8541 password history (#8542)

* Added password history management to back office user password edit and made it working via IUserEventHandler calls. * Added "password" parameter to "ChangedPassword" call.
2026-01-19 17:51:45 +08:00 · 2022-03-18 12:26:19 +01:00
parent f2a8450d90
commit ffb56e684c
1 changed files with 17 additions and 4 deletions
--- a/src/Orchard.Web/Modules/Orchard.Users/Drivers/UserPartPasswordDriver.cs
+++ b/src/Orchard.Web/Modules/Orchard.Users/Drivers/UserPartPasswordDriver.cs
@@ -5,6 +5,7 @@ using Orchard.ContentManagement.Drivers;
 using Orchard.Environment.Extensions;
 using Orchard.Localization;
 using Orchard.Security;
 using Orchard.Users.Events;
 using Orchard.Users.Models;
 using Orchard.Users.Services;
 using Orchard.Users.ViewModels;
@@ -15,15 +16,18 @@ namespace Orchard.Users.Drivers {
    public class UserPartPasswordDriver : ContentPartDriver<UserPart> {
        private readonly IMembershipService _membershipService;
        private readonly IUserService _userService;
        private readonly IUserEventHandler _userEventHandler;
        public Localizer T { get; set; }
        public UserPartPasswordDriver(
            MembershipService membershipService,
-            IUserService userService) {
+            IUserService userService,
            IUserEventHandler userEventHandler) {
            _membershipService = membershipService;
            _userService = userService;
            _userEventHandler = userEventHandler;
            T = NullLocalizer.Instance;
        }
@@ -37,21 +41,30 @@ namespace Orchard.Users.Drivers {
        protected override DriverResult Editor(UserPart part, IUpdateModel updater, dynamic shapeHelper) {
            var editModel = new UserEditPasswordViewModel { User = part };
            var canUpdatePassword = true;
            if (updater != null) {
                if (updater.TryUpdateModel(editModel, Prefix, null, null)) {
                    if (!(string.IsNullOrEmpty(editModel.Password) && string.IsNullOrEmpty(editModel.ConfirmPassword))) {
                        if (string.IsNullOrEmpty(editModel.Password) || string.IsNullOrEmpty(editModel.ConfirmPassword)) {
                            updater.AddModelError("MissingPassword", T("Password or Confirm Password field is empty."));
                            canUpdatePassword = false;
                        } else {
                            if (editModel.Password != editModel.ConfirmPassword) {
                                updater.AddModelError("ConfirmPassword", T("Password confirmation must match."));
-                            }
+                                canUpdatePassword = false;
-                            var actUser = _membershipService.GetUser(part.UserName);
+                            }                            
                            _membershipService.SetPassword(actUser, editModel.Password);
                        }
                        IDictionary<string, LocalizedString> validationErrors;
                        if (!_userService.PasswordMeetsPolicies(editModel.Password, part, out validationErrors)) {
                            updater.AddModelErrors(validationErrors);
                            canUpdatePassword = false;
                        }
                        if (canUpdatePassword) {
                            var actUser = _membershipService.GetUser(part.UserName);
                            // I need to store current password in a variable to save it in the PasswordHistoryRepository.
                            _userEventHandler.ChangingPassword(actUser, editModel.Password);                         
                            _membershipService.SetPassword(actUser, editModel.Password);
                            _userEventHandler.ChangedPassword(actUser, editModel.Password);
                        }
                    }
                }