/// <summary> /// Validates and saves the existing user /// </summary> public static void Update(User user) { if (user.IsNew) { throw new SystemException("This method cannot be used to save new users"); } // Validate standard business object requirements ErrorList errors = ValidateUser(user); // Throw an error if the user fields are not all valid if (errors.Count > 0) { throw new InvalidUserException(errors, user); } // NB: Do not inline as PasswordChanged is reset in SaveUser() bool passwordChanged = user.ChangedProperties.ContainsKey(User.Columns.Password.ToString()); // Save the user SaveUser(user); // Update the password history if the password was changed if (passwordChanged) { PasswordHistory.UpdateUserPasswordHistory(user); } }
public static void ChangePassword(User user, string existingPassword, string newPassword, string newPasswordConfirmation) { // First make sure that the existing password the user has entered is valid if (!user.CheckPassword(existingPassword)) { throw new ChangePasswordException("Old password is incorrect"); } // Ensure that they entered a new password if (StringUtils.IsBlank(newPassword)) { throw new ChangePasswordException("New password cannot be blank"); } // Ensure that the new password and confirm new password match if (newPassword.Trim() != newPasswordConfirmation.Trim()) { throw new ChangePasswordException("New password does not match confirmed password"); } // Ensure that the user has not used the new password recently if (PasswordHistory.IsRecentPassword(user, newPassword)) { throw new ChangePasswordException("New password has been used recently and cannot be used again"); } // Validate the new password, ensuring it meets all password criteria ErrorList e = PasswordGenerator.ValidatePassword(newPassword); if (e.Count > 0) { throw new ChangePasswordException(e[0].ToString()); } // Everything has password. Set the new password and update the user's // password expiry date. Then save the user back to the database. user.SetPassword(newPassword); user.PasswordExpiryDate = DateTime.Now.AddDays(PasswordExpiryDays); User.Update(user); // Update the user's password history (this is so that we can stop the same // password from being used again in future). PasswordHistory.UpdateUserPasswordHistory(user); // Update the audit log AuditLogManager.LogUserAction(user, AuditUserAction.ChangePassword, "Changed password"); }