IAuthenticationService
Describes IAuthenticationService in Optimizely Configured Commerce.
Code Sample
[DependencyName(nameof(ChangePasswordWithToken))]
public sealed class ChangePasswordWithToken : HandlerBase<UpdateSessionParameter, UpdateSessionResult>
{
private readonly Lazy<IAuthenticationService> authenticationService;
public ChangePasswordWithToken(Lazy<IAuthenticationService> authenticationService)
{
this.authenticationService = authenticationService;
}
public override int Order => 800;
public override UpdateSessionResult Execute(IUnitOfWork unitOfWork, UpdateSessionParameter parameter, UpdateSessionResult result)
{
if (parameter.ResetToken.IsBlank() || parameter.NewPassword.IsBlank())
{
return this.NextHandler.Execute(unitOfWork, parameter, result);
}
if (parameter.UserName.IsBlank())
{
return this.CreateErrorServiceResult(result, SubCode.AccountServiceUserProfileNotFound, MessageProvider.Current.User_Not_Found);
}
if (!this.authenticationService.Value.IsValidPassword(parameter.NewPassword))
{
return this.CreateErrorServiceResult(result, SubCode.AccountServicePasswordDoesNotMeetComplexity, MessageProvider.Current.ChangePasswordInfo_Password_Not_Meet_Requirements);
}
if (!this.authenticationService.Value.ResetPasswordForUser(parameter.UserName, parameter.NewPassword, parameter.ResetToken))
{
return this.CreateErrorServiceResult(result, SubCode.AccountServiceUnableToChangePassword, MessageProvider.Current.ChangePasswordInfo_Unable_To_Change_Password);
}
var userProfile = unitOfWork.GetTypedRepository<IUserProfileRepository>().GetByNaturalKey(parameter.UserName);
if (userProfile == null)
{
return this.CreateErrorServiceResult(result, SubCode.AccountServiceAccountDoesNotExist, MessageProvider.Current.Forgot_Password_Error);
}
this.authenticationService.Value.UnlockUser(parameter.UserName);
userProfile.PasswordChangedOn = DateTimeProvider.Current.Now;
userProfile.IsPasswordChangeRequired = false;
userProfile.ActivationStatus = UserActivationStatus.Activated.ToString();
return this.NextHandler.Execute(unitOfWork, parameter, result);
}
}
The example below is a handler that password data from a user resetting his or her current password to a new password. A reset token is expected, which is appended to the password reset URL previously generated using the IAuthenticationService.GeneratePasswordResetUrl method.
Example
- True the supplied reset token is valid.
Returns
- userName – The username to use when validating the reset token.
- resetToken – The reset token to validate.
Parameters
bool VerifyPasswordResetTokenForUser(string userName, string resetToken)
Indicates whether or not the supplied reset token is valid.
VerifyPasswordResetTokenForUser(string, string)
- True if the credentials are valid.
Returns
- userName – The username to validate.
- password – The password to validate.
Parameters
bool ValidateUser(string userName, string password)
Validates the specified user credentials.
ValidateUser(string, string)
- True if the username is already being used by an existing user.
Returns
- userName – The username to check against existing users.
Parameters
bool UserNameAlreadyExists(string userName)
Checks if a username is already being used by an existing user.
UserNameAlreadyExists(string)
- An empty string if the update was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the update.
Returns
- userName – The username of the user for which the email address should be updated.
- email – The new email address for the user.
Parameters
string UpdateUser(string userName, string email)
Updates the email address for the user.
UpdateUser(string, string)
- userName – The username of the user for which the account should be unlocked.
Parameters
void UnlockUser(string userName)
Unlocks the account for the user. The account should be locked out in order for this to work.
UnlockUser(string)
void SignOut()
Ends the currently authenticated user's session.
SignOut()
- userName – The username of the user to authenticate.
Parameters
void SetUserAsAuthenticated(string userName)
Authenticates the specified user. This is used during impersonation, access token validation, and punchout session initialization.
SetUserAsAuthenticated(string)
- True if the role exists in the application.
Returns
- roleName – The name of the role to check for existence.
Parameters
bool RoleExists(string roleName)
Indicates whether or not the role exists in the application.
RoleExists(string)
- True if the password change was successful.
Returns
- userName – The username of the user for which the password should be changed.
- newPassword – The new password to use for the user's account.
- resetToken – The reset token generated previously for the user to change his or her password.
Parameters
bool ResetPasswordForUser(string userName, string newPassword, string resetToken)
Changes the password for a user, assuming the reset token is valid.
ResetPasswordForUser(string, string, string)
- The new password for the user's account.
Returns
- userName – The username of the user for which the password should be reset.
Parameters
string ResetPassword(string userName)
Resets the current user's password to a randomly-generated, valid password.
ResetPassword(string)
- True if email addresses must be unique among all users.
Returns
bool RequiresUniqueEmail()
In regards to account creation, indicates whether or not email addresses must be unique among all users.
RequiresUniqueEmail()
- True if a security question and answer are required.
Returns
bool RequiresQuestionAndAnswer()
In regards to account creation, indicates whether or not a security question and answer are required.
RequiresQuestionAndAnswer()
An empty string if the unassignment was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the unassignment.
Returns
- userName – The username of the user for which to unassign the role.
- roleName – The name of the role to unassign from the user.
Parameters
string RemoveUserFromRole(string userName, string roleName)
Unassigns the role from the user.
RemoveUserFromRole(string, string)
- The minimum number of uppercase characters required for a valid password.
Returns
int MinRequiredUppercaseCharacters()
In regards to password complexity, returns the minimum number of uppercase characters required for a valid password.
