diff --git a/src/Umbraco.Core/Security/MembershipProviderBase.cs b/src/Umbraco.Core/Security/MembershipProviderBase.cs
index b21e1ed866..f5ba315177 100644
--- a/src/Umbraco.Core/Security/MembershipProviderBase.cs
+++ b/src/Umbraco.Core/Security/MembershipProviderBase.cs
@@ -389,52 +389,69 @@ namespace Umbraco.Core.Security
/// Ensures the ValidatingPassword event is executed before executing PerformCreateUser and performs basic membership provider validation of values.
///
public sealed override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
+ {
+ var valStatus = ValidateNewUser(username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey);
+ if (valStatus != MembershipCreateStatus.Success)
+ {
+ status = valStatus;
+ return null;
+ }
+
+ return PerformCreateUser(username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey, out status);
+ }
+
+ ///
+ /// Performs the validation of the information for creating a new user
+ ///
+ ///
+ ///
+ ///
+ ///
+ ///
+ ///
+ ///
+ ///
+ protected MembershipCreateStatus ValidateNewUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey)
{
var args = new ValidatePasswordEventArgs(username, password, true);
OnValidatingPassword(args);
if (args.Cancel)
{
- status = MembershipCreateStatus.InvalidPassword;
- return null;
+ return MembershipCreateStatus.InvalidPassword;
}
// Validate password
var passwordValidAttempt = IsPasswordValid(password, MinRequiredNonAlphanumericCharacters, PasswordStrengthRegularExpression, MinRequiredPasswordLength);
if (passwordValidAttempt.Success == false)
{
- status = MembershipCreateStatus.InvalidPassword;
- return null;
+ return MembershipCreateStatus.InvalidPassword;
}
// Validate email
if (IsEmailValid(email) == false)
{
- status = MembershipCreateStatus.InvalidEmail;
- return null;
+ return MembershipCreateStatus.InvalidEmail;
}
// Make sure username isn't all whitespace
if (string.IsNullOrWhiteSpace(username.Trim()))
{
- status = MembershipCreateStatus.InvalidUserName;
- return null;
+ return MembershipCreateStatus.InvalidUserName;
}
// Check password question
if (string.IsNullOrWhiteSpace(passwordQuestion) && RequiresQuestionAndAnswer)
{
- status = MembershipCreateStatus.InvalidQuestion;
- return null;
+ return MembershipCreateStatus.InvalidQuestion;
}
// Check password answer
if (string.IsNullOrWhiteSpace(passwordAnswer) && RequiresQuestionAndAnswer)
{
- status = MembershipCreateStatus.InvalidAnswer;
- return null;
+ return MembershipCreateStatus.InvalidAnswer;
}
- return PerformCreateUser(username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey, out status);
+ return MembershipCreateStatus.Success;
}
///
diff --git a/src/Umbraco.Core/Security/UmbracoMembershipProviderBase.cs b/src/Umbraco.Core/Security/UmbracoMembershipProviderBase.cs
index 2b0b128b1c..6cbd12f448 100644
--- a/src/Umbraco.Core/Security/UmbracoMembershipProviderBase.cs
+++ b/src/Umbraco.Core/Security/UmbracoMembershipProviderBase.cs
@@ -48,8 +48,13 @@ namespace Umbraco.Core.Security
public MembershipUser CreateUser(string memberTypeAlias, string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
//do the base validation first
- base.CreateUser(username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey, out status);
-
+ var valStatus = ValidateNewUser(username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey);
+ if (valStatus != MembershipCreateStatus.Success)
+ {
+ status = valStatus;
+ return null;
+ }
+
return PerformCreateUser(memberTypeAlias, username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey, out status);
}
diff --git a/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs b/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs
index 183e5b0e4f..35092f6bb6 100644
--- a/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs
