public async Task <ActionResult> ResetPassword([FromRoute] string userId, [FromBody] ResetPasswordConfirmRequest resetPasswordConfirm) { var user = await _userManager.FindByIdAsync(userId); if (user == null) { return(BadRequest(IdentityResult.Failed(new IdentityError() { Description = "User not found" }))); } if (!IsUserEditable(user.UserName)) { return(BadRequest(new IdentityError() { Description = "It is forbidden to edit this user." })); } var result = await _signInManager.UserManager.ResetPasswordAsync(user, resetPasswordConfirm.Token, resetPasswordConfirm.NewPassword); if (result.Succeeded) { await _eventPublisher.Publish(new UserResetPasswordEvent(user.Id)); } return(Ok(result)); }
public async Task <ActionResult <IdentityResult> > ResetCurrentUserPassword([FromBody] ResetPasswordConfirmRequest resetPassword) { var currentUserName = User.Identity.Name; var user = await _userManager.FindByNameAsync(currentUserName); if (user == null) { return(BadRequest(IdentityResult.Failed(new IdentityError { Description = "User not found" }))); } if (!IsUserEditable(user.UserName)) { return(BadRequest(new IdentityError { Description = "It is forbidden to edit this user." })); } var token = await _userManager.GeneratePasswordResetTokenAsync(user); var result = await _signInManager.UserManager.ResetPasswordAsync(user, token, resetPassword.NewPassword); if (result.Succeeded) { await _eventPublisher.Publish(new UserResetPasswordEvent(user.Id)); if (user.PasswordExpired != resetPassword.ForcePasswordChangeOnNextSignIn) { user.PasswordExpired = resetPassword.ForcePasswordChangeOnNextSignIn; // TODO: publish UserChangingEvent/UserChangedEvent? var userUpdateResult = await _userManager.UpdateAsync(user); } } return(Ok(result)); }
public async Task <ActionResult <SecurityResult> > ResetPasswordByToken([FromRoute] string userId, [FromBody] ResetPasswordConfirmRequest resetPasswordConfirm) { var user = await _userManager.FindByIdAsync(userId); if (user == null) { return(BadRequest(IdentityResult.Failed(new IdentityError { Description = "User not found" }).ToSecurityResult())); } if (!IsUserEditable(user.UserName)) { return(BadRequest(IdentityResult.Failed(new IdentityError { Description = "It is forbidden to edit this user." }).ToSecurityResult())); } var result = await _signInManager.UserManager.ResetPasswordAsync(user, resetPasswordConfirm.Token, resetPasswordConfirm.NewPassword); if (result.Succeeded) { await _eventPublisher.Publish(new UserResetPasswordEvent(user.Id)); // If the password reset was required for the user, now it is not needed anymore - the password is changed now. if (user.PasswordExpired) { user.PasswordExpired = false; var userUpdateResult = await _userManager.UpdateAsync(user); } } return(Ok(result.ToSecurityResult())); }
public async Task <ActionResult <SecurityResult> > ResetPassword([FromRoute] string userName, [FromBody] ResetPasswordConfirmRequest resetPasswordConfirm) { var user = await _userManager.FindByNameAsync(userName); if (user == null) { return(BadRequest(IdentityResult.Failed(new IdentityError { Description = "User not found" }).ToSecurityResult())); } if (!IsUserEditable(user.UserName)) { return(BadRequest(IdentityResult.Failed(new IdentityError { Description = "It is forbidden to edit this user." }).ToSecurityResult())); } var token = await _userManager.GeneratePasswordResetTokenAsync(user); var result = await _userManager.ResetPasswordAsync(user, token, resetPasswordConfirm.NewPassword); if (result.Succeeded) { user = await _userManager.FindByNameAsync(userName); // Calculate password hash for external hash storage. This provided as workaround until password hash storage would implemented var customPasswordHash = _userPasswordHasher.HashPassword(user, resetPasswordConfirm.NewPassword); await _eventPublisher.Publish(new UserResetPasswordEvent(user.Id, customPasswordHash)); if (user.PasswordExpired != resetPasswordConfirm.ForcePasswordChangeOnNextSignIn) { user.PasswordExpired = resetPasswordConfirm.ForcePasswordChangeOnNextSignIn; await _userManager.UpdateAsync(user); } } return(Ok(result.ToSecurityResult())); }
public async Task <ActionResult <SecurityResult> > ResetCurrentUserPassword([FromBody] ResetPasswordConfirmRequest resetPassword) { return(await ResetPassword(User.Identity.Name, resetPassword)); }
public async Task <ActionResult <SecurityResult> > ResetPasswordByToken([FromRoute] string userId, [FromBody] ResetPasswordConfirmRequest resetPasswordConfirm) { var user = await _userManager.FindByIdAsync(userId); if (user == null) { return(BadRequest(IdentityResult.Failed(new IdentityError { Description = "User not found" }).ToSecurityResult())); } if (!IsUserEditable(user.UserName)) { return(BadRequest(IdentityResult.Failed(new IdentityError { Description = "It is forbidden to edit this user." }).ToSecurityResult())); } var result = await _signInManager.UserManager.ResetPasswordAsync(user, resetPasswordConfirm.Token, resetPasswordConfirm.NewPassword); if (result.Succeeded && user.PasswordExpired) { user.PasswordExpired = false; await _userManager.UpdateAsync(user); } return(Ok(result.ToSecurityResult())); }
public async Task <ActionResult <SecurityResult> > ResetPassword([FromRoute] string userName, [FromBody] ResetPasswordConfirmRequest resetPasswordConfirm) { var user = await _userManager.FindByNameAsync(userName); if (user == null) { return(BadRequest(IdentityResult.Failed(new IdentityError { Description = "User not found" }).ToSecurityResult())); } if (!IsUserEditable(user.UserName)) { return(BadRequest(IdentityResult.Failed(new IdentityError { Description = "It is forbidden to edit this user." }).ToSecurityResult())); } var token = await _userManager.GeneratePasswordResetTokenAsync(user); var result = await _userManager.ResetPasswordAsync(user, token, resetPasswordConfirm.NewPassword); if (result.Succeeded) { user = await _userManager.FindByNameAsync(userName); if (user.PasswordExpired != resetPasswordConfirm.ForcePasswordChangeOnNextSignIn) { user.PasswordExpired = resetPasswordConfirm.ForcePasswordChangeOnNextSignIn; await _userManager.UpdateAsync(user); } } return(Ok(result.ToSecurityResult())); }