Nucleus .Net Core CMS

Models.UserSecrets Class

Namespace: Nucleus.Abstractions.Models
Assembly: Nucleus.Abstractions.dll
Represents password and other user-login information.

Properties

PasswordHash Property

User's password hash.

PasswordHashAlgorithm Property

Algorithm used to create the PasswordHash.

PasswordResetToken Property

Auto-generated token used for password resets.

PasswordExpiryDate Property

Expiry date/time for the password. When a password is expired, the user must enter a new password the next time they log in.

PasswordResetTokenExpiryDate Property

Expiry date/time for PasswordResetToken

VerificationToken Property

Auto-generated token used for new user verification.

VerificationTokenExpiryDate Property

Expiry date/time for VerificationToken

PasswordQuestion Property

Not in use

PasswordAnswer Property

Not in use

LastLoginDate Property

Date/time of the last successful login.

LastPasswordChangedDate Property

Date/time that the user last changed their password.

LastLockoutDate Property

Date/Time of the last lockout for the user.
Remarks
Users are locked out for a configurable period of time after a configurable number of failed password attempts.

IsLockedOut Property

Gets or sets whether the user is locked out.

FailedPasswordAttemptCount Property

Gets or sets the number of times that the user has entered the wrong password, within the configured time window.

FailedPasswordWindowStart Property

Gets or sets the date/time of the first password attempt failure, within the configured time window.

FailedPasswordAnswerAttemptCount Property

Not in use

FailedPasswordAnswerWindowStart Property

Not in use

Salt Property

Random value used by the hash algorithm.

Methods

VerifyPassword (String) Method

VerifyPassword (String password)
Compare the submitted password with the user's saved password.
Parameters
Name Type
password String
Remarks
Login modules should use Nucleus.Core.UserManager.VerifyPassword rather than calling this function directly, because UserManager.VerifyPassword tracks login failures and manages account suspension. If the user 'secrets' record has a blank password or blank password hash algorithm, this function always returns false, because users without a password cannot login using the login module. Users can have no password if they are authenticated by a different method such as OAuth, or an Authenticator app.

SetPassword (String) Method

SetPassword (String newPassword)
Set the password for the user.
Parameters
Name Type
newPassword String
Remarks
Use SetPassword rather than this function. The UserManager method sets other properties like the password expiry date.