public ActionResult ForgotPassword(ForgotPasswordViewModel forgotPasswordViewModel)
{
if (!ModelState.IsValid)
{
return View(forgotPasswordViewModel);
}
MembershipUser user;
using (var unitOfWork = UnitOfWorkManager.NewUnitOfWork())
{
user = MembershipService.GetUserByEmail(forgotPasswordViewModel.EmailAddress);
// If the email address is not registered then display the 'email sent' confirmation the same as if
// the email address was registered. There is no harm in doing this and it avoids exposing registered
// email addresses which could be a privacy issue if the forum is of a sensitive nature. */
if (user == null)
{
return RedirectToAction("PasswordResetSent", "Members");
}
try
{
// If the user is registered then create a security token and a timestamp that will allow a change of password
MembershipService.UpdatePasswordResetToken(user);
unitOfWork.Commit();
}
catch (Exception ex)
{
unitOfWork.Rollback();
LoggingService.Error(ex);
ModelState.AddModelError("", LocalizationService.GetResourceString("Members.ResetPassword.Error"));
return View(forgotPasswordViewModel);
}
}
// At this point the email address is registered and a security token has been created
// so send an email with instructions on how to change the password
using (var unitOfWork = UnitOfWorkManager.NewUnitOfWork())
{
var settings = SettingsService.GetSettings();
var url = new Uri(string.Concat(settings.ForumUrl.TrimEnd('/'), Url.Action("ResetPassword", "Members", new { user.Id, token = user.PasswordResetToken })));
var sb = new StringBuilder();
sb.AppendFormat("<p>{0}</p>", string.Format(LocalizationService.GetResourceString("Members.ResetPassword.EmailText"), settings.ForumName));
sb.AppendFormat("<p><a href=\"{0}\">{0}</a></p>", url);
var email = new Email
{
EmailTo = user.Email,
NameTo = user.UserName,
Subject = LocalizationService.GetResourceString("Members.ForgotPassword.Subject")
};
email.Body = _emailService.EmailTemplate(email.NameTo, sb.ToString());
_emailService.SendMail(email);
try
{
unitOfWork.Commit();
}
catch (Exception ex)
{
unitOfWork.Rollback();
LoggingService.Error(ex);
ModelState.AddModelError("", LocalizationService.GetResourceString("Members.ResetPassword.Error"));
return View(forgotPasswordViewModel);
}
}
return RedirectToAction("PasswordResetSent", "Members");
}
public ActionResult ForgotPassword(ForgotPasswordViewModel forgotPasswordViewModel)
{
var changePasswordSucceeded = true;
var currentUser = new MembershipUser();
var newPassword = StringUtils.RandomString(8);
using (var unitOfWork = UnitOfWorkManager.NewUnitOfWork())
{
if (ModelState.IsValid)
{
currentUser = MembershipService.GetUserByEmail(forgotPasswordViewModel.EmailAddress);
if (currentUser != null)
{
changePasswordSucceeded = MembershipService.ResetPassword(currentUser, newPassword);
try
{
unitOfWork.Commit();
}
catch (Exception ex)
{
unitOfWork.Rollback();
LoggingService.Error(ex);
changePasswordSucceeded = false;
}
}
else
{
changePasswordSucceeded = false;
}
}
}
// Success send newpassword to the user telling them password has been changed
using (UnitOfWorkManager.NewUnitOfWork())
{
if (changePasswordSucceeded)
{
var sb = new StringBuilder();
sb.AppendFormat("<p>{0}</p>", string.Format(LocalizationService.GetResourceString("Members.ForgotPassword.Email"), SettingsService.GetSettings().ForumName));
sb.AppendFormat("<p><b>{0}</b></p>", newPassword);
var email = new Email
{
EmailFrom = SettingsService.GetSettings().NotificationReplyEmail,
EmailTo = currentUser.Email,
NameTo = currentUser.UserName,
Subject = LocalizationService.GetResourceString("Members.ForgotPassword.Subject")
};
email.Body = _emailService.EmailTemplate(email.NameTo, sb.ToString());
_emailService.SendMail(email);
// We use temp data because we are doing a redirect
TempData[AppConstants.MessageViewBagName] = new GenericMessageViewModel
{
Message = LocalizationService.GetResourceString("Members.ForgotPassword.SuccessMessage"),
MessageType = GenericMessages.success
};
return View();
}
ModelState.AddModelError("", LocalizationService.GetResourceString("Members.ForgotPassword.ErrorMessage"));
return View(forgotPasswordViewModel);
}
}
