Merge pull request #2515 from sbwalker/dev
fix #2512 - provide guidance about password complexity policy during install, and ensure modified passwords meet complexity policy
This commit is contained in:
		| @ -224,126 +224,133 @@ else | |||||||
| <br /><br /> | <br /><br /> | ||||||
|  |  | ||||||
| @code { | @code { | ||||||
|     private string username = string.Empty; | 	private string username = string.Empty; | ||||||
|     private string _password = string.Empty; | 	private string _password = string.Empty; | ||||||
|     private string _passwordtype = "password"; | 	private string _passwordtype = "password"; | ||||||
|     private string _togglepassword = string.Empty; | 	private string _togglepassword = string.Empty; | ||||||
|     private string confirm = string.Empty; | 	private string confirm = string.Empty; | ||||||
|     private bool allowtwofactor = false; | 	private bool allowtwofactor = false; | ||||||
|     private string twofactor = "False"; | 	private string twofactor = "False"; | ||||||
|     private string email = string.Empty; | 	private string email = string.Empty; | ||||||
|     private string displayname = string.Empty; | 	private string displayname = string.Empty; | ||||||
|     private FileManager filemanager; | 	private FileManager filemanager; | ||||||
|     private int folderid = -1; | 	private int folderid = -1; | ||||||
|     private int photofileid = -1; | 	private int photofileid = -1; | ||||||
|     private File photo = null; | 	private File photo = null; | ||||||
|     private List<Profile> profiles; | 	private List<Profile> profiles; | ||||||
|     private Dictionary<string, string> settings; | 	private Dictionary<string, string> settings; | ||||||
|     private string category = string.Empty; | 	private string category = string.Empty; | ||||||
|     private string filter = "to"; | 	private string filter = "to"; | ||||||
|     private List<Notification> notifications; | 	private List<Notification> notifications; | ||||||
|  |  | ||||||
|     public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.View; | 	public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.View; | ||||||
|  |  | ||||||
|     protected override async Task OnParametersSetAsync() | 	protected override async Task OnParametersSetAsync() | ||||||
|     { | 	{ | ||||||
|         try | 		try | ||||||
|         { | 		{ | ||||||
|             _togglepassword = SharedLocalizer["ShowPassword"]; | 			_togglepassword = SharedLocalizer["ShowPassword"]; | ||||||
|  |  | ||||||
|             if (PageState.Site.Settings.ContainsKey("LoginOptions:TwoFactor") && !string.IsNullOrEmpty(PageState.Site.Settings["LoginOptions:TwoFactor"])) | 			if (PageState.Site.Settings.ContainsKey("LoginOptions:TwoFactor") && !string.IsNullOrEmpty(PageState.Site.Settings["LoginOptions:TwoFactor"])) | ||||||
|             { | 			{ | ||||||
|                 allowtwofactor = (PageState.Site.Settings["LoginOptions:TwoFactor"] == "true"); | 				allowtwofactor = (PageState.Site.Settings["LoginOptions:TwoFactor"] == "true"); | ||||||
|             } | 			} | ||||||
|  |  | ||||||
|             if (PageState.User != null) | 			if (PageState.User != null) | ||||||
|             { | 			{ | ||||||
|                 username = PageState.User.Username; | 				username = PageState.User.Username; | ||||||
|                 twofactor = PageState.User.TwoFactorRequired.ToString(); | 				twofactor = PageState.User.TwoFactorRequired.ToString(); | ||||||
|                 email = PageState.User.Email; | 				email = PageState.User.Email; | ||||||
|                 displayname = PageState.User.DisplayName; | 				displayname = PageState.User.DisplayName; | ||||||
|  |  | ||||||
|                 // get user folder | 				// get user folder | ||||||
|                 var folder = await FolderService.GetFolderAsync(ModuleState.SiteId, PageState.User.FolderPath); | 				var folder = await FolderService.GetFolderAsync(ModuleState.SiteId, PageState.User.FolderPath); | ||||||
|                 if (folder != null) | 				if (folder != null) | ||||||
|                 { | 				{ | ||||||
|                     folderid = folder.FolderId; | 					folderid = folder.FolderId; | ||||||
|                 } | 				} | ||||||
|  |  | ||||||
|                 if (PageState.User.PhotoFileId != null) | 				if (PageState.User.PhotoFileId != null) | ||||||
|                 { | 				{ | ||||||
