public override string ResetPassword()

in MySql.Web/src/MembershipProvider.cs [1143:1223]

• 71 lines of code
• 13 McCabe index (conditional complexity)

    public override string ResetPassword(string username, string answer)
    {
      if (!(EnablePasswordReset))
        throw new NotSupportedException(Properties.Resources.PasswordResetNotEnabled);

      try
      {
        using (MySqlConnection connection = new MySqlConnection(connectionString))
        {
          connection.Open();

          // fetch the userid first
          int userId = GetUserId(connection, username);
          if (-1 == userId)
            throw new ProviderException(Properties.Resources.UsernameNotFound);

          if (answer == null && RequiresQuestionAndAnswer)
          {
            UpdateFailureCount(userId, "PasswordAnswer", connection);
            throw new ProviderException(Properties.Resources.PasswordRequiredForReset);
          }

          string newPassword = Membership.GeneratePassword(newPasswordLength, MinRequiredNonAlphanumericCharacters);
          ValidatePasswordEventArgs Args = new ValidatePasswordEventArgs(username, newPassword, true);
          OnValidatingPassword(Args);
          if (Args.Cancel)
          {
            if (!(Args.FailureInformation == null))
              throw Args.FailureInformation;
            else
              throw new MembershipPasswordException(Properties.Resources.PasswordResetCanceledNotValid);
          }

          MySqlCommand cmd = new MySqlCommand(@"SELECT PasswordAnswer, 
                    PasswordKey, PasswordFormat, IsLockedOut 
                    FROM my_aspnet_membership WHERE userId=@userId", connection);
          cmd.Parameters.AddWithValue("@userId", userId);

          string passwordKey = String.Empty;
          MembershipPasswordFormat format;
          using (MySqlDataReader reader = cmd.ExecuteReader(CommandBehavior.SingleRow))
          {
            reader.Read();
            if (reader.GetBoolean("IsLockedOut"))
              throw new MembershipPasswordException(Properties.Resources.UserIsLockedOut);

            object passwordAnswer = reader.GetValue(reader.GetOrdinal("PasswordAnswer"));
            passwordKey = reader.GetString("PasswordKey");
            format = (MembershipPasswordFormat)reader.GetByte("PasswordFormat");
            reader.Close();

            if (RequiresQuestionAndAnswer)
            {
              if (!CheckPassword(answer, (string)passwordAnswer, passwordKey, format))
              {
                UpdateFailureCount(userId, "PasswordAnswer", connection);
                throw new MembershipPasswordException(Properties.Resources.IncorrectPasswordAnswer);
              }
            }
          }

          cmd.CommandText = @"UPDATE my_aspnet_membership 
                        SET Password = @pass, LastPasswordChangedDate = @lastPassChange
                        WHERE userId=@userId";

          cmd.Parameters.AddWithValue("@pass",
              EncodePassword(newPassword, passwordKey, format));
          cmd.Parameters.AddWithValue("@lastPassChange", DateTime.Now);
          int rowsAffected = cmd.ExecuteNonQuery();
          if (rowsAffected != 1)
            throw new MembershipPasswordException(Properties.Resources.ErrorResettingPassword);
          return newPassword;
        }
      }
      catch (MySqlException e)
      {
        if (WriteExceptionsToEventLog)
          WriteToEventLog(e, "ResetPassword");
        throw new ProviderException(exceptionMessage, e);
      }
    }