One time password on forgot password
This commit is contained in:
Alexander Trofimov
parent
5f6e13c645
commit
1e0a0710fd
16 changed files with 326 additions and 109 deletions
|
|
@ -44365,7 +44365,7 @@ Hello #user.FirstName#,
|
|||
</p>
|
||||
|
||||
<p>
|
||||
Please, find below details of your control panel account.
|
||||
Please, find below details of your control panel account. The one time password was generated for you. You should change the password after login.
|
||||
</p>
|
||||
|
||||
<h1>Control Panel URL</h1>
|
||||
|
|
@ -44374,7 +44374,7 @@ Please, find below details of your control panel account.
|
|||
<tr>
|
||||
<th>Control Panel URL</th>
|
||||
<th>Username</th>
|
||||
<th>Password</th>
|
||||
<th>One Time Password</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
|
@ -44412,11 +44412,11 @@ INSERT [dbo].[UserSettings] ([UserID], [SettingsName], [PropertyName], [Property
|
|||
|
||||
Hello #user.FirstName#,
|
||||
|
||||
Please, find below details of your control panel account.
|
||||
Please, find below details of your control panel account. The one time password was generated for you. You should change the password after login.
|
||||
|
||||
Control Panel URL: http://panel.AcmeHosting.com
|
||||
Username: #user.Username#
|
||||
Password: #user.Password#
|
||||
One Time Password: #user.Password#
|
||||
|
||||
If you have any questions regarding your hosting account, feel free to contact our support department at any time.
|
||||
|
||||
|
|
|
|||
|
|
@ -12445,3 +12445,135 @@ BEGIN
|
|||
SELECT @item_type_id = ItemTypeId FROM ServiceItemTypes WHERE DisplayName = 'SharePointEnterpriseSiteCollection'
|
||||
UPDATE [dbo].[Quotas] SET ItemTypeID = @item_type_id WHERE QuotaId = 550
|
||||
END
|
||||
GO
|
||||
|
||||
-- OneTimePassword
|
||||
IF NOT EXISTS(select 1 from sys.columns COLS INNER JOIN sys.objects OBJS ON OBJS.object_id=COLS.object_id and OBJS.type='U' AND OBJS.name='Users' AND COLS.name='OneTimePasswordState')
|
||||
BEGIN
|
||||
ALTER TABLE [dbo].[Users] ADD
|
||||
[OneTimePasswordState] int NULL
|
||||
END
|
||||
GO
|
||||
|
||||
IF EXISTS (SELECT * FROM SYS.OBJECTS WHERE type = 'P' AND name = 'SetUserOneTimePassword')
|
||||
DROP PROCEDURE SetUserOneTimePassword
|
||||
GO
|
||||
CREATE PROCEDURE [dbo].[SetUserOneTimePassword]
|
||||
(
|
||||
@UserID int,
|
||||
@Password nvarchar(200),
|
||||
@OneTimePasswordState int
|
||||
)
|
||||
AS
|
||||
UPDATE Users
|
||||
SET Password = @Password, OneTimePasswordState = @OneTimePasswordState
|
||||
WHERE UserID = @UserID
|
||||
RETURN
|
||||
GO
|
||||
|
||||
ALTER PROCEDURE [dbo].[GetUserByUsernameInternally]
|
||||
(
|
||||
@Username nvarchar(50)
|
||||
)
|
||||
AS
|
||||
SELECT
|
||||
U.UserID,
|
||||
U.RoleID,
|
||||
U.StatusID,
|
||||
U.SubscriberNumber,
|
||||
U.LoginStatusId,
|
||||
U.FailedLogins,
|
