search

holyprin / Holyprin.Web.Security

ASP.NET Code-First Membership Provider with basic model abstraction
12 stars 3 forks source link

Change Password SQL Error #4

Closed rcarrico closed 12 years ago

rcarrico commented 12 years ago

In the current version 2.1.0.1 I'm getting an error when calling 

changePasswordSucceeded = currentUser.ChangePassword(model.OldPassword, model.NewPassword);

from the account controller. The message from the exception thrown is: 

Must declare the scalar variable "@username".

Running the Holyprin.Web.Security.MVC3 project I was able to reproduce it. I don't think I had this issue before the addition of SqlParameters, but I'm not positive. GetUser seems to call the same exact SqlQuery when it is called in the previous line in the AccountController.

I looked thru the MembershipProvider.cs and found the method that is called on line 342 didn't see what was wrong with the code. I did change the Users.SqlQuery call to this:

var query = q("SELECT * FROM $Users WHERE Username = @username");
var parms = new System.Data.SqlClient.SqlParameter("@username", username);

dynamic user = Users.SqlQuery(query, parms).Cast<dynamic>().FirstOrDefault();

to see what was being passed into the SqlQuery function and now it seems to work ok.

holyprin commented 12 years ago

Interesting, I'll have to look into that, and of course I will HAVE to setup a decent service layer for this to actually run unit tests. however unit testing a membership provider is a nightmare is most cases :-\

holyprin commented 12 years ago

Okay so I had a parenthesis in the wrong location, which still allowed me to compile but obviously produce a runtime error. I'll go over the rest of those parameter statements and re-upload the fixed copy.