MinRequiredUppercaseCharacters()
- The minimum length required for a valid password.
Returns
int MinRequiredPasswordLength()
In regards to password complexity, returns the minimum length (total number of characters) required for a valid password.
MinRequiredPasswordLength()
- The minimum number of non-alphanumeric characters required for a valid password.
Returns
int MinRequiredNonAlphanumericCharacters()
In regards to password complexity, returns the minimum number of non-alphanumeric characters required for a valid password.
MinRequiredNonAlphanumericCharacters()
- The minimum number of lowercase characters required for a valid password.
Returns
int MinRequiredLowercaseCharacters()
In regards to password complexity, returns the minimum number of lowercase characters required for a valid password.
MinRequiredLowercaseCharacters()
- The minimum number of digits required for a valid password.
Returns
int MinRequiredDigits()
In regards to password complexity, returns the minimum number of digits required for a valid password.
MinRequiredDigits()
- userName – The username of the user to lock out.
Parameters
void LockUserOut(string userName)
Locks a user out of the application. For Admin Console users, this will apply to the Admin Console. For Storefront users, this will apply to the Storefront.
LockUserOut(string)
- True if the password meets the complexity requirements.
Returns
- password – The password to check for validity.
Parameters
bool IsValidPassword(string password)
Check a password to see if it meets complexity requirements.
IsValidPassword(string)
- True if the role is assigned to the user.
Returns
- userName – The username of the user for which to check for the role assignment.
- roleName – The name of the role to check for the role assignment.
Parameters
bool IsUserInRole(string userName, string roleName)
Indicates whether or not the role is assigned to the user.
IsUserInRole(string, string)
- True if the current user is locked out of the application.
Returns
- userName – The username of the user for which to check the locked out status.
Parameters
bool IsLockedOut(string userName)
Returns whether or not the current user is locked out of the application. This can check the status of both Admin Console and Storefront users.
IsLockedOut(string)
- True if the current user is currently authenticated.
Returns
bool IsAuthenticated()
Returns whether or not the current user is currently authenticated.
IsAuthenticated()
- The roles assigned to a user.
Returns
- userName – The username of the user for which to return assigned roles.
Parameters
IList<RoleDto> GetRolesForUser(string userName)
Gets the roles assigned to a user.
GetRolesForUser(string)
- All users who have any of the specified roles assigned.
Returns
- roles – The collection of rolenames to use when searching for users.
Parameters
IEnumerable<string> GetAllUsersWithRoles(IEnumerable<string> roles)
Returns all users who have any of the specified roles assigned.
GetAllUsersWithRoles(IEnumerable<string>)
Collection of available roles.
Returns
ReadOnlyCollection<RoleDto> GetAllRoles()
Returns all the roles available in the application.
GetAllRoles()
- A password reset URL that includes a reset token.
Returns
- userName – The user name of the user for which to generate a password reset URL.
- isReset – True if the URL is for a password reset operation, otherwise for an account activation operation.
Parameters
string GeneratePasswordResetUrl(string userName, bool isReset)
Generates a password reset URL for the specified user. The user can use the URL to reset his or her account password.
GeneratePasswordResetUrl(string, bool)
- A valid password.
Returns
string GeneratePassword()
Generates a valid password based on password complexity requirements.
GeneratePassword()
- True if the email address is already being used.
Returns
- email – The email address to check against existing users.
Parameters
bool EmailAlreadyExists(string email)
Checks if an email address is already being used by an existing user.
EmailAlreadyExists(string)
- An empty string if the delete was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the delete.
Returns
- userName – The username of the user to delete.
Parameters
string DeleteUser(string userName)
Deletes the specified user.
DeleteUser(string)
- An empty string if the delete was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the delete.
Returns
- roleName – The name of the role to delete.
Parameters
string DeleteRole(string roleName)
Deletes the specified role.
DeleteRole(string)
- An empty string if the operation was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the operation.
Returns
- userName – The username to use when creating the user.
- email – The email address to use when creating the user.
- password – The password to be used for the user's account.
Parameters
string CreateUser(string userName, string email, string password)
Creates a new user using the specified password.
CreateUser(string, string, string)
- An empty string if the operation was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the operation.
Returns
- userName – The username to use when creating the user.
- email – The email address to use when creating the user.
Parameters
string CreateUser(string userName, string email)
Creates a new user without a password.
CreateUser(string, string)
- An empty string if the assignment was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the operation.
Returns
- roleName – The name of the role to create.
Parameters
string CreateRole(string roleName)
Creates a new role with the specified role name.
CreateRole(string)
- True if the change was successful.
Returns
- userName – The username of the user whose password should be changed.
- oldPassword – The user's current password.
- newPassword – The new password to be used for the user's account.
Parameters
bool ChangePassword(string userName, string oldPassword, string newPassword)
Changes the password for the specified user.
ChangePassword(string, string, string)
- True if usernames are only allowed to contain alphanumeric characters.
Returns
bool AllowOnlyAlphanumericUserNames()
Indicates whether or not usernames for users are only allowed to contain alphanumeric characters.
AllowOnlyAlphanumericUserNames()
- An empty string if the assignment was successful. Otherwise, it returns a comma-delimited string of error messages that resulted from the assignment.
Returns
- userName – The username of the user who should be assigned the role.
- roleName – The name of the role to assign to the user.
Parameters
string AddUserToRole(string userName, string roleName)
Assigns a role to a user.
AddUserToRole(string, string)
Methods
IIdentity Identity { get; }
Gets the identity for the currently authenticated user.
Identity
Properties
The Authentication abstraction layer.
Description
Updated over 1 year ago