||||
U.OwnerID,
|
||||
U.Created,
|
||||
U.Changed,
|
||||
U.IsDemo,
|
||||
U.Comments,
|
||||
U.IsPeer,
|
||||
U.Username,
|
||||
U.Password,
|
||||
U.FirstName,
|
||||
U.LastName,
|
||||
U.Email,
|
||||
U.SecondaryEmail,
|
||||
U.Address,
|
||||
U.City,
|
||||
U.State,
|
||||
U.Country,
|
||||
U.Zip,
|
||||
U.PrimaryPhone,
|
||||
U.SecondaryPhone,
|
||||
U.Fax,
|
||||
U.InstantMessenger,
|
||||
U.HtmlMail,
|
||||
U.CompanyName,
|
||||
U.EcommerceEnabled,
|
||||
U.[AdditionalParams],
|
||||
U.OneTimePasswordState
|
||||
FROM Users AS U
|
||||
WHERE U.Username = @Username
|
||||
|
||||
RETURN
|
||||
GO
|
||||
|
||||
ALTER PROCEDURE [dbo].[GetUserByIdInternally]
|
||||
(
|
||||
@UserID int
|
||||
)
|
||||
AS
|
||||
SELECT
|
||||
U.UserID,
|
||||
U.RoleID,
|
||||
U.StatusID,
|
||||
U.SubscriberNumber,
|
||||
U.LoginStatusId,
|
||||
U.FailedLogins,
|
||||
U.OwnerID,
|
||||
U.Created,
|
||||
U.Changed,
|
||||
U.IsDemo,
|
||||
U.Comments,
|
||||
U.IsPeer,
|
||||
U.Username,
|
||||
U.Password,
|
||||
U.FirstName,
|
||||
U.LastName,
|
||||
U.Email,
|
||||
U.SecondaryEmail,
|
||||
U.Address,
|
||||
U.City,
|
||||
U.State,
|
||||
U.Country,
|
||||
U.Zip,
|
||||
U.PrimaryPhone,
|
||||
U.SecondaryPhone,
|
||||
U.Fax,
|
||||
U.InstantMessenger,
|
||||
U.HtmlMail,
|
||||
U.CompanyName,
|
||||
U.EcommerceEnabled,
|
||||
U.[AdditionalParams],
|
||||
U.OneTimePasswordState
|
||||
FROM Users AS U
|
||||
WHERE U.UserID = @UserID
|
||||
|
||||
RETURN
|
||||
GO
|
||||
|
||||
ALTER PROCEDURE [dbo].[ChangeUserPassword]
|
||||
(
|
||||
@ActorID int,
|
||||
@UserID int,
|
||||
@Password nvarchar(200)
|
||||
)
|
||||
AS
|
||||
|
||||
-- check actor rights
|
||||
IF dbo.CanUpdateUserDetails(@ActorID, @UserID) = 0
|
||||
RETURN
|
||||
|
||||
UPDATE Users
|
||||
SET Password = @Password, OneTimePasswordState = 0
|
||||
WHERE UserID = @UserID
|
||||
|
||||
RETURN
|
||||
GO
|
||||
|
|
@ -67,6 +67,9 @@ namespace WebsitePanel.EnterpriseServer
|
|||
|
||||
public const int ERROR_USER_ACCOUNT_DISABLED = -114;
|
||||
public const int ERROR_USER_ACCOUNT_LOCKEDOUT = -115;
|
||||
|
||||
public const int ERROR_USER_EXPIRED_ONETIMEPASSWORD = -116;
|
||||
|
||||
#endregion
|
||||
|
||||
#region Packages
|
||||
|
|
|
|||
|
|
@ -0,0 +1,43 @@
|
|||
// Copyright (c) 2015, Outercurve Foundation.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification,
|
||||
// are permitted provided that the following conditions are met:
|
||||
//
|
||||
// - Redistributions of source code must retain the above copyright notice, this
|
||||
// list of conditions and the following disclaimer.
|
||||
//
|
||||
// - Redistributions in binary form must reproduce the above copyright notice,
|
||||
// this list of conditions and the following disclaimer in the documentation
|
||||
// and/or other materials provided with the distribution.
