private TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest GetPasswordResetRequest(Guid accountID) { TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordResetRequest = null; //get the user by username first then we can figure out if the password is ok TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordRequestCriteria = new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]) { AccountID = accountID }; TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest searchReturned = new TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]); searchReturned.FillByCriteriaExact(foundPasswordRequestCriteria); if (searchReturned != null && searchReturned.Count > 0) { //there should only be one if (searchReturned.Count == 1) { foundPasswordResetRequest = (TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest)searchReturned[0]; } else { throw new ApplicationException("There should only be one email address with this profile, but there is more than one, contact administrator"); } } return(foundPasswordResetRequest); }
public bool ResetPassword(string username, string email, string passwordResetRequestCode, string newPassword) { bool success = false; //1) Find the passwordResetRequestCode Record if it exists, which gives the account id //2) Get the AccountRecord //3) Update the Password = newPassword and the Deleted flag = true, call update on bo to update in database TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest foundPasswordResetRequest = null; TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest passwordResetSearchCriteria = new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]) { PasswordResetCode = passwordResetRequestCode }; TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest passwordResetSearchReturned = new TestSprocGenerator.Business.SingleTable.Bo.List.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]); passwordResetSearchReturned.FillByCriteriaExact(passwordResetSearchCriteria); if (passwordResetSearchReturned != null && passwordResetSearchReturned.Count > 0) { if (passwordResetSearchReturned.Count == 1) { foundPasswordResetRequest = (TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest)passwordResetSearchReturned[0]; //make sure that the email or username is valid TestSprocGenerator.Business.SingleTable.Bo.Account foundAccount = null; string emailAddress = DetermineEmailGetAccountByEmailOrUsername(username, email, out foundAccount); if (foundAccount != null) { //account is valid if the accountid of the returned record and the password request record accountID match if (foundAccount.AccountID == foundPasswordResetRequest.AccountID) { //TODO: should probably do this in a transaction instead of having the possibility of one of these //failing foundAccount.Deleted = false; foundAccount.AccountPassword = HashSaltHelper.CreatePasswordHash(newPassword, HashSaltHelper.CreateSalt()); foundAccount.Update(); foundPasswordResetRequest.Delete(); success = true; } else { throw new ApplicationException("Email or Username provided does not match the Password Reset Request code record"); } } else { throw new ApplicationException("Email or Username provided is not valid"); } } } return(success); }
private string ProcessPasswordReset(string username, string email) { TestSprocGenerator.Business.SingleTable.Bo.Account foundAccount = null; string emailAddress = DetermineEmailGetAccountByEmailOrUsername(username, email, out foundAccount); string passwordResetRequestCode = null; if (!string.IsNullOrEmpty(emailAddress) && (foundAccount != null)) { bool passwordResetRequestOK = false; //check if a reset request is already in the table, we already have the account by username or email determined TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest passwordResetRequestFound = GetPasswordResetRequest(foundAccount.AccountID); if (passwordResetRequestFound != null) { passwordResetRequestCode = passwordResetRequestFound.PasswordResetCode; passwordResetRequestOK = true; } else { passwordResetRequestCode = GenerateNewPasswordResetCode(); passwordResetRequestOK = InsertNewPasswordResetRequestAndSetAccountDeleted(foundAccount, passwordResetRequestCode); } if (passwordResetRequestOK) { bool emailOK = EmailPasswordResetRequestCode(foundAccount, emailAddress, passwordResetRequestCode); if (!emailOK) { throw new ApplicationException("Error sending email for password Reset, Account is Disabled, please try password reset request later and contact Administrator"); } } else { throw new ApplicationException("Error processing Password Reset, contact administrator"); } //if no request already present then generate random reset password code, //determine the email (which we do in both cases anyway), insert a record into the table, //set the account to deleted = true (basically disabled) then finally email the code to the email address determined } else { throw new ApplicationException("Cannot determine email address password and or Account, reset not possible without it"); } return(passwordResetRequestCode); }
private bool InsertNewPasswordResetRequestAndSetAccountDeleted(TestSprocGenerator.Business.SingleTable.Bo.Account foundAccount, string passwordResetRequestCode) { bool success = false; AccountDataAccess dataAccess = new AccountDataAccess(); TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest passwordResetRequest = new TestSprocGenerator.Business.SingleTable.Bo.PasswordResetRequest(_smoSettings[CONNECTION_STRING_NAME]); passwordResetRequest.PasswordResetRequestID = Guid.NewGuid(); passwordResetRequest.AccountID = foundAccount.AccountID; passwordResetRequest.PasswordResetCode = passwordResetRequestCode; foundAccount.Deleted = true; success = dataAccess.InsertNewPasswordResetRequestAndSetAccountDeleted(foundAccount, passwordResetRequestCode); return(success); }