ユーザーにパスワード リセットの方法を提供したいと考えています。ユーザーが [パスワード リセットの送信] を選択すると、電子メール通知が送信されます。
今、私はリポジトリから作業しており、存在するメソッドを呼び出したいのですが、c# にまったく慣れていないので、どうすればよいかわかりません。
ユーザーリポジトリのメソッドは
public bool RequestPasswordReset(string emailAddress)
{
try
{
User user = this.GetUserByEmailAddress(emailAddress);
// Check we have a user
if (user == null)
throw new Exception("No User for Email");
// Check the user is in a valid state for operation
if (user.Status != (int)UserStatus.Active)
throw new Exception("User not in valid state for password reset");
// TODO: Check UpdateDate to see if the Password Reset Guid has expired!
// Make the user reset, set the passwordguid and clear previous password hash
user.Status = (int)UserStatus.Reset;
user.PasswordHash = "";
user.PasswordGuid = GetUniquePasswordGuid();
//UserDAL.Update(User);
Context.Save(user);
Company company = user.Company;
// Send the appropriate Email Notification
//this.NotificationService.SendPasswordResetNotification(ContentType.Email, User, Company, DateTime.Now);
using (NotificationMessageRepository nmr = new NotificationMessageRepository())
{
nmr.SendPasswordResetNotification(company, user, ContentType.Email, DateTime.Now);
}
//Todo: Audit the password reset
//AuditLogInfo(null, AuditType.Auth, AuditMessage.AuthResetPassword, AuditItemType.User, User.ID.ToString(), Email);
}
catch (Exception e)
{
Logger.Error(String.Format("RequestPasswordReset({0}) Exception: {1}", emailAddress, e.Message));
return false;
}
finally
{
}
return true;
}
/// <summary>
/// Sets the password for the user, authenticating using the PasswordGuid
/// </summary>
/// <param name="PasswordGuid"></param>
/// <param name="Password"></param>
/// <returns></returns>
public bool SetPassword(string PasswordGuid, string Password)
{
try
{
User user = this.GetUserByPasswordGuid(PasswordGuid);
// Check we have a user
if (user == null)
throw new Exception("No User for PasswordGuid");
// Check the user is in a valid state for operation
if (user.Status != (int)UserStatus.Pending && user.Status != (int)UserStatus.Reset)
throw new Exception("User not in valid state for set password");
// TODO: Check UpdateDate to see if the Password Reset Guid has expired!
// Make the user active, set the password hash from the password and clear the password guid.
user.Status = (int)UserStatus.Active;
user.PasswordHash = CreatePasswordHash(Password);
user.PasswordGuid = "";
//UserDAL.Update(User);
Context.Save(user);
//ToDo: audit the password change
//AuditLogInfo(null, AuditType.Auth, AuditMessage.AuthSetPassword, AuditItemType.User, User.ID.ToString(), User.Username);
}
catch (Exception ex)
{
//ToDo: AuditLogError(null, AuditType.Auth, AuditMessage.AuthSetPassword, string.Format("PasswordGuid: {0} Exception: {1}", PasswordGuid, ex.Message));
Logger.Error(String.Format("SetPassword({0}, ******* ) Exception: {1}", PasswordGuid, ex.Message));
return false;
}
finally
{
}
return true;
}
/// <summary>
/// Get Unique PasswordGuid returns a unique password Guid
/// </summary>
/// <returns>a unique auth token</returns>
protected string GetUniquePasswordGuid()
{
//TODO: Possible check then we have not already given this out
// but chances of giving the same are so rare, not worth changing at the moment
return Guid.NewGuid().ToString();
}
/// <summary>
/// Creates a Password Hash from the specified password
/// NOTE: Access to this method should be controlled to prevent security breached and brute force password hacks.
/// </summary>
/// <param name="Password"></param>
/// <returns>a PasswordHash of the specified passed</returns>
public string CreatePasswordHash(String Password)
{
// NOTE: This method of Password Hashing cannot be changed and put into an existing system as you will
// be required reset all the passwords.
System.Security.Cryptography.HashAlgorithm ha = new System.Security.Cryptography.SHA1Managed();
ha.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Password));
return BitConverter.ToString(ha.Hash).Replace("-", "");
}
/// <summary>
/// Compares the Password against the password Hash to see if they match
/// </summary>
/// NOTE: Access to this method should be controlled to prevent security breached and brute force password hacks.
/// <param name="Password"></param>
/// <param name="PasswordHash"></param>
/// <returns>true if the password and teh PasswordHash match otherwise false</returns>
protected bool ComparePasswordAndHash(String Password, String PasswordHash)
{
string ComparePasswordHash = CreatePasswordHash(Password);
// return true if the generated hash from the password matches the password hash passed.
return (ComparePasswordHash.CompareTo(PasswordHash) == 0);
}
public bool UpdateUser(long userId, string title, string firstName, string surname, string address, string email, string username )
{
bool returnValue = false;
var user = Context.Users.SingleOrDefault(x => x.ID == userId);
if (user.ID > 0)
{
user.Title = title;
user.Forename = firstName;
user.Email = email;
user.Surname = surname;
user.Username = username;
user.Address1 = address;
Context.Save(user);
returnValue = true;
}
return returnValue;
}
public bool SaveNewUser(User user)
{
bool returnValue = false;
Context.Users.Add(user);
Context.Save(user);
return returnValue;
}
}