+++ b/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs
@@ -59,7 +59,7 @@ namespace Umbraco.Tests.Membership
provider.Initialize("test", new NameValueCollection());
MembershipCreateStatus status;
- var user = provider.CreateUser("test", "test", "test", "test@test.com", "test", "test", true, "test", out status);
+ var user = provider.CreateUser("test", "test", "testtest$1", "test@test.com", "test", "test", true, "test", out status);
Assert.IsNull(user);
}
@@ -75,7 +75,7 @@ namespace Umbraco.Tests.Membership
provider.Initialize("test", new NameValueCollection { { "requiresUniqueEmail", "true" } });
MembershipCreateStatus status;
- var user = provider.CreateUser("test", "test", "test", "test@test.com", "test", "test", true, "test", out status);
+ var user = provider.CreateUser("test", "test", "testtest$1", "test@test.com", "test", "test", true, "test", out status);
Assert.IsNull(user);
}
@@ -105,7 +105,7 @@ namespace Umbraco.Tests.Membership
MembershipCreateStatus status;
- provider.CreateUser("test", "test", "test", "test@test.com", "test", "test", true, "test", out status);
+ provider.CreateUser("test", "test", "testtest$1", "test@test.com", "test", "test", true, "test", out status);
Assert.AreNotEqual("test", createdMember.PasswordAnswer);
Assert.AreEqual(provider.EncryptString("test"), createdMember.PasswordAnswer);
@@ -137,11 +137,11 @@ namespace Umbraco.Tests.Membership
MembershipCreateStatus status;
- provider.CreateUser("test", "test", "test", "test@test.com", "test", "test", true, "test", out status);
+ provider.CreateUser("test", "test", "testtest$1", "test@test.com", "test", "test", true, "test", out status);
Assert.AreNotEqual("test", createdMember.Password);
var decrypted = provider.DecryptPassword(createdMember.Password);
- Assert.AreEqual("test", decrypted);
+ Assert.AreEqual("testtest$1", decrypted);
}
[Test]
@@ -170,13 +170,13 @@ namespace Umbraco.Tests.Membership
MembershipCreateStatus status;
- provider.CreateUser("test", "test", "test", "test@test.com", "test", "test", true, "test", out status);
+ provider.CreateUser("test", "test", "testtest$1", "test@test.com", "test", "test", true, "test", out status);
Assert.AreNotEqual("test", createdMember.Password);
string salt;
var storedPassword = provider.StoredPassword(createdMember.Password, out salt);
- var hashedPassword = provider.EncryptOrHashPassword("test", salt);
+ var hashedPassword = provider.EncryptOrHashPassword("testtest$1", salt);
Assert.AreEqual(hashedPassword, storedPassword);
}
diff --git a/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs
index ad9d5bf52e..4b0b31a71c 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs
@@ -134,8 +134,8 @@ namespace Umbraco.Tests.Persistence.Repositories
var resolved = (User)repository.Get((int)user.Id);
resolved.Name = "New Name";
- //the db column is not used, default permissions are taken from the user type's permissions, this is a getter only
- //resolved.DefaultPermissions = "ZYX";
+ //the db column is not used, default permissions are taken from the user type's permissions, this is a getter only
+ //resolved.DefaultPermissions = "ZYX";
resolved.Language = "fr";
resolved.IsApproved = false;
resolved.Password = "new";
@@ -153,7 +153,7 @@ namespace Umbraco.Tests.Persistence.Repositories
// Assert
Assert.That(updatedItem.Id, Is.EqualTo(resolved.Id));
Assert.That(updatedItem.Name, Is.EqualTo(resolved.Name));
- //Assert.That(updatedItem.DefaultPermissions, Is.EqualTo(resolved.DefaultPermissions));
+ //Assert.That(updatedItem.DefaultPermissions, Is.EqualTo(resolved.DefaultPermissions));
Assert.That(updatedItem.Language, Is.EqualTo(resolved.Language));
Assert.That(updatedItem.IsApproved, Is.EqualTo(resolved.IsApproved));
Assert.That(updatedItem.Password, Is.EqualTo(resolved.Password));