public async Task <string> Get([FromUri] string Email)
{
IUser SelectedUser = (await _DataStore.Get("EmailAddress", Email)).FirstOrDefault();
if (null == SelectedUser)
{
return("Email Not Found");
}
AuthTokenDataStore TokenStore = new AuthTokenDataStore();
IAuthToken Token = await TokenStore.Create(SelectedUser.Id);
Email Mail = new Email(SelectedUser.EmailAddress, SelectedUser.DisplayName);
Mail.Subject = "Password Request";
Mail.Body = string.Format(
@"This email is a response to a forgotten password. The link below will force your login into the site. Once you are in, please update your password.
The link provided is good for one use and will expire in 5 minutes ({0} {1} UTC).
https://www.devspaceconf.com/login.html?force={2}", DateTime.UtcNow.AddMinutes(5).ToShortDateString(), DateTime.UtcNow.AddMinutes(5).ToShortTimeString(), Token.Token.ToString());
Mail.Send();
return("Email Sent");
}
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage Request, CancellationToken CancelToken)
{
if (null != Request.Headers.Authorization)
{
if (Request.Headers.Authorization.Scheme.ToUpper() == "FORCE")
{
Guid Token;
if (!Guid.TryParse(Request.Headers.Authorization.Parameter, out Token))
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
AuthTokenDataStore Tokens = new AuthTokenDataStore();
await Tokens.Delete(0);
IAuthToken ValidToken = (await Tokens.Get("Token", Token)).FirstOrDefault();
if (null == ValidToken)
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
UserDataStore Users = new UserDataStore();
IUser User = await Users.Get(ValidToken.UserId);
if (null == User)
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
Thread.CurrentPrincipal = new GenericPrincipal(new DevSpaceIdentity(User), null);
Request.GetRequestContext().Principal = Thread.CurrentPrincipal;
await Tokens.Update(ValidToken.UpdateExpires(DateTime.UtcNow.AddMinutes(-1)));
// Complete the request. We'll set the login cookie on the way out
HttpResponseMessage Response = await base.SendAsync(Request, CancelToken);
CookieHeaderValue SessionCookie = new CookieHeaderValue("SessionToken", (await Users.CreateSession((Thread.CurrentPrincipal.Identity as DevSpaceIdentity).Identity)).SessionToken.ToString());
#if DEBUG == false
SessionCookie.Secure = true;
#endif
SessionCookie.HttpOnly = true;
Response.Headers.AddCookies(new CookieHeaderValue[] { SessionCookie });
return(Response);
}
}
return(await base.SendAsync(Request, CancelToken));
}
