public ActionResult SendRecovery(string email)
{
IPBanner.AttemptedToSendRecoveryEmail(Current.RemoteIP);
var user = Models.User.FindUserByEmail(email);
if (user == null) return RecoverableError("No account with that email was found", new { email });
var now = Current.Now;
var token = Current.UniqueId().ToString();
var toInsert =
new PasswordReset
{
CreationDate = now,
TokenHash = Current.WeakHash(token),
UserId = user.Id
};
Current.WriteDB.PasswordResets.InsertOnSubmit(toInsert);
Current.WriteDB.SubmitChanges();
var toReset =
SafeRedirect(
(Func<string, string, string, ActionResult>)NewPassword,
new { token }
);
var resetLink = Current.Url(toReset.Url);
if (!Current.Email.SendEmail(email, Email.Template.ResetPassword, new { RecoveryLink = resetLink.AsLink() }))
{
return IrrecoverableError("An error occurred sending the email", "This has been recorded, and will be looked into shortly");
}
return SuccessEmail("Password Recovery Email Sent to " + email, "Check your email for the link to reset your password.");
}
/// <summary>
/// Repeated logic from SetNewPassword.
///
/// Pass it a resetToken to destroy on success (if user is anonymous).
///
/// Returns null if everything is OK, and an ActionResult if an error occurred.
/// </summary>
private ActionResult ChangePasswordAndSendEmail(string password, string password2, string token, PasswordReset resetToken, User user, DateTime now)
{
string message;
if (!Password.CheckPassword(password, password2, user.Email, user.VanityProviderId, user.ProviderId, out message))
return RecoverableError(message, new { token });
user.ChangePassword(now, password);
if (resetToken != null)
{
Current.WriteDB.PasswordResets.DeleteOnSubmit(resetToken);
}
Current.WriteDB.SubmitChanges();
var account = SafeRedirect((Func<ActionResult>)(new UserController()).ViewUser);
if (!Current.Email.SendEmail(user.Email, Email.Template.PasswordChanged, new { AccountLink = Current.Url(account.Url).AsLink() }))
{
return IrrecoverableError("An error occurred sending the email", "This has been recorded, and will be looked into shortly");
}
return null;
}
partial void DeletePasswordReset(PasswordReset instance);
partial void UpdatePasswordReset(PasswordReset instance);
partial void InsertPasswordReset(PasswordReset instance);
public ActionResult TrustedPasswordRecovery(string email, string emailTemplate, string emailSubject, string callback)
{
if (!CurrentAffiliate.IsTrusted) return NotFound();
if (!Models.User.IsValidEmail(ref email))
{
return ApiFailure("Invalid email [" + email + "]");
}
var user = Models.User.FindUserByEmail(email);
if (user == null)
{
return ApiFailure("No user found with email [" + email + "]", (int)HttpStatusCode.NotFound);
}
var now = Current.Now;
var token = Current.UniqueId().ToString();
var toInsert =
new PasswordReset
{
CreationDate = now,
TokenHash = Current.WeakHash(token),
UserId = user.Id
};
Current.WriteDB.PasswordResets.InsertOnSubmit(toInsert);
Current.WriteDB.SubmitChanges();
var toReset = callback;
if (toReset.Contains("?"))
{
toReset += "&resetToken=" + HttpUtility.UrlEncode(token);
}
else
{
toReset += "?resetToken=" + HttpUtility.UrlEncode(token);
}
if (!Current.Email.SendEmail(email, emailTemplate, emailSubject, new { RecoveryLink = toReset }))
{
return ApiFailure("An error occurred sending the email");
}
return ApiSuccess();
}
public ActionResult AccountRecovery(string callback, string email)
{
if (!CurrentAffiliate.IsValidCallback(callback)) return GenericSecurityError();
Uri callbackUri;
if(!Uri.TryCreate(callback, UriKind.Absolute, out callbackUri)) return GenericSecurityError();
var user = Models.User.FindUserByEmail(email);
if (user == null) return UnexpectedState("Recovering an account that does not exist");
// Don't allow just any affiliate to send these e-mails, only those that the user has
// auth'd to sometime in the past.
if (!user.HasGrantedAuthorization(callbackUri.Host)) return GenericSecurityError();
var now = Current.Now;
var token = Current.UniqueId().ToString();
var toInsert =
new PasswordReset
{
CreationDate = now,
TokenHash = Current.WeakHash(token),
UserId = user.Id
};
Current.WriteDB.PasswordResets.InsertOnSubmit(toInsert);
Current.WriteDB.SubmitChanges();
var authCode = Current.MakeAuthCode(new { token, callback });
var toReset =
SafeRedirect
(
(Func<string, string, string, ActionResult>)(new AccountController()).NewPassword,
new
{
token,
authCode,
callback
}
);
var resetLink = Current.Url(toReset.Url);
var affiliateLink = callbackUri.Scheme + "://" + callbackUri.Host;
var affiliateName = callbackUri.Host;
var deAuthCode = Current.MakeAuthCode(new { email, affHost = callbackUri.Host });
var toDeAuth =
SafeRedirect
(
(Func<string, string, string, ActionResult>)(new AccountController()).DeAuthAffiliate,
new
{
email,
affHost = callbackUri.Host,
authCode = deAuthCode
}
);
var deAuthLink = Current.Url(toDeAuth.Url);
if (!Current.Email.SendEmail(email, Email.Template.ResetPasswordAffiliate, new { RecoveryLink = resetLink.AsLink(), AffiliateLink = affiliateLink.AsLink(), AffiliateName = affiliateName, DeAuthLink = deAuthLink.AsLink() }))
{
return IrrecoverableError("Could not send email", "This error has been logged");
}
return SuccessEmail("Email sent to " + email, "Check your email and follow the link to recover your account");
}
