public virtual ActionResult Reset(ResetForgottenPasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
//
//Validate the id and token
//This will decrypt the values, find the record, and ensure its not expired
//If not valid then throw error, and redirect to ForgotPassword page to have them enter userid and email
//
var request = new ResetForgottenPasswordRequest()
{
Id = model.Id,
Token = model.Token,
NewPassword = model.NewPassword,
NewPasswordConfirm = model.NewPasswordConfirm
};
var response = _service.ResetForgottenPassword(request);
if (!response.IsSuccessful)
{
//Redirect to the forgot password page with an error message if there is an issue
ModelState.AddModelError("", response.Message);
return(View("Reset", model));
}
else
{
return(View("PasswordSuccessfullyReset", model));
}
}
/// <summary>
/// For a forgotten password request that has been emailed to the user, allow them to
/// reset their password.
/// </summary>
/// <param name="model"></param>
public ResetForgottenPasswordResponse ResetForgottenPassword(
ResetForgottenPasswordRequest request)
{
//
//Validate the parameters
//
if (request == null || String.IsNullOrWhiteSpace(request.Id) || String.IsNullOrWhiteSpace(request.Token))
{
return(new ResetForgottenPasswordResponse()
{
IsSuccessful = false,
Message = "An invalid password reset request was made."
});
}
//
//Ensure the id and token is valid
//
var validationRequest = new ValidateSecurityPasswordResetTokenRequest()
{
Id = request.Id,
Token = request.Token
};
var validationResponse = this.ValidateSecurityPasswordResetToken(validationRequest);
if (!validationResponse.IsSuccessful)
{
return(new ResetForgottenPasswordResponse()
{
IsSuccessful = false,
Message = validationResponse.Message
});
}
var securityPasswordResetRequest = validationResponse.SecurityPasswordResetRequest;
//
//Get the SecurityUser record if it exists
//
SecurityUser securityUser = null;
if (securityPasswordResetRequest.SecurityUserId != null)
{
securityUser =
_repository.GetAll <SecurityUser>()
.FirstOrDefault(p => p.SecurityUserId == securityPasswordResetRequest.SecurityUserId);
}
//
//Change the password
//
var changePasswordRequest = new ChangePasswordRequest()
{
UserName = securityPasswordResetRequest.UserName,
AuthenticationMethod = (securityUser != null ? securityUser.AuthenticationMethod : null),
SecurityUserId = (securityUser != null ? securityUser.SecurityUserId : (int?)null),
NewPassword = request.NewPassword,
NewPasswordConfirm = request.NewPasswordConfirm,
CheckPasswordComplexity = true,
CheckIfUserPasswordCanBeChanged = true,
EnforcePasswordHistory = true,
SendPasswordSuccessfullyChangedEmail = true
};
var changePasswordResponse = _passwordService.ChangePassword(changePasswordRequest);
if (!changePasswordResponse.IsSuccessful)
{
return(new ResetForgottenPasswordResponse()
{
IsSuccessful = false,
Message = changePasswordResponse.Message
});
}
//
//Update the password reset request entity to store that the request has been processed
//
securityPasswordResetRequest.Processed = true;
securityPasswordResetRequest.ProcessDate = DateTime.Now;
_repository.Commit();
//
//Successful reset of forgotten password if we got to here
//
return(new ResetForgottenPasswordResponse()
{
IsSuccessful = true,
Message = null
});
}
