public string GeneratePasswordResetToken(GeneratePasswordResetTokenParameters parameters) { if (parameters == null) { throw new ClientException("It is not allowed to call this authentication service method with no parameters provided."); } _logger.Trace(() => "GeneratePasswordResetToken: " + parameters.UserName); CheckPermissions(AuthenticationServiceClaims.GeneratePasswordResetTokenClaim); parameters.Validate(); return(GeneratePasswordResetTokenInternal(parameters)); }
public void SendPasswordResetToken(SendPasswordResetTokenParameters parameters) { if (parameters == null) { throw new ClientException("It is not allowed to call this authentication service method with no parameters provided."); } _logger.Trace("SendPasswordResetToken " + parameters.UserName); parameters.Validate(); const string logErrorFormat = "SendPasswordResetToken failed for {0}: {1}"; try { string passwordResetToken; try { var tokenParameters = new GeneratePasswordResetTokenParameters { UserName = parameters.UserName, TokenExpirationInMinutesFromNow = Int32.Parse(ConfigUtility.GetAppSetting("AspNetFormsAuth.SendPasswordResetToken.ExpirationInMinutes") ?? "1440") }; passwordResetToken = GeneratePasswordResetTokenInternal(tokenParameters); } // Providing an error information to the client might be a security issue, because this method allows anonymous access. catch (UserException ex) { _logger.Trace(logErrorFormat, parameters.UserName, ex); return; } catch (ClientException ex) { _logger.Info(logErrorFormat, parameters.UserName, ex); return; } // The plugin may choose it's own client error messages (UserException and ClientException will not be suppressed). _sendPasswordResetTokenPlugin.Value.SendPasswordResetToken(parameters.UserName, parameters.AdditionalClientInfo, passwordResetToken); } catch (Exception ex) { if (ex is UserException || ex is ClientException) { ExceptionsUtility.Rethrow(ex); } // Don't return an internal error to the client. Log it and return a generic error message: _logger.Error(logErrorFormat, parameters.UserName, ex); throw new FrameworkException(FrameworkException.GetInternalServerErrorMessage(_localizer, ex)); } }
private string GeneratePasswordResetTokenInternal(GeneratePasswordResetTokenParameters parameters) { if (!WebSecurity.UserExists(parameters.UserName)) // Providing this information is not a security issue, because this method requires admin credentials (GeneratePasswordResetTokenClaim). { throw new UserException("User '{0}' is not registered.", new[] { parameters.UserName }, null, null); } if (!IsAccountCreated(parameters.UserName)) { _logger.Trace(() => "GeneratePasswordResetTokenInternal creating security account: " + parameters.UserName); WebSecurity.CreateAccount(parameters.UserName, Guid.NewGuid().ToString()); } return(parameters.TokenExpirationInMinutesFromNow != 0 ? WebSecurity.GeneratePasswordResetToken(parameters.UserName, parameters.TokenExpirationInMinutesFromNow) : WebSecurity.GeneratePasswordResetToken(parameters.UserName, GeneratePasswordResetTokenParameters.DefaultTokenExpirationInMinutes)); }
public void SendPasswordResetToken(SendPasswordResetTokenParameters parameters) { if (parameters == null) throw new ClientException("It is not allowed to call this authentication service method with no parameters provided."); _logger.Trace("SendPasswordResetToken " + parameters.UserName); parameters.Validate(); const string logErrorFormat = "SendPasswordResetToken failed for {0}: {1}"; try { string passwordResetToken; try { var tokenParameters = new GeneratePasswordResetTokenParameters { UserName = parameters.UserName, TokenExpirationInMinutesFromNow = Int32.Parse(ConfigUtility.GetAppSetting("AspNetFormsAuth.SendPasswordResetToken.ExpirationInMinutes") ?? "1440") }; passwordResetToken = GeneratePasswordResetTokenInternal(tokenParameters); } // Providing an error information to the client might be a security issue, because this method allows anonymous access. catch (UserException ex) { _logger.Trace(logErrorFormat, parameters.UserName, ex); return; } catch (ClientException ex) { _logger.Info(logErrorFormat, parameters.UserName, ex); return; } // The plugin may choose it's own client error messages (UserException and ClientException will not be suppressed). _sendPasswordResetTokenPlugin.Value.SendPasswordResetToken(parameters.UserName, parameters.AdditionalClientInfo, passwordResetToken); } catch (Exception ex) { if (ex is UserException || ex is ClientException) ExceptionsUtility.Rethrow(ex); _logger.Error(logErrorFormat, parameters.UserName, ex); throw new FrameworkException("Internal server error occurred. See RhetosServer.log for more information."); } }
private string GeneratePasswordResetTokenInternal(GeneratePasswordResetTokenParameters parameters) { if (!WebSecurity.UserExists(parameters.UserName)) // Providing this information is not a security issue, because this method requires admin credentials (GeneratePasswordResetTokenClaim). throw new UserException("User '" + parameters.UserName + "' is not registered."); if (!IsAccountCreated(parameters.UserName)) { _logger.Trace(() => "GeneratePasswordResetTokenInternal creating security account: " + parameters.UserName); WebSecurity.CreateAccount(parameters.UserName, Guid.NewGuid().ToString()); } return parameters.TokenExpirationInMinutesFromNow != 0 ? WebSecurity.GeneratePasswordResetToken(parameters.UserName, parameters.TokenExpirationInMinutesFromNow) : WebSecurity.GeneratePasswordResetToken(parameters.UserName, GeneratePasswordResetTokenParameters.DefaultTokenExpirationInMinutes); }
public string GeneratePasswordResetToken(GeneratePasswordResetTokenParameters parameters) { if (parameters == null) throw new ClientException("It is not allowed to call this authentication service method with no parameters provided."); _logger.Trace(() => "GeneratePasswordResetToken: " + parameters.UserName); CheckPermissions(AuthenticationServiceClaims.GeneratePasswordResetTokenClaim); parameters.Validate(); return GeneratePasswordResetTokenInternal(parameters); }
public async Task <string> GeneratePasswordResetToken([FromBody] GeneratePasswordResetTokenParameters parameters) { ValidateForEmptyParameters(parameters); return(await _authenticationService.GeneratePasswordResetTokenAsync(parameters.UserName)); }