/// <summary> /// Validates and saves the existing user /// </summary> public static void Update(User user) { if (user.IsNew) { throw new SystemException("This method cannot be used to save new users"); } // Validate standard business object requirements ErrorList errors = ValidateUser(user); // Throw an error if the user fields are not all valid if (errors.Count > 0) { throw new InvalidUserException(errors, user); } // NB: Do not inline as PasswordChanged is reset in SaveUser() bool passwordChanged = user.ChangedProperties.ContainsKey(User.Columns.Password.ToString()); // Save the user SaveUser(user); // Update the password history if the password was changed if (passwordChanged) { PasswordHistory.UpdateUserPasswordHistory(user); } }
public static void ChangePassword(User user, string existingPassword, string newPassword, string newPasswordConfirmation) { // First make sure that the existing password the user has entered is valid if (!user.CheckPassword(existingPassword)) { throw new ChangePasswordException("Old password is incorrect"); } // Ensure that they entered a new password if (StringUtils.IsBlank(newPassword)) { throw new ChangePasswordException("New password cannot be blank"); } // Ensure that the new password and confirm new password match if (newPassword.Trim() != newPasswordConfirmation.Trim()) { throw new ChangePasswordException("New password does not match confirmed password"); } // Ensure that the user has not used the new password recently if (PasswordHistory.IsRecentPassword(user, newPassword)) { throw new ChangePasswordException("New password has been used recently and cannot be used again"); } // Validate the new password, ensuring it meets all password criteria ErrorList e = PasswordGenerator.ValidatePassword(newPassword); if (e.Count > 0) { throw new ChangePasswordException(e[0].ToString()); } // Everything has password. Set the new password and update the user's // password expiry date. Then save the user back to the database. user.SetPassword(newPassword); user.PasswordExpiryDate = DateTime.Now.AddDays(PasswordExpiryDays); User.Update(user); // Update the user's password history (this is so that we can stop the same // password from being used again in future). PasswordHistory.UpdateUserPasswordHistory(user); // Update the audit log AuditLogManager.LogUserAction(user, AuditUserAction.ChangePassword, "Changed password"); }
private static ErrorList ValidateUser(User user) { ErrorList errors = new ErrorList(); if (StringUtils.IsBlank(user.FirstName)) { errors.Add("First name is required"); } if (StringUtils.IsBlank(user.LastName)) { errors.Add("Last name is required"); } if (StringUtils.IsBlank(user.Email)) { errors.Add("Email address is required"); } else if (!StringUtils.IsEmail(user.Email)) { errors.Add("Invalid email address"); } else { Company company = UserSecurityManager.GetCompanyByDomain(user.Email); if (company.IsNull) { switch (RegistrationEmailFormat) { case RegistrationEmailFormatType.InternalUsers: { if (user.IsEmployee && company.IsNull) { errors.Add("Email address is not valid for external users"); } break; } case RegistrationEmailFormatType.AllUsers: { if (company.IsNull) { errors.Add("Email address must belong to approved domain"); } break; } } } else { User u = User.GetByEmail(user.Email); if (!u.IsNull && !u.UserId.Equals(user.UserId)) { errors.Add("Email address is already in use"); } } } if (StringUtils.IsBlank(user.CompanyName)) { errors.Add("Company name is required"); } if (StringUtils.IsBlank(user.Password)) { errors.Add("Password is required"); } if (user.PasswordChanged) { if (user.UnencryptedPassword.Length == 0) { errors.Add("Password confirmation is required"); } else if (user.UnencryptedPassword != user.UnencryptedConfirmPassword) { errors.Add("Password and confirm password do not match"); } else { ErrorList e = PasswordGenerator.ValidatePassword(user.UnencryptedPassword); if (e.Count > 0) { errors.AddRange(e); } else if (!user.IsNew && PasswordHistory.IsRecentPassword(user, user.Password)) { errors.Add("Password has been used recently and cannot be used again"); } } } if (user.Brands.Count == 0) { errors.Add("User must be assigned to at least one brand"); } else { if (user.PrimaryBrandId <= 0) { errors.Add("One brand must be select as the main brand"); } else if (user.Brands.FindIndex(b => b.BrandId == user.PrimaryBrandId) < 0) { errors.Add("The main brand must be selected"); } } if (StringUtils.IsBlank(user.CompanyName)) { errors.Add("Company name is required"); } if (user.UserRoleId == 0) { errors.Add("System Error : User role must be specified"); } if (user.UserRole == UserRole.BrandAdministrator) { // Only one brand admin per business-unit UserFinder finder = new UserFinder { UserRole = UserRole.BrandAdministrator, PrimaryBrandId = user.PrimaryBrandId }; User u = User.FindOne(finder); // Found a user, and user id is different from this user, so don't allow change if (!u.IsNull && !u.UserId.Equals(user.UserId)) { string message = string.Format("The user {0} is already assigned to the Brand Administrator role for the selected brand(s)", u.FullName); errors.Add(message); } } return(errors); }