Beispiel #1
0
        public async Task <IActionResult> ResetPassword([FromBody] ResetPasswordApiModel model)
        {
            if (!ModelState.IsValid)
            {
                var errorList = new List <string>();

                foreach (var modelState in ViewData.ModelState.Values)
                {
                    foreach (var error in modelState.Errors)
                    {
                        errorList.Add(error.ErrorMessage.Replace("\"", string.Empty));
                    }
                }

                return(BadRequest(errorList));
            }

            var user = await _userManager.FindByEmailAsync(model.Email);

            if (user == null)
            {
                return(BadRequest());
            }

            // https://stackoverflow.com/questions/27241658/token-invalid-on-reset-password-with-asp-net-identity
            var code = model.Code.Replace(" ", "+");

            var resetResult = await _userManager.ResetPasswordAsync(user, code, model.Password);

            if (!resetResult.Succeeded)
            {
                var result = resetResult.Errors;

                return(resetResult.Errors.Count() == 1
                    ? BadRequest(resetResult.Errors.First().Description)
                    : BadRequest(resetResult.Errors.Select(err => err.Description).ToArray()));
            }

            return(Ok());
        }
Beispiel #2
0
        public HttpResponseMessage ValidateCode([FromBody] ResetPasswordApiModel apiModel)
        {
            var            response     = new HttpResponseMessage();
            ResponseFormat responseData = new ResponseFormat();

            if (apiModel == null)
            {
                response.StatusCode  = HttpStatusCode.BadRequest;
                responseData         = ResponseFormat.Fail;
                responseData.message = ErrorMessages.INVALID_KEY;
            }
            else
            {
                //validate the key sent
                if (string.IsNullOrEmpty(apiModel.key) || string.IsNullOrEmpty(apiModel.newPassword))
                {
                    response.StatusCode  = HttpStatusCode.BadRequest;
                    responseData         = ResponseFormat.Fail;
                    responseData.message = ErrorMessages.INVALID_KEY;
                }
                else
                {
                    var payload = JwtTokenManager.ValidateJwtToken(apiModel.key);
                    if (payload.ContainsKey("error"))
                    {
                        if ((string)payload["error"] == ErrorMessages.TOKEN_EXPIRED)
                        {
                            response.StatusCode  = HttpStatusCode.Unauthorized;
                            responseData         = ResponseFormat.Fail;
                            responseData.message = ErrorMessages.TOKEN_EXPIRED;
                        }
                        if ((string)payload["error"] == ErrorMessages.TOKEN_INVALID)
                        {
                            response.StatusCode  = HttpStatusCode.Unauthorized;
                            responseData         = ResponseFormat.Fail;
                            responseData.message = ErrorMessages.TOKEN_INVALID;
                        }
                    }
                    else
                    {
                        //decode key for field "validationCode" and "email"
                        var userEmail = Convert.ToString(payload["email"]);
                        var userCode  = Convert.ToString(payload["validationCode"]);
                        //find user with email, if validation code is the same, hash password and save it to db
                        var dbUser = db.USERs.Where(c => c.Email == userEmail).FirstOrDefault();
                        if (dbUser != null)
                        {
                            if (dbUser.RememberMeToken == userCode)
                            {
                                //hash user password
                                dbUser.Hash = _hashManager.Hash(apiModel.newPassword);
                                db.SaveChanges();
                                response.StatusCode  = HttpStatusCode.OK;
                                responseData         = ResponseFormat.Success;
                                responseData.message = SuccessMessages.PASSWORD_RESET;
                            }
                            else
                            {
                                response.StatusCode  = HttpStatusCode.Unauthorized;
                                responseData         = ResponseFormat.Fail;
                                responseData.message = ErrorMessages.INVALID_KEY;
                            }
                        }
                        else
                        {
                            response.StatusCode  = HttpStatusCode.NotFound;
                            responseData         = ResponseFormat.Fail;
                            responseData.message = ErrorMessages.USER_NOT_FOUND;
                        }
                    }
                }
            }
            var json = JsonConvert.SerializeObject(responseData);

            response.Content = new StringContent(json, Encoding.UTF8, "application/json");
            return(response);
        }