internal string GenerateForgotPasswordLink(string email) { // Generate a guid and insert it into cache Guid linkId = Guid.NewGuid(); DateTimeOffset tokenExpiration = DateTimeOffset.Now.AddMinutes(EmailExpirationMinutes); cache.Set(CacheKeys.ForgotPasswordGuid(linkId), tokenExpiration, email); // Build the change password link string resultUrl = string.Format(@"~/PasswordRecovery/PasswordReset/?token={0}", linkId); return(runtime.MakeAbsolutePath(resultUrl)); }
public Result <PasswordResetInfo> GetPasswordResetInfo(string tokenString) { Guid resetToken; string userEmail; // Parse token to string and retrieve user email from cache, return error msg if anything fails if (string.IsNullOrWhiteSpace(tokenString) || !Guid.TryParse(tokenString, out resetToken) || !cache.TryGet(CacheKeys.ForgotPasswordGuid(resetToken), out userEmail)) { throw new ValidationException(MsgInvalidResetToken); } // Valid, return success PasswordResetInfo resultInfo = new PasswordResetInfo { Token = resetToken, Email = userEmail }; return(new Result <PasswordResetInfo>(resultInfo)); }
public Result ResetPassword(string tokenString, string userEmail, string newPassword) { // Re-validate token first Result <PasswordResetInfo> passwordResetInfo = GetPasswordResetInfo(tokenString); // Remove token from cache cache.Remove(CacheKeys.ForgotPasswordGuid(passwordResetInfo.Value.Token)); // Get the user object User user = dataAccessor.Users.SingleOrDefault(x => x.Email == userEmail); if (user == null) { throw new ValidationException(MsgInvalidEmail); } // Reset password if we have a valid user user.PasswordHash = PasswordHashHelper.CreateHash(newPassword); dataAccessor.Update(user); dataAccessor.SaveChanges(); // Return a success message return(new Result(new LogMessage(MessageType.Success, MsgPasswordResetSuccess))); }