|                     photofileid = PageState.User.PhotoFileId.Value; | 					photofileid = PageState.User.PhotoFileId.Value; | ||||||
|                     photo = await FileService.GetFileAsync(photofileid); | 					photo = await FileService.GetFileAsync(photofileid); | ||||||
|                 } | 				} | ||||||
|                 else | 				else | ||||||
|                 { | 				{ | ||||||
|                     photofileid = -1; | 					photofileid = -1; | ||||||
|                     photo = null; | 					photo = null; | ||||||
|                 } | 				} | ||||||
|  |  | ||||||
|                 profiles = await ProfileService.GetProfilesAsync(ModuleState.SiteId); | 				profiles = await ProfileService.GetProfilesAsync(ModuleState.SiteId); | ||||||
|                 settings = await SettingService.GetUserSettingsAsync(PageState.User.UserId); | 				settings = await SettingService.GetUserSettingsAsync(PageState.User.UserId); | ||||||
|  |  | ||||||
|                 await LoadNotificationsAsync(); | 				await LoadNotificationsAsync(); | ||||||
|             } | 			} | ||||||
|             else | 			else | ||||||
|             { | 			{ | ||||||
|                 AddModuleMessage(Localizer["Message.User.NoLogIn"], MessageType.Warning); | 				AddModuleMessage(Localizer["Message.User.NoLogIn"], MessageType.Warning); | ||||||
|             } | 			} | ||||||
|         } | 		} | ||||||
|         catch (Exception ex) | 		catch (Exception ex) | ||||||
|         { | 		{ | ||||||
|             await logger.LogError(ex, "Error Loading User Profile {Error}", ex.Message); | 			await logger.LogError(ex, "Error Loading User Profile {Error}", ex.Message); | ||||||
|             AddModuleMessage(Localizer["Error.Profile.Load"], MessageType.Error); | 			AddModuleMessage(Localizer["Error.Profile.Load"], MessageType.Error); | ||||||
|         } | 		} | ||||||
|     } | 	} | ||||||
|  |  | ||||||
|     private async Task LoadNotificationsAsync() | 	private async Task LoadNotificationsAsync() | ||||||
|     { | 	{ | ||||||
|         notifications = await NotificationService.GetNotificationsAsync(PageState.Site.SiteId, filter, PageState.User.UserId); | 		notifications = await NotificationService.GetNotificationsAsync(PageState.Site.SiteId, filter, PageState.User.UserId); | ||||||
|         notifications = notifications.Where(item => item.DeletedBy != PageState.User.Username).ToList(); | 		notifications = notifications.Where(item => item.DeletedBy != PageState.User.Username).ToList(); | ||||||
|     } | 	} | ||||||
|  |  | ||||||
|     private string GetProfileValue(string SettingName, string DefaultValue) | 	private string GetProfileValue(string SettingName, string DefaultValue) | ||||||
|         => SettingService.GetSetting(settings, SettingName, DefaultValue); | 		=> SettingService.GetSetting(settings, SettingName, DefaultValue); | ||||||
|  |  | ||||||
|     private async Task Save() | 	private async Task Save() | ||||||
|     { | 	{ | ||||||
|         try | 		try | ||||||
|         { | 		{ | ||||||
|             if (username != string.Empty && email != string.Empty && ValidateProfiles()) | 			if (username != string.Empty && email != string.Empty && ValidateProfiles()) | ||||||
|             { | 			{ | ||||||
|                 if (_password == confirm) | 				if (_password == confirm) | ||||||
|                 { | 				{ | ||||||
|                     var user = PageState.User; | 					var user = PageState.User; | ||||||
|                     user.Username = username; | 					user.Username = username; | ||||||
|                     user.Password = _password; | 					user.Password = _password; | ||||||
|                     user.TwoFactorRequired = bool.Parse(twofactor); | 					user.TwoFactorRequired = bool.Parse(twofactor); | ||||||
|                     user.Email = email; | 					user.Email = email; | ||||||
|                     user.DisplayName = (displayname == string.Empty ? username : displayname); | 					user.DisplayName = (displayname == string.Empty ? username : displayname); | ||||||
|                     user.PhotoFileId = filemanager.GetFileId(); | 					user.PhotoFileId = filemanager.GetFileId(); | ||||||
|                     if (user.PhotoFileId == -1) | 					if (user.PhotoFileId == -1) | ||||||
|                     { | 					{ | ||||||
|                         user.PhotoFileId = null; | 						user.PhotoFileId = null; | ||||||
|                     } | 					} | ||||||
