* instdbws.sql: Creates a new table to store

one time usage passwords

* NpgsqlMembershipProvider.cs: should fix a bug at resetting the
  password

* AccountController.cs: Allows the questions and answer to be
  specified for password recovery, at registration time

* RegisterClientModel.cs: Implements the Question and answer in the
  registration model

NpgsqlMRPProviders/ChangeLog

@@ -1,3 +1,8 @@
+2015-06-18  Paul Schneider  <paul@pschneider.fr>
+
+	* NpgsqlMembershipProvider.cs: should fix a bug at resetting
+	the password
+
 2015-06-10  Paul Schneider  <paul@pschneider.fr>
 
 	* NpgsqlMembershipProvider.cs: Fixes the Google registration

NpgsqlMRPProviders/NpgsqlMembershipProvider.cs

@@ -729,7 +729,6 @@ namespace Npgsql.Web
 		// and hydrates a MembershiUser from the values. Called by the 
 		// MembershipUser.GetUser implementation.
 		//
-
 		private MembershipUser GetUserFromReader (NpgsqlDataReader reader)
 		{
 			object providerUserKey = reader.GetValue (0);
@@ -870,10 +869,10 @@ namespace Npgsql.Web
 
 			using (NpgsqlConnection conn = new NpgsqlConnection (connectionString)) {
 				using (NpgsqlCommand cmd = new NpgsqlCommand ("SELECT PasswordAnswer, IsLockedOut FROM Users " +
-				" WHERE Username = @Username AND ApplicationName = @ApplicationName", conn)) {
+				" WHERE Username = :uname AND ApplicationName = :app", conn)) {
 
-					cmd.Parameters.AddWithValue ("@Username", NpgsqlDbType.Varchar, 255).Value = username;
-					cmd.Parameters.AddWithValue ("@ApplicationName", NpgsqlDbType.Varchar, 255).Value = pApplicationName;
+					cmd.Parameters.AddWithValue ("uname", username );
+					cmd.Parameters.AddWithValue ("app",  pApplicationName);
 
 
 					string passwordAnswer = "";
@@ -891,7 +890,7 @@ namespace Npgsql.Web
 						} else {
 							throw new MembershipPasswordException ("The supplied user name is not found.");
 						}
-
+						reader.Close ();
 						if (RequiresQuestionAndAnswer && !CheckPassword (answer, passwordAnswer)) {
 							UpdateFailureCount (username, "passwordAnswer");
 
@@ -909,7 +908,6 @@ namespace Npgsql.Web
 
 						rowsAffected = updateCmd.ExecuteNonQuery ();
 			
-						reader.Close ();
 					}
 					conn.Close ();
 				}

web/ApiControllers/AccountController.cs

@@ -54,8 +54,8 @@ namespace Yavsc.ApiControllers
 					model.UserName,
 					model.Password,
 					model.Email,
-					null,
-					null,
+					model.Question,
+					model.Answer,
 					model.IsApprouved,
 					out mcs);
 				switch (mcs) {

web/ChangeLog

@@ -1,3 +1,11 @@
+2015-06-18  Paul Schneider  <paul@pschneider.fr>
+
+	* instdbws.sql: Creates a new table to store one time usage
+	passwords
+
+	* AccountController.cs: Allows the questions and answer to be
+	specified for passw recovery
+
 2015-06-18  Paul Schneider  <paul@pschneider.fr>
 
 	* AccountController.cs: Register and reset passord from Web

web/instdbws.sql

@@ -690,3 +690,24 @@ WITH (
 );
 
 
+-- Table: passwrecovery
+
+-- DROP TABLE passwrecovery;
+
+CREATE TABLE passwrecovery
+(
+  pkid character varying NOT NULL,
+  one_time_pass character varying(512) NOT NULL,
+  creation timestamp with time zone NOT NULL,
+  CONSTRAINT passwrecovery_pkey PRIMARY KEY (pkid),
+  CONSTRAINT passwrecovery_pkid_fkey FOREIGN KEY (pkid)
+      REFERENCES users (pkid) MATCH SIMPLE
+      ON UPDATE CASCADE ON DELETE CASCADE
+)
+WITH (
+  OIDS=FALSE
+);
+
+
+
+

yavscModel/ChangeLog

@@ -1,3 +1,8 @@
+2015-06-18  Paul Schneider  <paul@pschneider.fr>
+
+	* RegisterClientModel.cs: Implements the Question and answer
+	in the registration model
+
 2015-06-18  Paul Schneider  <paul@pschneider.fr>
 
 	* YavscModel.csproj:

yavscModel/RolesAndMembers/RegisterClientModel.cs

@@ -67,5 +67,9 @@ namespace Yavsc.Model.RolesAndMembers
 		/// <value>The mobile.</value>
 		[DisplayName("Téléphone mobile")]
 		public string Mobile { get; set; }
+
+		public string Question { get; set; }
+
+		public string Answer { get; set; }
 	}
 }