public ActionResult ResetPassword(ResetNewPasswordViewModel passwordInfo)
{
try
{
if (TempData["AccountId"] == null)
{
return(RedirectToAction("Login", "Auth"));
}
if (!ModelState.IsValid)
{
return(View());
}
int _accountId = (int)TempData["AccountId"];
var _accountInfo = new AccountInfo();
_accountInfo.Id = _accountId;
_accountInfo.Salt = RandomPassword.Generate(18, 20);
_accountInfo.PasswordHash = RijndaelCrypt.EncryptPassword(passwordInfo.NewPassword, _accountInfo.Salt);
_accountInfo.IsFirstTimeLogin = false;
using (AccountRepository Repo = new AccountRepository())
{
Repo.ChangeNewPassword(_accountInfo);
}
using (AccountConfirmationRepository Repo = new AccountConfirmationRepository())
{
AccountConfirmationInfo _accountConfirmation = null;
_accountConfirmation = Repo.GetAccountConfirmationByAccountId(_accountId);
if (_accountConfirmation != null)
{
Repo.DeleteAccountConfirmation(_accountConfirmation.Id);
}
}
TempData["Msg"] = "<span style='color:green; text-align:center;'>Password has been reset successfully.</span>";
return(RedirectToAction("Login", "Auth"));
}
catch (Exception ex)
{
TempData["Msg"] = "<span style='color:red; text-align:center;'>" + ex.Message.ToString() + ".</span>";
return(View());
}
}
// GET: Auth/Verify
public ActionResult Verify(string t)
{
try
{
AccountConfirmationInfo _accountConfirmation = null;
string _token = RijndaelCrypt.DecryptString(t);
using (AccountConfirmationRepository Repo = new AccountConfirmationRepository())
{
_accountConfirmation = Repo.GetAccountConfirmationByToken(_token);
}
if (_accountConfirmation == null)
{
TempData["Msg"] = "Link has been already used or invalid.";
return(View());
// invalid token
}
byte[] data = Convert.FromBase64String(_token);
DateTime when = DateTime.FromBinary(BitConverter.ToInt64(data, 0));
if (when < DateTime.UtcNow.AddHours(-24))
{
TempData["Msg"] = "Link has been expired.";
return(View());
// expired token
}
else
{
TempData["AccountId"] = _accountConfirmation.AccountId;
TempData["IsVerified"] = true;
return(RedirectToAction("ResetPassword"));
// valid token
}
}
catch (Exception ex)
{
TempData["Msg"] = "<span style='color:red; text-align:center;'>" + ex.Message.ToString() + ".</span>";
return(View());
}
}
public ActionResult ForgotPassword(ForgotPasswordViewModel forgotInfo)
{
try
{
if (!ModelState.IsValid)
{
return(View());
}
AccountInfo _account = null;
string _token;
using (AccountRepository Repo = new AccountRepository())
{
_account = Repo.GetEmployeeAccountByCompanyEmail(forgotInfo.CompanyEmail);
}
if (_account == null)
{
TempData["Msg"] = "<span style='color:red; text-align:center;'>Account does not associate with this email.</span>";
return(RedirectToAction("ForgotPassword", "Auth"));
}
if (_account.IsFirstTimeLogin == true)
{
TempData["Msg"] = "<span style='color:red; text-align:center;'>You cannot reset password right now, please check your account creation email.</span>";
return(RedirectToAction("ForgotPassword", "Auth"));
}
byte[] time = BitConverter.GetBytes(DateTime.UtcNow.ToBinary());
byte[] key = Guid.NewGuid().ToByteArray();
_token = Convert.ToBase64String(time.Concat(key).ToArray());
using (AccountConfirmationRepository Repo = new AccountConfirmationRepository())
{
AccountConfirmationInfo _accountConfirmation = null;
_accountConfirmation = Repo.GetAccountConfirmationByAccountId(_account.Id);
if (_accountConfirmation != null)
{
Repo.DeleteAccountConfirmation(_accountConfirmation.Id);
}
_accountConfirmation = new AccountConfirmationInfo();
_accountConfirmation.Token = _token;
_accountConfirmation.AccountId = _account.Id;
Repo.SaveAccountConfirmation(_accountConfirmation);
}
List <string> To = new List <string>()
{
_account.CompanyEmail
};
string Subject = "Password Reset Link";
var resetPasswordUrl = Url.Action("Verify", "Auth", new { t = RijndaelCrypt.EncryptString(_token) }, protocol: Request.Url.Scheme);
var forgotPasswordUrl = Url.Action("ForgotPassword", "Auth", null, protocol: Request.Url.Scheme);
string Body = "Dear " + _account.EmployeeFullName + ", <br/><br/>" +
"We heard that you lost your LPS online account password. Sorry about that! <br/><br/>" +
"But don’t worry! You can use the following link within the next day to reset your password: <br/><br/>" +
"<a href='" + resetPasswordUrl + "' target='_blank'>" + resetPasswordUrl + "</a> <br/><br/>" +
"If you don’t use this link within 24 hours, it will expire. To get a new password reset link, visit<br/>" +
"<a href='" + forgotPasswordUrl + "' target='_blank'>" + forgotPasswordUrl + " </a> <br/><br/>" +
"Thanks,<br/>" +
"Logic Powered Solutions";
bool result = EmailSender.Send(Subject, Body, To);
if (result)
{
TempData["Msg"] = "<span style='color:green; text-align:center;'>Request launched, for further processing please check your email.</span>";
}
else
{
TempData["Msg"] = "<span style='color:red; text-align:center;'>Something went wrong! email not sent, please try again later.</span>";
}
return(RedirectToAction("ForgotPassword", "Auth"));
}
catch (Exception ex)
{
TempData["Msg"] = "<span style='color:red; text-align:center;'>" + ex.Message.ToString() + ".</span>";
return(View());
}
}