|
||||
//
|
||||
// - Neither the name of the Outercurve Foundation nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from this
|
||||
// software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
|
||||
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
// ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Text;
|
||||
|
||||
namespace WebsitePanel.EnterpriseServer
|
||||
{
|
||||
public class BusinessSuccessCodes
|
||||
{
|
||||
#region Users
|
||||
|
||||
public const int SUCCESS_USER_ONETIMEPASSWORD = 100;
|
||||
|
||||
#endregion
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
|
||||
namespace WebsitePanel.EnterpriseServer
|
||||
{
|
||||
public enum OneTimePasswordStates
|
||||
{
|
||||
None = 0,
|
||||
Active = 1,
|
||||
Expired = 2,
|
||||
}
|
||||
}
|
||||
|
|
@ -385,68 +385,19 @@ namespace WebsitePanel.EnterpriseServer
|
|||
public class UserInfoInternal : UserInfo
|
||||
{
|
||||
private string password;
|
||||
private string oneTimePassword;
|
||||
private OneTimePasswordStates oneTimePasswordState;
|
||||
|
||||
public string Password
|
||||
{
|
||||
get { return this.password; }
|
||||
set { this.password = value; }
|
||||
}
|
||||
|
||||
public OneTimePasswordStates OneTimePasswordState
|
||||
{
|
||||
get { return oneTimePasswordState; }
|
||||
set { oneTimePasswordState = value; }
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esAuthentication.asmx.cs(51): public int AuthenticateUser(string username, string password, string ip)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esAuthentication.asmx.cs(57): public UserInfo GetUserByUsernamePassword(string username, string password, string ip)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esAuthentication.asmx.cs(63): public int ChangeUserPasswordByUsername(string username, string oldPassword, string newPassword, string ip)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esAuthentication.asmx.cs(69): public int SendPasswordReminder(string username, string ip)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esAuthentication.asmx.cs(81): public int SetupControlPanelAccounts(string passwordA, string passwordB, string ip)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esBlackBerry.asmx.cs(92): public ResultObject SetActivationPasswordWithExpirationTime(int itemId, int accountId, string password, int time)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esExchangeServer.asmx.cs(221): public bool CheckAccountCredentials(int itemId, string email, string password)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esExchangeServer.asmx.cs(231): public int CreateMailbox(int itemId, int accountId, ExchangeAccountType accountType, string accountName, string displayName,
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esExchangeServer.asmx.cs(231): string name, string domain, string password, bool sendSetupInstructions, string setupInstructionMailAddress, int mailboxPlanId, int archivedPlanId, string subscriberNumber, bool EnableArchiving)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(195): public ResultObject SendResetUserPasswordLinkSms(int itemId, int accountId, string reason, string phoneTo = null)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(197): return OrganizationController.SendResetUserPasswordLinkSms(itemId, accountId, reason, phoneTo);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(202): public ResultObject SendResetUserPasswordPincodeSms(Guid token, string phoneTo = null)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(204): return OrganizationController.SendResetUserPasswordPincodeSms(token, phoneTo);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(259): public int CreateUser(int itemId, string displayName, string name, string domain, string password, string subscriberNumber, bool sendNotification, string to)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(262): return OrganizationController.CreateUser(itemId, displayName, name, domain, password, subscriberNumber, true, sendNotification, to, out accountName);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(266): public int ImportUser(int itemId, string accountName, string displayName, string name, string domain, string password, string subscriberNumber)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(268): return OrganizationController.ImportUser(itemId, accountName, displayName, name, domain, password, subscriberNumber);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(293): string password, bool hideAddressBook, bool disabled, bool locked, string firstName, string initials,