|                     if (user.PhotoFileId != null) | 					if (user.PhotoFileId != null) | ||||||
|                     { | 					{ | ||||||
|                         photofileid = user.PhotoFileId.Value; | 						photofileid = user.PhotoFileId.Value; | ||||||
|                         photo = await FileService.GetFileAsync(photofileid); | 						photo = await FileService.GetFileAsync(photofileid); | ||||||
|                     } | 					} | ||||||
|                     else | 					else | ||||||
|                     { | 					{ | ||||||
|                         photofileid = -1; | 						photofileid = -1; | ||||||
|                         photo = null; | 						photo = null; | ||||||
|                     } | 					} | ||||||
|  |  | ||||||
|                     await UserService.UpdateUserAsync(user); | 					user = await UserService.UpdateUserAsync(user); | ||||||
|                     await SettingService.UpdateUserSettingsAsync(settings, PageState.User.UserId); | 					if (user != null) | ||||||
|                     await logger.LogInformation("User Profile Saved"); | 					{ | ||||||
|  | 						await SettingService.UpdateUserSettingsAsync(settings, PageState.User.UserId); | ||||||
|  | 						await logger.LogInformation("User Profile Saved"); | ||||||
|  |  | ||||||
|                     AddModuleMessage(Localizer["Success.Profile.Update"], MessageType.Success); | 						AddModuleMessage(Localizer["Success.Profile.Update"], MessageType.Success); | ||||||
|                     StateHasChanged(); | 						StateHasChanged(); | ||||||
|                 } | 					} | ||||||
|  | 					else | ||||||
|  | 					{ | ||||||
|  | 						AddModuleMessage(Localizer["Message.Password.Complexity"], MessageType.Error);						 | ||||||
|  | 					} | ||||||
|  | 				} | ||||||
|                 else |                 else | ||||||
|                 { |                 { | ||||||
|                     AddModuleMessage(Localizer["Message.Password.Invalid"], MessageType.Warning); |                     AddModuleMessage(Localizer["Message.Password.Invalid"], MessageType.Warning); | ||||||
|  | |||||||
| @ -201,58 +201,64 @@ else | |||||||
| 						photofileid = -1; | 						photofileid = -1; | ||||||
| 						photo = null; | 						photo = null; | ||||||
| 					} | 					} | ||||||
|                     isdeleted = user.IsDeleted.ToString(); | 					isdeleted = user.IsDeleted.ToString(); | ||||||
| 					lastlogin = string.Format("{0:MMM dd yyyy HH:mm:ss}", user.LastLoginOn); | 					lastlogin = string.Format("{0:MMM dd yyyy HH:mm:ss}", user.LastLoginOn); | ||||||
| 					lastipaddress = user.LastIPAddress; | 					lastipaddress = user.LastIPAddress; | ||||||
|  |  | ||||||
| 					settings = await SettingService.GetUserSettingsAsync(user.UserId); | 					settings = await SettingService.GetUserSettingsAsync(user.UserId); | ||||||
|                     createdby = user.CreatedBy; | 					createdby = user.CreatedBy; | ||||||
|                     createdon = user.CreatedOn; | 					createdon = user.CreatedOn; | ||||||
|                     modifiedby = user.ModifiedBy; | 					modifiedby = user.ModifiedBy; | ||||||
|                     modifiedon = user.ModifiedOn; | 					modifiedon = user.ModifiedOn; | ||||||
|                     deletedby = user.DeletedBy; | 					deletedby = user.DeletedBy; | ||||||
|                     deletedon = user.DeletedOn; | 					deletedon = user.DeletedOn; | ||||||
|                 } | 				} | ||||||
|             } | 			} | ||||||
|         } | 		} | ||||||
|         catch (Exception ex) | 		catch (Exception ex) | ||||||
|         { | 		{ | ||||||
|             await logger.LogError(ex, "Error Loading User {UserId} {Error}", userid, ex.Message); | 			await logger.LogError(ex, "Error Loading User {UserId} {Error}", userid, ex.Message); | ||||||
|             AddModuleMessage(Localizer["Error.User.Load"], MessageType.Error); | 			AddModuleMessage(Localizer["Error.User.Load"], MessageType.Error); | ||||||
|         } | 		} | ||||||
|     } | 	} | ||||||
|  |  | ||||||
|     private string GetProfileValue(string SettingName, string DefaultValue) | 	private string GetProfileValue(string SettingName, string DefaultValue) | ||||||
|         => SettingService.GetSetting(settings, SettingName, DefaultValue); | 		=> SettingService.GetSetting(settings, SettingName, DefaultValue); | ||||||
|  |  | ||||||
|     private async Task SaveUser() | 	private async Task SaveUser() | ||||||
