I am building a system using Sitecore 7.5 and I would like to figure out a way to require a Sitecore user to change their password on next login. We have a custom profile that all users have and I have added a checkbox called "Password Change Required". And I added the code below to the LoggingIn pipeline. That way when a user attempts to login I can just redirect them to the built in Sitecore change password page.
public class PasswordChange
{
public void Process(LoggingInArgs args)
{
var user = Sitecore.Security.Accounts.User.FromName(args.Username, true);
var myCustomUser = new CustomUser(user.Profile);
if (myCustomUser.PasswordChangeRequired)
{
HttpContext.Current.Response.Redirect("/sitecore/login/changepassword.aspx");
}
}
}
That works fine. If I go in to User Manager and check that checkbox for a given user, then the next time they try to login they are redirected to the built in Sitecore page for changing your password. However I can't seem to figure out when I can uncheck that checkbox in their user profile. Ideally I would like to have code that runs after the user has finished changing their password. That code should uncheck the checkbox so that the next time they login they are not required to change their password.
Does anyone know if it is possible to somehow tie in to the built in Sitecore change password page so that I can have some code run after the user successfully changes their password and uncheck that checkbox in their user profile?
Or is there a better way to accomplish this?
Thanks, Corey
UPDATE: adding code that I used to solve the problem. I used the user:updated event as suggested by Anton below. I decided that if the user's password had been changed in the previous 30 seconds then that meant it was ok to uncheck the checkbox.
public class UserUpdatedHandler
{
protected void HandleUserUpdate(object sender, EventArgs args)
{
var user = (MembershipUserWrapper)Event.ExtractParameter(args, 0);
if (user != null)
{
// If this change was a password change and the Password Change Required checkbox is checked,
// then uncheck the Password Change Required checkbox
//First get a membership user object
var membershipUser = Membership.GetUser(user.UserName);
if (membershipUser != null)
{
//Now check the elapsed time since the last password change
var elapsedTimeSinceLastPasswordChange = DateTime.Now - membershipUser.LastPasswordChangedDate;
if (elapsedTimeSinceLastPasswordChange.TotalSeconds < 30)
{
//Get a Sitecore User
var sitecoreUser = User.FromName(user.UserName, true);
if (sitecoreUser != null)
{
//Create a custom user
var customUser = new CustomUser(sitecoreUser.Profile);
if (customUser.PasswordChangeRequired)
{
customUser.PasswordChangeRequired = false;
customUser.Save();
}
}
}
}
}
}
}
There is an event that should be triggered after user change(I believe that changing password will trigger this event): "user:updated". Within event handler you will be able to check "LastPasswordChangedDate" user property and determine was it password change or other change user action. If it is password change then you are able to uncheck that checkbox in user profile.