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(298): bool userMustChangePassword)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(301): password, hideAddressBook, disabled, locked, firstName, initials,
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(305): webPage, notes, externalEmail, subscriberNumber, levelId, isVIP, userMustChangePassword);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(318): public int SetUserPassword(int itemId, int accountId, string password)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(320): return OrganizationController.SetUserPassword(itemId, accountId, password);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(353): public PasswordPolicyResult GetPasswordPolicy(int itemId)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(355): return OrganizationController.GetPasswordPolicy(itemId);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(359): public void SendResetUserPasswordEmail(int itemId, int accountId, string reason, string mailTo, bool finalStep)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esOrganizations.asmx.cs(361): OrganizationController.SendResetUserPasswordEmail(itemId, accountId, reason, mailTo, finalStep);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esPackages.asmx.cs(449): public int CreateUserWizard(int parentPackageId, string username, string password,
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esPackages.asmx.cs(456): return UserCreationWizard.CreateUserAccount(parentPackageId, username, password,
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esServers.asmx.cs(108): public int CheckServerAvailable(string serverUrl, string password)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esServers.asmx.cs(110): return ServerController.CheckServerAvailable(serverUrl, password);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esServers.asmx.cs(126): public int UpdateServerConnectionPassword(int serverId, string password)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esServers.asmx.cs(128): return ServerController.UpdateServerConnectionPassword(serverId, password);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esServers.asmx.cs(132): public int UpdateServerADPassword(int serverId, string adPassword)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esServers.asmx.cs(134): return ServerController.UpdateServerADPassword(serverId, adPassword);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esUsers.asmx.cs(152): string password,
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esUsers.asmx.cs(178): user.Password = password;
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esUsers.asmx.cs(272): public int ChangeUserPassword(int userId, string password)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esUsers.asmx.cs(274): return UserController.ChangeUserPassword(userId, password);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(127): return WebServerController.InstallFrontPage(siteItemId, username, password);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(137): public int ChangeFrontPagePassword(int siteItemId, string password)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(139): return WebServerController.ChangeFrontPagePassword(siteItemId, password);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(337): public ResultObject GrantWebDeployPublishingAccess(int siteItemId, string accountName, string