|     { | 	{ | ||||||
|         try | 		try | ||||||
|         { | 		{ | ||||||
|             if (username != string.Empty && email != string.Empty && ValidateProfiles()) | 			if (username != string.Empty && email != string.Empty && ValidateProfiles()) | ||||||
|             { | 			{ | ||||||
|                 if (_password == confirm) | 				if (_password == confirm) | ||||||
|                 { | 				{ | ||||||
|                     var user = await UserService.GetUserAsync(userid, PageState.Site.SiteId); | 					var user = await UserService.GetUserAsync(userid, PageState.Site.SiteId); | ||||||
|                     user.SiteId = PageState.Site.SiteId; | 					user.SiteId = PageState.Site.SiteId; | ||||||
|                     user.Username = username; | 					user.Username = username; | ||||||
|                     user.Password = _password; | 					user.Password = _password; | ||||||
|                     user.Email = email; | 					user.Email = email; | ||||||
|                     user.DisplayName = string.IsNullOrWhiteSpace(displayname) ? username : displayname; | 					user.DisplayName = string.IsNullOrWhiteSpace(displayname) ? username : displayname; | ||||||
|                     user.PhotoFileId = null; | 					user.PhotoFileId = null; | ||||||
|                     user.PhotoFileId = filemanager.GetFileId(); | 					user.PhotoFileId = filemanager.GetFileId(); | ||||||
|                     if (user.PhotoFileId == -1) | 					if (user.PhotoFileId == -1) | ||||||
|                     { | 					{ | ||||||
|                         user.PhotoFileId = null; | 						user.PhotoFileId = null; | ||||||
|                     } | 					} | ||||||
|  |  | ||||||
|                     user.IsDeleted = (isdeleted == null ? true : Boolean.Parse(isdeleted)); | 					user.IsDeleted = (isdeleted == null ? true : Boolean.Parse(isdeleted)); | ||||||
|  |  | ||||||
|                     user = await UserService.UpdateUserAsync(user); | 					user = await UserService.UpdateUserAsync(user); | ||||||
|                     await SettingService.UpdateUserSettingsAsync(settings, user.UserId); | 					if (user != null) | ||||||
|                     await logger.LogInformation("User Saved {User}", user); | 					{ | ||||||
|  | 						await SettingService.UpdateUserSettingsAsync(settings, user.UserId); | ||||||
|                     NavigationManager.NavigateTo(NavigateUrl()); | 						await logger.LogInformation("User Saved {User}", user); | ||||||
|  | 						NavigationManager.NavigateTo(NavigateUrl()); | ||||||
|  | 					} | ||||||
|  | 					else | ||||||
|  | 					{ | ||||||
|  | 						AddModuleMessage(Localizer["Message.Password.Complexity"], MessageType.Error); | ||||||
|  | 					} | ||||||
|                 } |                 } | ||||||
|                 else |                 else | ||||||
|                 { |                 { | ||||||
|  | |||||||
| @ -136,7 +136,7 @@ | |||||||
|     <value>Please Enter All Required Fields. Ensure Passwords Match And Email Address Provided Is Valid.</value> |     <value>Please Enter All Required Fields. Ensure Passwords Match And Email Address Provided Is Valid.</value> | ||||||
|   </data> |   </data> | ||||||
|   <data name="Message.Password.Invalid" xml:space="preserve"> |   <data name="Message.Password.Invalid" xml:space="preserve"> | ||||||
|     <value>The Password Provided Does Not Meet The Password Policy. Please Verify The Minimum Password Length And Complexity Requirements.</value> |     <value>The Password Provided Does Not Meet The Complexity Policy. Passwords Must Be At Least 6 Characters In Length And Contain Uppercase, Lowercase, Numeric, And Punctuation Characters.</value> | ||||||
|   </data> |   </data> | ||||||
|   <data name="Register" xml:space="preserve"> |   <data name="Register" xml:space="preserve"> | ||||||
|     <value>Please Register Me For Major Product Updates And Security Bulletins</value> |     <value>Please Register Me For Major Product Updates And Security Bulletins</value> | ||||||
|  | |||||||
| @ -120,6 +120,9 @@ | |||||||
|   <data name="Message.Password.Invalid" xml:space="preserve"> |   <data name="Message.Password.Invalid" xml:space="preserve"> | ||||||
|     <value>Passwords Entered Do Not Match</value> |     <value>Passwords Entered Do Not Match</value> | ||||||
|   </data> |   </data> | ||||||
|  |   <data name="Message.Password.Complexity" xml:space="preserve"> | ||||||
