Posted on 27/02/2019 15:35:58
Hi Shiwanka
You have the Notifications.Standard.User.OnExtranetLoginFailed notification that will provide some more information - see http://doc.dynamicweb.com/api/html/cc8eb210-15a0-127a-08d0-02510c455e27.htm
It has a failed reason that you can see here: http://doc.dynamicweb.com/api/html/06b48c0a-31af-cc6a-9992-9efbaed0dba1.htm
But it will not reveal if it is username, password, active, period etc. that is not being met. That is a security measurement - you would not want to reveal that username is right, or password works but user is not activated as it can be used in brute force situations.
You can however query the database for information - check the auth code here for hints - the user has a token on them and has active=false if they have not been email verified:
public static new User Authenticate(string userName, string password, PermissionLevels permissionLevel, string shopID, bool updatePassword)
{
var commandBuilder = CommandBuilder.Create("SELECT * FROM [AccessUser] WHERE [AccessUserUserName] = {0} AND [AccessUserType] IN ({1})", userName, GetUserTypes(true));
if (permissionLevel == PermissionLevels.Frontend)
{
commandBuilder.Add("AND [AccessUserActive] = 1");
}
if (Converter.ToBoolean(SystemConfiguration.Instance.GetValue("/Globalsettings/Ecom/Users/IncludeShopIdInExtranetLogIn")))
{
if (!string.IsNullOrEmpty(shopID))
{
commandBuilder.Add("AND (");
commandBuilder.Add(" ( [AccessUserShopID] = {0} )", shopID);
commandBuilder.Add(" OR ( [AccessUserShopID] IS NULL )");
commandBuilder.Add(" OR ( [AccessUserShopID] = {0} )", "");
commandBuilder.Add(")");
}
}
User user = GetUser(commandBuilder);
if (user == null)
{
//No user with that user name
return null;
}
if (!(password == user.Password || Crypto.EncryptPassword(password, UserPasswordHashAlgorithm.MD5) == user.Password || Crypto.EncryptPassword(password, UserPasswordHashAlgorithm.SHA512) == user.Password))
{
//Password does not match
return null;
}
if (user.IsBuiltInAdmin || user.IsAngel)
{
//Admin and Administrator don't need to check for Active, ValidFrom and ValidTo
if (user.IsAngel)
{
if (user.UserName != "Angel" && user.UserName != "Administrator")
{
//Only angel and administrator can have usertype 0
return null;
}
}
return user;
}
if (user.Active &&
user.ValidFrom.CompareTo(DateTime.Now) <= 0 &&
user.ValidTo.CompareTo(DateTime.Now) >= 0 &&
(permissionLevel == PermissionLevels.Frontend || user.AllowBackendWithInheritance))
{
//User is authenticated
//Re-encrypt password to SHA512 hash if password encryption is enabled and SHA512 is chosen and password length is not 128 characters.
if (updatePassword && SystemConfiguration.Instance.GetBoolean("/Globalsettings/Modules/Users/EncryptPassword"))
{
var hashAlgorithm = UserPasswordHashAlgorithm.MD5;
Enum.TryParse(SystemConfiguration.Instance.GetValue("/Globalsettings/Modules/Users/EncryptPasswordHash"), out hashAlgorithm);
if (user.Password.Length != 32 && user.Password.Length != 128 && user.Password.Length <= 1000)
{
user.Password = Crypto.EncryptPassword(user.Password, hashAlgorithm);
var cbUpdatePassword = new CommandBuilder();
cbUpdatePassword.Add("UPDATE [AccessUser]");
cbUpdatePassword.Add("SET [AccessUserPassword] = {0}", user.Password);
cbUpdatePassword.Add("WHERE ( [AccessUser].[AccessUserID] = {0} )", user.ID);
Database.ExecuteNonQuery(cbUpdatePassword);
}
}
return user;
}
//User is not authenticated
return null;
}
BR Nicolai