accountPassword)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(339): return WebServerController.GrantWebDeployPublishingAccess(siteItemId, accountName, accountPassword);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(361): public ResultObject ChangeWebDeployPublishingPassword(int siteItemId, string newAccountPassword)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(363): return WebServerController.ChangeWebDeployPublishingPassword(siteItemId, newAccountPassword);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(536): public ResultObject GrantWebManagementAccess(int siteItemId, string accountName, string accountPassword)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(538): return WebServerController.GrantWebManagementAccess(siteItemId, accountName, accountPassword);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(548): public ResultObject ChangeWebManagementAccessPassword(int siteItemId, string accountPassword)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(550): return WebServerController.ChangeWebManagementAccessPassword(siteItemId, accountPassword);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(567): public ResultObject InstallPfx(byte[] certificate, int siteItemId, string password)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(569): return WebServerController.InstallPfx(certificate, siteItemId, password);
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(597): public byte[] ExportCertificate(int siteId, string serialNumber, string password)
|
||||
//C:\Work\WSPExpert\WebsitePanel\Sources\WebsitePanel.EnterpriseServer\esWebServers.asmx.cs(599): return WebServerController.ExportCertificate(siteId, serialNumber, password);
|
||||
|
|
@ -69,6 +69,7 @@
|
|||
<Compile Include="..\VersionInfo.cs">
|
||||
<Link>VersionInfo.cs</Link>
|
||||
</Compile>
|
||||
<Compile Include="Common\BusinessSuccessCodes.cs" />
|
||||
<Compile Include="Common\BusinessErrorCodes.cs" />
|
||||
<Compile Include="Common\GenericStringResult.cs">
|
||||
<SubType>Code</SubType>
|
||||
|
|
@ -165,6 +166,7 @@
|
|||
<Compile Include="Tasks\BackgroundTask.cs" />
|
||||
<Compile Include="Tasks\BackgroundTaskLogRecord.cs" />
|
||||
<Compile Include="Tasks\BackgroundTaskStatus.cs" />
|
||||
<Compile Include="Users\OneTimePasswordStates.cs" />
|
||||
<Compile Include="Users\UserInfo.cs" />
|
||||
<Compile Include="Users\UserLoginStatus.cs" />
|
||||
<Compile Include="Users\UsernamePolicy.cs" />
|
||||
|
|
|
|||
|
|
@ -382,6 +382,15 @@ namespace WebsitePanel.EnterpriseServer
|
|||
new SqlParameter("@password", password));
|
||||
}
|
||||
|
||||
public static void SetUserOneTimePassword(int userId, string password, int auths)
|
||||
{
|
||||
SqlHelper.ExecuteNonQuery(ConnectionString, CommandType.StoredProcedure,
|
||||
ObjectQualifier + "SetUserOneTimePassword",
|
||||
new SqlParameter("@UserID", userId),
|
||||
new SqlParameter("@Password", password),
|
||||
new SqlParameter("@OneTimePasswordState", auths));
|
||||
}
|
||||
|
||||
#endregion
|
||||
|
||||
#region User Settings
|
||||
|
|
|
|||
|
|
@ -0,0 +1,41 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
|
||||
namespace WebsitePanel.EnterpriseServer
|
||||
{
|
||||
public class OneTimePasswordHelper
|
||||
{
|
||||
public static string SetOneTimePassword(int userId)
|
||||
{
|
||||
int passwordLength = 12; // default length
|
||||
|
||||
// load password policy
|
||||
UserSettings userSettings = UserController.GetUserSettings(userId, UserSettings.WEBSITEPANEL_POLICY);
|
||||
string passwordPolicy = userSettings["PasswordPolicy"];
|
||||
|
||||
if (!String.IsNullOrEmpty(passwordPolicy))
|
||||
{
|
||||
// get third parameter - max length
|
||||
try
|
||||
{
|
||||
passwordLength = Utils.ParseInt(passwordPolicy.Split(';')[2].Trim(), passwordLength);
|
||||
}
|
||||
catch { /* skip */ }
|
||||
}
|
||||
|
||||
// generate password
|
||||
var password = Utils.GetRandomString(passwordLength);
|
||||
|
||||