|  |     <value>Password Provided Does Not Meet The Complexity Policy</value> | ||||||
|  |   </data> | ||||||
|   <data name="From" xml:space="preserve"> |   <data name="From" xml:space="preserve"> | ||||||
|     <value>From</value> |     <value>From</value> | ||||||
|   </data> |   </data> | ||||||
|  | |||||||
| @ -120,6 +120,9 @@ | |||||||
|   <data name="Message.Password.NoMatch" xml:space="preserve"> |   <data name="Message.Password.NoMatch" xml:space="preserve"> | ||||||
|     <value>Passwords Entered Do Not Match</value> |     <value>Passwords Entered Do Not Match</value> | ||||||
|   </data> |   </data> | ||||||
|  |   <data name="Message.Password.Complexity" xml:space="preserve"> | ||||||
|  |     <value>Password Provided Does Not Meet The Complexity Policy</value> | ||||||
|  |   </data> | ||||||
|   <data name="Identity.Name" xml:space="preserve"> |   <data name="Identity.Name" xml:space="preserve"> | ||||||
|     <value>Identity</value> |     <value>Identity</value> | ||||||
|   </data> |   </data> | ||||||
|  | |||||||
| @ -247,17 +247,33 @@ namespace Oqtane.Controllers | |||||||
|                 if (identityuser != null) |                 if (identityuser != null) | ||||||
|                 { |                 { | ||||||
|                     identityuser.Email = user.Email; |                     identityuser.Email = user.Email; | ||||||
|  |                     var valid = true; | ||||||
|                     if (user.Password != "") |                     if (user.Password != "") | ||||||
|                     { |                     { | ||||||
|                         identityuser.PasswordHash = _identityUserManager.PasswordHasher.HashPassword(identityuser, user.Password); |                         var validator = new PasswordValidator<IdentityUser>(); | ||||||
|  |                         var result = await validator.ValidateAsync(_identityUserManager, null, user.Password); | ||||||
|  |                         valid = result.Succeeded; | ||||||
|  |                         if (valid) | ||||||
|  |                         { | ||||||
|  |                             identityuser.PasswordHash = _identityUserManager.PasswordHasher.HashPassword(identityuser, user.Password); | ||||||
|  |                         } | ||||||
|  |                     } | ||||||
|  |                     if (valid) | ||||||
|  |                     { | ||||||
|  |                         await _identityUserManager.UpdateAsync(identityuser); | ||||||
|  |  | ||||||
|  |                         user = _users.UpdateUser(user); | ||||||
|  |                         _syncManager.AddSyncEvent(_tenantManager.GetAlias().TenantId, EntityNames.User, user.UserId, SyncEventActions.Update); | ||||||
|  |                         _syncManager.AddSyncEvent(_tenantManager.GetAlias().TenantId, EntityNames.User, user.UserId, SyncEventActions.Refresh); | ||||||
|  |                         user.Password = ""; // remove sensitive information | ||||||
|  |                         _logger.Log(LogLevel.Information, this, LogFunction.Update, "User Updated {User}", user); | ||||||
|  |                     } | ||||||
|  |                     else | ||||||
|  |                     { | ||||||
|  |                         _logger.Log(user.SiteId, LogLevel.Error, this, LogFunction.Update, "Unable To Update User {Username}. Password Does Not Meet Complexity Requirements.", user.Username); | ||||||
|  |                         user = null; | ||||||
|                     } |                     } | ||||||
|                     await _identityUserManager.UpdateAsync(identityuser); |  | ||||||
|                 } |                 } | ||||||
|                 user = _users.UpdateUser(user); |  | ||||||
|                 _syncManager.AddSyncEvent(_tenantManager.GetAlias().TenantId, EntityNames.User, user.UserId, SyncEventActions.Update); |  | ||||||
|                 _syncManager.AddSyncEvent(_tenantManager.GetAlias().TenantId, EntityNames.User, user.UserId, SyncEventActions.Refresh); |  | ||||||
|                 user.Password = ""; // remove sensitive information |  | ||||||
|                 _logger.Log(LogLevel.Information, this, LogFunction.Update, "User Updated {User}", user); |  | ||||||
|             } |             } | ||||||
|             else |             else | ||||||
|             { |             { | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user
	 Shaun Walker
					Shaun Walker