AbleContext.Current.User, _User); FormsAuthentication.SetAuthCookie(_User.UserName, false); Response.Redirect(AbleCommerce.Code.NavigationHelper.GetHomeUrl()); } else { //Your password did not meet the following minimum requirements if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort) { AddPasswordValidator("Password length must be at least " + policy.MinLength.ToString() + " characters."); } if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower) { AddPasswordValidator("Password must contain at least one lowercase letter.<br/>"); } if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper) { AddPasswordValidator("Password must contain at least one uppercase letter.<br/> "); } if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha) { AddPasswordValidator("Password must contain at least one non-letter.<br/> "); } if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber) { AddPasswordValidator("Password must contain at least one number.<br/> "); } if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol) { AddPasswordValidator("Password must contain at least one symbol.<br/> "); } if ((result & PasswordTestResult.PasswordHistoryLimitation) == PasswordTestResult.PasswordHistoryLimitation) { AddPasswordValidator("You have recently used this password.<br/>"); } } } }
/// <summary> /// Validates the password against the effective policy /// </summary> /// <returns>True if the password is valid, false if it does not meet the policy requirements.</returns> private bool ValidatePassword() { // GET THE INITIAL GROUP SO WE CAN DETERMINE PASSWORD POLICY TO EMPLOY int groupId = AlwaysConvert.ToInt(AddGroup.SelectedValue); CommerceBuilder.Users.Group group = GroupDataSource.Load(groupId); // LOAD THE APPROPRIATE PASSWORD POLICY PasswordPolicy policy; if (IsAdminGroup(group)) { policy = new MerchantPasswordPolicy(); } else { policy = new CustomerPasswordPolicy(); } PasswordTestResult result = policy.TestPasswordWithFeedback(null, AddPassword.Text); if ((result & PasswordTestResult.Success) != PasswordTestResult.Success) { // THE PASSWORD DOES NOT MEET THE POLICY if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort) { AddCustomValidationError(phPasswordValidation, AddPassword, "Password length must be at least " + policy.MinLength.ToString() + " characters."); } if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper) { AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one uppercase character."); } if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower) { AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one lowercase character."); } if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber) { AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one number."); } if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol) { AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one symbol (e.g. underscore or punctuation)"); } if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol) { AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one symbol (e.g. underscore or punctuation)"); } if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha) { AddCustomValidationError(phPasswordValidation, AddPassword, "Password must contain at least one non-alphabetic character"); } return(false); } return(true); }
private PasswordTestResult UpdatePasswordTestResult(PasswordTestResult oldResult, PasswordTestResult newResult) { if ((oldResult & PasswordTestResult.Success) == PasswordTestResult.Success) { return(newResult); } else { return(oldResult | newResult); } }
protected bool EnforcePasswordPolicy() { // DETERMINE THE APPROPRIATE POLICY FOR THE USER PasswordPolicy policy; if (_User.IsAdmin) { policy = new MerchantPasswordPolicy(); } else { policy = new CustomerPasswordPolicy(); } // CHECK IF PASSWORD MEETS POLICY PasswordTestResult result = policy.TestPasswordWithFeedback(NewPassword.Text.Trim()); if ((result & PasswordTestResult.Success) == PasswordTestResult.Success) { return(true); } // PASSWORD DOES NOT MEET POLICY StringBuilder newErrorMessage = new StringBuilder(); newErrorMessage.Append(PasswordPolicyValidator.ErrorMessage + "<ul>"); if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort) { newErrorMessage.Append("<li>New password length must be at least " + policy.MinLength.ToString() + " characters.</li>"); } if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower) { newErrorMessage.Append("<li>New password must contain at least one lowercase letter.<li>"); } if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper) { newErrorMessage.Append("<li>New password must contain at least one uppercase letter.</li>"); } if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha) { newErrorMessage.Append("<li>New password must contain at least one non-letter.</li>"); } if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber) { newErrorMessage.Append("<li>New password must contain at least one number.</li> "); } if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol) { newErrorMessage.Append("<li>New password must contain at least one symbol.</li>"); } PasswordPolicyValidator.ErrorMessage = newErrorMessage.ToString() + "</ul>"; PasswordPolicyValidator.IsValid = false; return(false); }