DataProvider.SetUserOneTimePassword(userId, CryptoUtils.Encrypt(password), (int) OneTimePasswordStates.Active);
|
||||
|
||||
return password;
|
||||
}
|
||||
|
||||
public static void FireSuccessAuth(UserInfoInternal user)
|
||||
{
|
||||
DataProvider.SetUserOneTimePassword(user.UserId, CryptoUtils.Encrypt(user.Password), (int) OneTimePasswordStates.Expired);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -57,6 +57,8 @@ namespace WebsitePanel.EnterpriseServer
|
|||
|
||||
try
|
||||
{
|
||||
int result = 0;
|
||||
|
||||
// try to get user from database
|
||||
UserInfoInternal user = GetUserInternally(username);
|
||||
|
||||
|
|
@ -99,7 +101,22 @@ namespace WebsitePanel.EnterpriseServer
|
|||
|
||||
|
||||
// compare user passwords
|
||||
if (CryptoUtils.SHA1(user.Password) != password)
|
||||
if (CryptoUtils.SHA1(user.Password) == password)
|
||||
{
|
||||
switch (user.OneTimePasswordState)
|
||||
{
|
||||
case OneTimePasswordStates.Active:
|
||||
result = BusinessSuccessCodes.SUCCESS_USER_ONETIMEPASSWORD;
|
||||
OneTimePasswordHelper.FireSuccessAuth(user);
|
||||
break;
|
||||
case OneTimePasswordStates.Expired:
|
||||
if (lockOut >= 0) DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, false);
|
||||
TaskManager.WriteWarning("Expired one time password");
|
||||
return BusinessErrorCodes.ERROR_USER_EXPIRED_ONETIMEPASSWORD;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (lockOut >= 0)
|
||||
DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, false);
|
||||
|
|
@ -107,7 +124,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
TaskManager.WriteWarning("Wrong password");
|
||||
return BusinessErrorCodes.ERROR_USER_WRONG_PASSWORD;
|
||||
}
|
||||
else
|
||||
|
||||
DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, true);
|
||||
|
||||
// check status
|
||||
|
|
@ -123,7 +140,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
return BusinessErrorCodes.ERROR_USER_ACCOUNT_PENDING;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return result;
|
||||
|
||||
}
|
||||
catch (Exception ex)
|
||||
|
|
@ -210,7 +227,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
try
|
||||
{
|
||||
// try to get user from database
|
||||
UserInfo user = GetUserInternally(username);
|
||||
UserInfoInternal user = GetUserInternally(username);
|
||||
if (user == null)
|
||||
{
|
||||
TaskManager.WriteWarning("Account not found");
|
||||
|
|
@ -233,6 +250,9 @@ namespace WebsitePanel.EnterpriseServer
|
|||
if (body == null || body == "")
|
||||
return BusinessErrorCodes.ERROR_SETTINGS_PASSWORD_LETTER_EMPTY_BODY;
|
||||
|
||||
// One Time Password feature
|
||||
user.Password = OneTimePasswordHelper.SetOneTimePassword(user.UserId);
|
||||
|
||||
// set template context items
|
||||
Hashtable items = new Hashtable();
|
||||
items["user"] = user;
|
||||
|
|
@ -242,8 +262,7 @@ namespace WebsitePanel.EnterpriseServer
|
|||
UserInfoInternal reseller = UserController.GetUser(user.OwnerId);
|
||||
if (reseller != null)
|
||||
{
|
||||
reseller.Password = "";
|
||||
items["reseller"] = reseller;
|
||||
items["reseller"] = new UserInfo(reseller);
|
||||
}
|
||||
|
||||
subject = PackageController.EvaluateTemplate(subject, items);
|
||||
|
|
@ -264,49 +283,37 @@ namespace WebsitePanel.EnterpriseServer
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
internal static UserInfoInternal GetUserInternally(int userId)
|
||||
{
|
||||
// try to get user from database
|
||||
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
|
||||
DataProvider.GetUserByIdInternally(userId));
|
||||
|
||||
if (user != null)
|
||||
user.Password = CryptoUtils.Decrypt(user.Password);
|
||||
return user;
|
||||
return GetUser(DataProvider.GetUserByIdInternally(userId));
|
||||
}
|
||||
|
||||
internal static UserInfoInternal GetUserInternally(string username)
|
||||
{
|
||||
// try to get user from database
|
||||
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
|
||||
DataProvider.GetUserByUsernameInternally(username));
|
||||
|
||||
if (user != null)
|
||||
{
|
||||
