public async Task <IActionResult> OnPostAsync([FromQuery] string returnUrl = null)
{
returnUrl ??= Url.Content("~/");
ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
if (ModelState.IsValid)
{
var user = new ApplicationUser {
UserName = Input.Email, Email = Input.Email
};
var result = await _userManager.CreateAsync(user, Input.Password);
if (result.Succeeded)
{
await _userManager.AddClaimsAsync(user, new Claim[]
{
new Claim(JwtClaimTypes.Id, Input.Email),
new Claim(JwtClaimTypes.Email, Input.Email),
new Claim(JwtClaimTypes.EmailVerified, "true", ClaimValueTypes.Boolean),
});
_logger.LogInformation("User created a new account with password.");
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
var callbackUrl = Url.Page(
"/Account/ConfirmEmail",
pageHandler: null,
values: new { area = "Identity", userId = user.Id, code = code, returnUrl = returnUrl },
protocol: Request.Scheme);
await SendRegistrationEmail(user.UserName, callbackUrl);
return(RedirectToPage("RegisterConfirmation"));
}
if (result.Errors.Any(c => c.Code == "DuplicateUserName"))
{
_logger.LogWarning("User already exits, redirect to register confirmation screen to avoid user enumeration.");
return(RedirectToPage("RegisterConfirmation"));
}
foreach (var error in result.Errors)
{
var errorDescription = _passwordValidationMessages.GetMessageByCode(error);
ModelState.AddModelError(string.Empty, errorDescription);
}
}
// If we got this far, something failed, redisplay form
return(Page());
}
public async Task <IActionResult> OnPostAsync()
{
if (!ModelState.IsValid)
{
return(Page());
}
var user = await _userManager.FindByEmailAsync(Input.Email);
if (user == null)
{
// Don't reveal that the user does not exist
return(RedirectToPage("./ResetPasswordConfirmation"));
}
var(isValid, errorMessage) = IsPasswordValid(user, Input.Password);
if (!isValid)
{
ModelState.AddModelError(string.Empty, errorMessage);
return(Page());
}
var oldPassword = user.PasswordHash;
var result = await _userManager.ResetPasswordAsync(user, Input.Code, Input.Password);
if (result.Succeeded)
{
// get the user again to have it with updated password
var userWithNewPassword = await _userManager.FindByEmailAsync(Input.Email);
userWithNewPassword.PreviousPasswords = ConcatUserPasswords(userWithNewPassword.PreviousPasswords, oldPassword);
userWithNewPassword.ResetCounter = 0;
await _userManager.UpdateAsync(userWithNewPassword);
return(RedirectToPage("./ResetPasswordConfirmation"));
}
foreach (var error in result.Errors)
{
var errorDescription = _passwordValidationMessages.GetMessageByCode(error);
ModelState.AddModelError(string.Empty, errorDescription);
}
return(Page());
}