/// <summary> /// Tests a user new password to see if it conforms with the rules established by the policy. /// </summary> /// <param name="user">user</param> /// <param name="password">password to test</param> /// <returns>PasswordTestResult flag indicating the test result</returns> public PasswordTestResult TestPasswordWithFeedback(User user, string password) { PasswordTestResult result = PasswordTestResult.Success; if (password.Length < this.MinLength) { result = UpdatePasswordTestResult(result, PasswordTestResult.PasswordTooShort); } if ((this.RequireUpper) && (!Regex.IsMatch(password, "[A-Z]"))) { result = UpdatePasswordTestResult(result, PasswordTestResult.RequireUpper); } if ((this.RequireLower) && (!Regex.IsMatch(password, "[a-z]"))) { result = UpdatePasswordTestResult(result, PasswordTestResult.RequireLower); } if ((this.RequireNumber) && (!Regex.IsMatch(password, "[0-9]"))) { result = UpdatePasswordTestResult(result, PasswordTestResult.RequireNumber); } if ((this.RequireSymbol) && (!Regex.IsMatch(password, "[^0-9a-zA-Z]"))) { result = UpdatePasswordTestResult(result, PasswordTestResult.RequireSymbol); } if ((this.RequireNonAlpha) && (!Regex.IsMatch(password, "[^a-zA-Z]"))) { result = UpdatePasswordTestResult(result, PasswordTestResult.RequireNonAlpha); } if (user != null) { //VERIFY THE GIVEN PASSWORD DOES NOT EXIST IN HISTORY DateTime historyExpirationDate = LocaleHelper.LocalNow.AddDays(-1 * this.HistoryDays); foreach (UserPassword oldPassword in user.Passwords) { if ((oldPassword.PasswordNumber - 1) <= this.HistoryCount) { if ((this.HistoryDays == 0) || (historyExpirationDate <= oldPassword.CreateDate)) { if (oldPassword.VerifyPassword(password)) { result = UpdatePasswordTestResult(result, PasswordTestResult.PasswordHistoryLimitation); } } } } } return(result); }
protected void SaveButton_Click(object sender, EventArgs e) { if (Page.IsValid) { User user = AbleContext.Current.User; string currentUserName = user.UserName; // VALIDATE THE PASSWORD IF THIS IS NOT AN ANONYMOUS USER bool validPassword; if (!user.IsAnonymousOrGuest) { validPassword = Membership.ValidateUser(currentUserName, CurrentPassword.Text); if (!validPassword) { InvalidPassword.IsValid = false; return; } } else { validPassword = true; } // VALIDATE NEW PASSWORD AGASINT POLICY if (Password.Text.Length > 0) { PasswordPolicy policy; if (user.IsAdmin) { policy = new MerchantPasswordPolicy(); } else { policy = new CustomerPasswordPolicy(); } PasswordTestResult result = policy.TestPasswordWithFeedback(user, Password.Text); if ((result & PasswordTestResult.Success) != PasswordTestResult.Success) { PasswordPolicyValidator.ErrorMessage += "<UL>"; if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort) { AddPwdValidationError(string.Format(PasswordPolicyLength.Text, policy.MinLength)); } if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower) { AddPwdValidationError("New password must contain at least one lowercase letter."); } if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper) { AddPwdValidationError("New password must contain at least one uppercase letter. "); } if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha) { AddPwdValidationError("New password must contain at least one non-letter."); } if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber) { AddPwdValidationError("New password must contain at least one number."); } if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol) { AddPwdValidationError("New password must contain at least one symbol."); } if ((result & PasswordTestResult.PasswordHistoryLimitation) == PasswordTestResult.PasswordHistoryLimitation) { AddPwdValidationError("You have recently used this password."); } PasswordPolicyValidator.ErrorMessage += "</UL>"; PasswordPolicyValidator.IsValid = false; return; } } else if (user.IsAnonymousOrGuest) { // PASSWORD IS REQUIRED FOR NEW ANONYMOUS ACCOUNTS PasswordRequiredValidator.IsValid = false; return; } // IF USERNAME IS CHANGED, VALIDATE THE NEW NAME IS AVAILABLE string newUserName = UserName.Text.Trim(); bool userNameChanged = (currentUserName != newUserName); if (userNameChanged) { // CHECK IF THERE IS ALREADY A USER WITH DESIRED USERNAME if (UserDataSource.GetUserIdByUserName(newUserName) > 0) { // A USER ALREADY EXISTS WITH THAT NAME phUserNameUnavailable.Visible = true; return; } } // OPT-OUT REVIEW REMINDERS user.Settings.OptOutReviewReminders = !ReviewReminders.Checked; // UPDATE THE USER RECORD WITH NEW VALUES user.Email = Email.Text.Trim(); user.PrimaryAddress.Email = user.Email; user.UserName = newUserName; user.Save(); // RESET AUTH COOKIE WITH NEW USERNAME IF NEEDED if (userNameChanged) { FormsAuthentication.SetAuthCookie(newUserName, false); } // UPDATE PASSWORD IF INDICATED if (Password.Text.Length > 0) { user.SetPassword(Password.Text); } // UPDATE MAILING PREFERENCES if (phEmailLists.Visible) { UpdateEmailLists(); } // DISPLAY RESULT SavedMessage.Visible = true; } }
