8541 password history (#8542)

* Added password history management to back office user password edit and made it working via IUserEventHandler calls. * Added "password" parameter to "ChangedPassword" call.
2026-01-19 09:42:29 +08:00 · 2022-03-18 12:26:19 +01:00
parent f2a8450d90
commit ffb56e684c
1 changed files with 17 additions and 4 deletions
--- a/src/Orchard.Web/Modules/Orchard.Users/Drivers/UserPartPasswordDriver.cs
+++ b/src/Orchard.Web/Modules/Orchard.Users/Drivers/UserPartPasswordDriver.cs
@@ -5,6 +5,7 @@ using Orchard.ContentManagement.Drivers;
 using Orchard.Environment.Extensions;
 using Orchard.Localization;
 using Orchard.Security;
+using Orchard.Users.Events;
 using Orchard.Users.Models;
 using Orchard.Users.Services;
 using Orchard.Users.ViewModels;
@@ -15,15 +16,18 @@ namespace Orchard.Users.Drivers {
    public class UserPartPasswordDriver : ContentPartDriver<UserPart> {
        private readonly IMembershipService _membershipService;
        private readonly IUserService _userService;
+        private readonly IUserEventHandler _userEventHandler;

        public Localizer T { get; set; }

        public UserPartPasswordDriver(
            MembershipService membershipService,
-            IUserService userService) {
+            IUserService userService,
+            IUserEventHandler userEventHandler) {

            _membershipService = membershipService;
            _userService = userService;
+            _userEventHandler = userEventHandler;
            T = NullLocalizer.Instance;
        }

@@ -37,21 +41,30 @@ namespace Orchard.Users.Drivers {

        protected override DriverResult Editor(UserPart part, IUpdateModel updater, dynamic shapeHelper) {
            var editModel = new UserEditPasswordViewModel { User = part };
+            var canUpdatePassword = true;
            if (updater != null) {
                if (updater.TryUpdateModel(editModel, Prefix, null, null)) {
                    if (!(string.IsNullOrEmpty(editModel.Password) && string.IsNullOrEmpty(editModel.ConfirmPassword))) {
                        if (string.IsNullOrEmpty(editModel.Password) || string.IsNullOrEmpty(editModel.ConfirmPassword)) {
                            updater.AddModelError("MissingPassword", T("Password or Confirm Password field is empty."));
+                            canUpdatePassword = false;
                        } else {
                            if (editModel.Password != editModel.ConfirmPassword) {
                                updater.AddModelError("ConfirmPassword", T("Password confirmation must match."));
-                            }
-                            var actUser = _membershipService.GetUser(part.UserName);
-                            _membershipService.SetPassword(actUser, editModel.Password);
+                                canUpdatePassword = false;
+                            }                            
                        }
                        IDictionary<string, LocalizedString> validationErrors;
                        if (!_userService.PasswordMeetsPolicies(editModel.Password, part, out validationErrors)) {
                            updater.AddModelErrors(validationErrors);
+                            canUpdatePassword = false;
+                        }
+                        if (canUpdatePassword) {
+                            var actUser = _membershipService.GetUser(part.UserName);
+                            // I need to store current password in a variable to save it in the PasswordHistoryRepository.
+                            _userEventHandler.ChangingPassword(actUser, editModel.Password);                         
+                            _membershipService.SetPassword(actUser, editModel.Password);
+                            _userEventHandler.ChangedPassword(actUser, editModel.Password);
                        }
                    }
                }