user.Password = CryptoUtils.Decrypt(user.Password);
|
||||
}
|
||||
return user;
|
||||
return GetUser(DataProvider.GetUserByUsernameInternally(username));
|
||||
}
|
||||
|
||||
public static UserInfoInternal GetUser(int userId)
|
||||
{
|
||||
// try to get user from database
|
||||
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
|
||||
DataProvider.GetUserById(SecurityContext.User.UserId, userId));
|
||||
|
||||
if (user != null)
|
||||
user.Password = CryptoUtils.Decrypt(user.Password);
|
||||
return user;
|
||||
return GetUser(DataProvider.GetUserById(SecurityContext.User.UserId, userId));
|
||||
}
|
||||
|
||||
public static UserInfoInternal GetUser(string username)
|
||||
{
|
||||
return GetUser(DataProvider.GetUserByUsername(SecurityContext.User.UserId, username));
|
||||
}
|
||||
|
||||
private static UserInfoInternal GetUser(IDataReader reader)
|
||||
{
|
||||
// try to get user from database
|
||||
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
|
||||
DataProvider.GetUserByUsername(SecurityContext.User.UserId, username));
|
||||
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(reader);
|
||||
|
||||
if (user != null)
|
||||
{
|
||||
user.Password = CryptoUtils.Decrypt(user.Password);
|
||||
}
|
||||
|
||||
return user;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -183,6 +183,7 @@
|
|||
<Compile Include="Tasks\TaskController.cs" />
|
||||
<Compile Include="Tasks\TaskEventHandler.cs" />
|
||||
<Compile Include="Tasks\TaskManager.cs" />
|
||||
<Compile Include="Users\Helpers\OneTimePasswordHelper.cs" />
|
||||
<Compile Include="Users\UserAsyncWorker.cs" />
|
||||
<Compile Include="Users\UserController.cs" />
|
||||
<Compile Include="Virtualization2012\CreateServerAsyncWorker2012.cs" />
|
||||
|
|
|
|||
|
|
@ -401,6 +401,7 @@
|
|||
<Controls>
|
||||
<Control key="" src="WebsitePanel/Login.ascx" title="SignIn" type="View" />
|
||||
<Control key="forgot_password" src="WebsitePanel/LoginForgotPassword.ascx" title="PasswordReminder" type="View" />
|
||||
<Control key="change_onetimepassword" src="WebsitePanel/UserAccountChangePassword.ascx" title="UserAccountChangePassword" type="View" icon="admin_lock_48.png" />
|
||||
<Control key="scpa" src="WebsitePanel/SetupControlPanelAccounts.ascx" title="SetupControlPanelAccounts" type="View" />
|
||||
</Controls>
|
||||
</ModuleDefinition>
|
||||
|
|
|
|||
|
|
@ -4581,6 +4581,9 @@
|
|||
<data name="Error.ERROR_USER_ACCOUNT_SUSPENDED" xml:space="preserve">
|
||||
<value>User account is Suspended</value>
|
||||
</data>
|
||||
<data name="Warning.USER_SHOULD_CHANGE_ONETIMEPASSWORD" xml:space="preserve">
|
||||
<value>You should change your one time password.</value>
|
||||
</data>
|
||||
<data name="VPS.VPS_CREATE_EMPTY_HOSTNAME_PATTERN" xml:space="preserve">
|
||||
<value>Hostname pattern is not specified. Could not create VPS with blank hostname.</value>
|
||||
</data>
|
||||
|
|
|
|||
|
|
@ -382,7 +382,7 @@ namespace WebsitePanel.Portal
|
|||
else return BusinessErrorCodes.ERROR_USER_ACCOUNT_ROLE_NOT_ALLOWED;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return authResult;
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
|
|
|
|||
|
|
@ -186,6 +186,11 @@ namespace WebsitePanel.Portal
|
|||
{
|
||||
ShowWarningMessage("WrongLogin");
|
||||
}
|
||||
else if (loginStatus == BusinessSuccessCodes.SUCCESS_USER_ONETIMEPASSWORD)
|
||||
{
|
||||
// One time password should be changed after login
|
||||
Response.Redirect(EditUrl("UserID", PanelSecurity.LoggedUserId.ToString(), "change_onetimepassword", "onetimepassword=true"), true);
|
||||
}
|
||||
else
|
||||
{
|
||||
// redirect by shortcut
|
||||
|
|
|
|||
|
|
@ -80,6 +80,11 @@ namespace WebsitePanel.Portal
|
|||
if (!String.IsNullOrEmpty(changePasswordWarningText))
|
||||
lblChangePasswordWarning.Text = changePasswordWarningText;
|
||||
}
|
||||
|
||||
if (PanelRequest.GetBool("onetimepassword"))
|
||||
{
|
||||
ShowWarningMessage("USER_SHOULD_CHANGE_ONETIMEPASSWORD");
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue