From 5293ac14f6cdce54aff5a774750c097c4ebcfc91 Mon Sep 17 00:00:00 2001 From: rallman Date: Wed, 23 Jul 2014 16:36:53 -0500 Subject: [PATCH 1/2] Expose VerificationKeyStaleDurationMinutes to web.config The 20 minute default is too short. --- .../AccountService/UserAccountService.cs | 2 +- .../Configuration/MembershipRebootConfiguration.cs | 2 ++ .../Configuration/SecuritySettings.cs | 8 ++++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/BrockAllen.MembershipReboot/AccountService/UserAccountService.cs b/src/BrockAllen.MembershipReboot/AccountService/UserAccountService.cs index b6583099..b35d4c6d 100644 --- a/src/BrockAllen.MembershipReboot/AccountService/UserAccountService.cs +++ b/src/BrockAllen.MembershipReboot/AccountService/UserAccountService.cs @@ -1965,7 +1965,7 @@ protected virtual bool IsVerificationKeyStale(TAccount account) return true; } - if (account.VerificationKeySent < UtcNow.AddMinutes(-MembershipRebootConstants.UserAccount.VerificationKeyStaleDurationMinutes)) + if (account.VerificationKeySent < UtcNow.AddMinutes(-Configuration.VerificationKeyStaleDurationMinutes)) { return true; } diff --git a/src/BrockAllen.MembershipReboot/Configuration/MembershipRebootConfiguration.cs b/src/BrockAllen.MembershipReboot/Configuration/MembershipRebootConfiguration.cs index 828d8f46..69322ae6 100644 --- a/src/BrockAllen.MembershipReboot/Configuration/MembershipRebootConfiguration.cs +++ b/src/BrockAllen.MembershipReboot/Configuration/MembershipRebootConfiguration.cs @@ -30,6 +30,7 @@ public MembershipRebootConfiguration(SecuritySettings securitySettings) this.AllowAccountDeletion = securitySettings.AllowAccountDeletion; this.PasswordHashingIterationCount = securitySettings.PasswordHashingIterationCount; this.PasswordResetFrequency = securitySettings.PasswordResetFrequency; + this.VerificationKeyStaleDurationMinutes = securitySettings.VerificationKeyStaleDurationMinutes; this.Crypto = new DefaultCrypto(); } @@ -45,6 +46,7 @@ public MembershipRebootConfiguration(SecuritySettings securitySettings) public bool AllowAccountDeletion { get; set; } public int PasswordHashingIterationCount { get; set; } public int PasswordResetFrequency { get; set; } + public int VerificationKeyStaleDurationMinutes { get; set; } AggregateValidator usernameValidators = new AggregateValidator(); public void RegisterUsernameValidator(params IValidator[] items) diff --git a/src/BrockAllen.MembershipReboot/Configuration/SecuritySettings.cs b/src/BrockAllen.MembershipReboot/Configuration/SecuritySettings.cs index bc63c950..3813da93 100644 --- a/src/BrockAllen.MembershipReboot/Configuration/SecuritySettings.cs +++ b/src/BrockAllen.MembershipReboot/Configuration/SecuritySettings.cs @@ -51,6 +51,7 @@ static SecuritySettings GetConfigSection() private const string ALLOWACCOUNTDELETION = "allowAccountDeletion"; private const string PASSWORDHASHINGITERATIONCOUNT = "passwordHashingIterationCount"; private const string PASSWORDRESETFREQUENCY = "passwordResetFrequency"; + private const string VERIFICATIONKEYSTALEDURATIONMINUTES = "verificationKeyStaleDurationMinutes"; [ConfigurationProperty(MULTITENANT, DefaultValue = MembershipRebootConstants.SecuritySettingDefaults.MultiTenant)] public bool MultiTenant @@ -128,5 +129,12 @@ public int PasswordResetFrequency get { return (int)this[PASSWORDRESETFREQUENCY]; } set { this[PASSWORDRESETFREQUENCY] = value; } } + + [ConfigurationProperty(PASSWORDRESETFREQUENCY, DefaultValue = MembershipRebootConstants.UserAccount.VerificationKeyStaleDurationMinutes)] + public int VerificationKeyStaleDurationMinutes + { + get { return (int)this[VERIFICATIONKEYSTALEDURATIONMINUTES]; } + set { this[VERIFICATIONKEYSTALEDURATIONMINUTES] = value; } + } } } From a5f135f3f8f6f347c7c72fcf6c4767b11280a16a Mon Sep 17 00:00:00 2001 From: rallman Date: Wed, 23 Jul 2014 17:02:25 -0500 Subject: [PATCH 2/2] Missed an edit --- .../Configuration/SecuritySettings.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/BrockAllen.MembershipReboot/Configuration/SecuritySettings.cs b/src/BrockAllen.MembershipReboot/Configuration/SecuritySettings.cs index 3813da93..38e819c3 100644 --- a/src/BrockAllen.MembershipReboot/Configuration/SecuritySettings.cs +++ b/src/BrockAllen.MembershipReboot/Configuration/SecuritySettings.cs @@ -130,7 +130,7 @@ public int PasswordResetFrequency set { this[PASSWORDRESETFREQUENCY] = value; } } - [ConfigurationProperty(PASSWORDRESETFREQUENCY, DefaultValue = MembershipRebootConstants.UserAccount.VerificationKeyStaleDurationMinutes)] + [ConfigurationProperty(VERIFICATIONKEYSTALEDURATIONMINUTES, DefaultValue = MembershipRebootConstants.UserAccount.VerificationKeyStaleDurationMinutes)] public int VerificationKeyStaleDurationMinutes { get { return (int)this[VERIFICATIONKEYSTALEDURATIONMINUTES]; }