protected void SaveButton_Click(object sender, EventArgs e) { if (Page.IsValid) { User user = AbleContext.Current.User; string currentUserName = user.UserName; // VALIDATE THE PASSWORD IF THIS IS NOT AN ANONYMOUS USER bool validPassword; if (!user.IsAnonymousOrGuest) { validPassword = Membership.ValidateUser(currentUserName, CurrentPassword.Text); if (!validPassword) { InvalidPassword.IsValid = false; return; } } else { validPassword = true; } // VALIDATE NEW PASSWORD AGASINT POLICY if (Password.Text.Length > 0) { PasswordPolicy policy; if (user.IsAdmin) { policy = new MerchantPasswordPolicy(); } else { policy = new CustomerPasswordPolicy(); } PasswordTestResult result = policy.TestPasswordWithFeedback(user, Password.Text); if ((result & PasswordTestResult.Success) != PasswordTestResult.Success) { PasswordPolicyValidator.ErrorMessage += "<UL>"; if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort) { AddPwdValidationError(string.Format(PasswordPolicyLength.Text, policy.MinLength)); } if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower) { AddPwdValidationError("New password must contain at least one lowercase letter."); } if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper) { AddPwdValidationError("New password must contain at least one uppercase letter. "); } if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha) { AddPwdValidationError("New password must contain at least one non-letter."); } if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber) { AddPwdValidationError("New password must contain at least one number."); } if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol) { AddPwdValidationError("New password must contain at least one symbol."); } if ((result & PasswordTestResult.PasswordHistoryLimitation) == PasswordTestResult.PasswordHistoryLimitation) { AddPwdValidationError("You have recently used this password."); } PasswordPolicyValidator.ErrorMessage += "</UL>"; PasswordPolicyValidator.IsValid = false; return; } } else if (user.IsAnonymousOrGuest) { // PASSWORD IS REQUIRED FOR NEW ANONYMOUS ACCOUNTS PasswordRequiredValidator.IsValid = false; return; } // UPDATE THE USER RECORD WITH NEW VALUES user.Save(); // UPDATE PASSWORD IF INDICATED if (Password.Text.Length > 0) { user.SetPassword(Password.Text); } // DISPLAY RESULT ConfirmationMsg.Visible = true; } }
protected void ChangePasswordButton_Click(object sender, EventArgs e) { if (Page.IsValid) { //VERIFY THE GIVEN USERNAME IS VALID User user = UserDataSource.LoadForUserName(UserName.Text); if ((user != null) && !string.IsNullOrEmpty(UserName.Text) && !string.IsNullOrEmpty(_LastPasswordValue)) { //VERIFY CURRENT PASSWORD IS CORRECT if (Membership.ValidateUser(UserName.Text, _LastPasswordValue)) { //VERIFY THE NEW PASSWORD MEETS POLICY MerchantPasswordPolicy policy = new MerchantPasswordPolicy(); PasswordTestResult result = policy.TestPasswordWithFeedback(user, NewPassword.Text); if ((result & PasswordTestResult.Success) == PasswordTestResult.Success && !NewPassword.Text.Equals(_LastPasswordValue)) { // PASSWORD CHANGE SUCCEEDED, REDIRECT TO THE MERCHANT ADMIN user.SetPassword(NewPassword.Text); FormsAuthentication.SetAuthCookie(UserName.Text, false); Response.Redirect("~/Admin/Default.aspx"); } else { //REDISPLAY THE PASSWORD REQUIREMENST ShowPasswordExpired(); //"Your new password did not meet the following minimum requirements:<br/>"; if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort) { AddPasswordExpiredValidator(string.Format(PasswordPolicyLength.Text, policy.MinLength)); } if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower) { AddPasswordExpiredValidator("New password must contain at least one lowercase letter.<br/>"); } if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper) { AddPasswordExpiredValidator("New password must contain at least one uppercase letter.<br/> "); } if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha) { AddPasswordExpiredValidator("New password must contain at least one non-letter.<br/> "); } if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber) { AddPasswordExpiredValidator("New password must contain at least one number.<br/> "); } if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol) { AddPasswordExpiredValidator("New password must contain at least one symbol.<br/> "); } if ((result & PasswordTestResult.PasswordHistoryLimitation) == PasswordTestResult.PasswordHistoryLimitation) { AddPasswordExpiredValidator("You have recently used this password.<br/>"); } if (NewPassword.Text.Equals(_LastPasswordValue)) { AddPasswordExpiredValidator("You new password must be different from your current password.<br/>"); } } } } } }
