public async Task <HttpResponseMessage> PostRequestPasswordReset(RequestPasswordResetModel model)
        {
            // If this feature is switched off in configuration the UI will be amended to not make the request to reset password available.
            // So this is just a server-side secondary check.
            if (UmbracoConfig.For.UmbracoSettings().Security.AllowPasswordReset == false)
            {
                throw new HttpResponseException(HttpStatusCode.BadRequest);
            }
            var identityUser = await SignInManager.UserManager.FindByEmailAsync(model.Email);

            if (identityUser != null)
            {
                var user = Services.UserService.GetByEmail(model.Email);
                if (user != null)
                {
                    var code = await UserManager.GeneratePasswordResetTokenAsync(identityUser.Id);

                    var callbackUrl = ConstructCallbackUrl(identityUser.Id, code);

                    var message = Services.TextService.Localize("resetPasswordEmailCopyFormat",
                                                                //Ensure the culture of the found user is used for the email!
                                                                UserExtensions.GetUserCulture(identityUser.Culture, Services.TextService),
                                                                new[] { identityUser.UserName, callbackUrl });

                    await UserManager.SendEmailAsync(identityUser.Id,
                                                     Services.TextService.Localize("login/resetPasswordEmailCopySubject",
                                                                                   //Ensure the culture of the found user is used for the email!
                                                                                   UserExtensions.GetUserCulture(identityUser.Culture, Services.TextService)),
                                                     message);
                }
            }

            return(Request.CreateResponse(HttpStatusCode.OK));
        }
Beispiel #2
0
        public async Task <IActionResult> RequestReset(RequestPasswordResetModel model)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            var output = await _passwordService.RequestResetAsync(model);

            if (output.Success)
            {
                string resetPasswordLink =
                    $"{_emailSettings.UIServer}resetPassword?token={HttpUtility.UrlEncode(output.Value)}&email={HttpUtility.UrlEncode(model.Email)}";

                try
                {
                    var resetPasswordEmailResponse = await _emailService.SendEmail(
                        model.Email,
                        message : $"{_emailSettings.HtmlContent_ResetPassword}{resetPasswordLink}{_emailSettings.HtmlContent_ResetPasswordEnding}",
                        subject : _emailSettings.Subject_ResetPassword);

                    return(Ok(resetPasswordEmailResponse));
                }
                catch (Exception e)
                {
                    _log.LogError(e, "Request Reset Exception");
                    return(StatusCode(500));
                }
            }

            return(Ok(output));
        }
Beispiel #3
0
        public async Task <IActionResult> PostRequestPasswordReset(RequestPasswordResetModel model)
        {
            // If this feature is switched off in configuration the UI will be amended to not make the request to reset password available.
            // So this is just a server-side secondary check.
            if (_securitySettings.AllowPasswordReset == false)
            {
                return(BadRequest());
            }

            var identityUser = await _userManager.FindByEmailAsync(model.Email);

            if (identityUser != null)
            {
                var user = _userService.GetByEmail(model.Email);
                if (user != null)
                {
                    var from = _globalSettings.Smtp.From;
                    var code = await _userManager.GeneratePasswordResetTokenAsync(identityUser);

                    var callbackUrl = ConstructCallbackUrl(identityUser.Id, code);

                    var message = _textService.Localize("login", "resetPasswordEmailCopyFormat",
                                                        // Ensure the culture of the found user is used for the email!
                                                        UmbracoUserExtensions.GetUserCulture(identityUser.Culture, _textService, _globalSettings),
                                                        new[] { identityUser.UserName, callbackUrl });

                    var subject = _textService.Localize("login", "resetPasswordEmailCopySubject",
                                                        // Ensure the culture of the found user is used for the email!
                                                        UmbracoUserExtensions.GetUserCulture(identityUser.Culture, _textService, _globalSettings));

                    var mailMessage = new EmailMessage(from, user.Email, subject, message, true);

                    await _emailSender.SendAsync(mailMessage, Constants.Web.EmailTypes.PasswordReset);

                    _userManager.NotifyForgotPasswordRequested(User, user.Id.ToString());
                }
            }

            return(Ok());
        }
Beispiel #4
0
        public async Task <OperationResult <string> > RequestResetAsync(RequestPasswordResetModel model)
        {
            try
            {
                _logger.LogInformation("Started RequestResetAsync.");
                var user = await _userManager.FindByEmailAsync(model.Email);

                if (user != null)
                {
                    string resetPasswordToken = await _userManager.GeneratePasswordResetTokenAsync(user);

                    return(OperationResult.Ok(resetPasswordToken));
                }

                return(OperationResult.Fail <string>($"No Accounts registered with mail {model.Email}"));
            }
            catch (Exception e)
            {
                _logger.LogError($"Exception caught in RequestResetAsync mehod. {e}");
                return(OperationResult.Fail <string>(string.Empty));
            }
        }