public async Task <ActionResult> Do(PasswordChangeRequestModel model) { try { this.rateLimiter.ThrowOnRateLimitExceeded(model.UserName, this.Request); if (!this.ModelState.IsValid) { return(this.View(model)); } if (model.NewPassword != model.ConfirmNewPassword) { this.ModelState.AddModelError(nameof(model.ConfirmNewPassword), Resources.UIMessages.PasswordsDoNotMatch); return(this.View(model)); } PasswordTestResult result = await this.passwordManager.TestPassword(model.UserName, model.NewPassword).ConfigureAwait(false); if (result.Code != PasswordTestResultCode.Approved) { this.ModelState.AddModelError(nameof(model.ConfirmNewPassword), result.ToString()); return(this.View(model)); } await this.ChangePassword(model.UserName, model.CurrentPassword, model.NewPassword).ConfigureAwait(false); model.Success = true; if (model.Redirect != null) { if (this.ValidRedirectUri(model.Redirect)) { return(new RedirectResult(model.Redirect)); } else { model.Redirect = null; } } return(this.View("Success")); } catch (NotFoundException) { Logger.Error($"The password change attempt for user {model.UserName} failed because the user was not found in the directory"); this.ModelState.AddModelError(nameof(model.CurrentPassword), Resources.UIMessages.InvalidUserOrPassword); return(this.View(model)); } catch (PasswordIncorrectException) { Logger.Error($"The password change attempt for user {model.UserName} failed because the current password was incorrect"); this.ModelState.AddModelError(nameof(model.CurrentPassword), Resources.UIMessages.InvalidUserOrPassword); return(this.View(model)); } catch (PasswordDoesNotMeetPolicyException) { Logger.Error($"The password change attempt for user {model.UserName} failed because AD rejected the password change"); this.ModelState.AddModelError(nameof(model.ConfirmNewPassword), Resources.UIMessages.PasswordRejectedByAdPolicy); return(this.View(model)); } catch (RateLimitExceededException ex) { Logger.Error(ex.Message); return(this.View("RateLimitExceeded")); } catch (Exception ex) { Logger.Error(ex, "An unhandled exception occurred when attempting the password change"); this.ModelState.AddModelError(nameof(model.ConfirmNewPassword), Resources.UIMessages.UnhandledError); return(this.View(model)); } }
protected void ChangePasswordButton_Click(object sender, EventArgs e) { if (Page.IsValid) { //VERIFY CURRENT PASSWORD IS CORRECT User u = AbleContext.Current.User; if (u.CheckPassword(CurrentPassword.Text)) { //VERIFY THE NEW PASSWORD MEETS POLICY PasswordPolicy policy = new MerchantPasswordPolicy(); PasswordTestResult result = policy.TestPasswordWithFeedback(u, NewPassword.Text); if ((result & PasswordTestResult.Success) == PasswordTestResult.Success) { u.SetPassword(NewPassword.Text); ShowChangePassword.Visible = false; ChangePasswordPanel.Visible = false; PasswordChangedMessage.Visible = true; } else { if (CurrentPassword.Text.Equals(NewPassword.Text)) { AddPasswordValidator("Your new password is the same as your current password."); } else { //"Your new password did not meet the following minimum requirements:<br/>"; if ((result & PasswordTestResult.PasswordTooShort) == PasswordTestResult.PasswordTooShort) { AddPasswordValidator(string.Format(PasswordPolicyLength.Text, policy.MinLength)); } if ((result & PasswordTestResult.RequireLower) == PasswordTestResult.RequireLower) { AddPasswordValidator("New password must contain at least one lowercase letter.<br/>"); } if ((result & PasswordTestResult.RequireUpper) == PasswordTestResult.RequireUpper) { AddPasswordValidator("New password must contain at least one uppercase letter.<br/> "); } if ((result & PasswordTestResult.RequireNonAlpha) == PasswordTestResult.RequireNonAlpha) { AddPasswordValidator("New password must contain at least one non-letter.<br/> "); } if ((result & PasswordTestResult.RequireNumber) == PasswordTestResult.RequireNumber) { AddPasswordValidator("New password must contain at least one number.<br/> "); } if ((result & PasswordTestResult.RequireSymbol) == PasswordTestResult.RequireSymbol) { AddPasswordValidator("New password must contain at least one symbol.<br/> "); } if ((result & PasswordTestResult.PasswordHistoryLimitation) == PasswordTestResult.PasswordHistoryLimitation) { AddPasswordValidator("You have recently used this password.<br/>"); } } ChangePasswordPanel.Visible = true; ShowChangePassword.Visible = false; } } else { CustomValidator validator = new CustomValidator(); validator.ErrorMessage = "You did not type your current password correctly."; validator.Text = "*"; validator.IsValid = false; validator.ValidationGroup = "UserStatus"; phCustomValidator.Controls.Add(validator); ChangePasswordPanel.Visible = true; ShowChangePassword.Visible = false; } } }