public async Task Should_Reset_Password()
{
var testUser = await CreateAndGetTestUserAsync();
var token = await LoginAndGetTokenAsync(testUser.UserName, "123qwe");
var input = new ForgotPasswordInput
{
UserNameOrEmail = testUser.Email
};
var requestMessage = new HttpRequestMessage(HttpMethod.Post, "/api/forgotPassword");
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
requestMessage.Content = input.ToStringContent(Encoding.UTF8, "application/json");
var response = await TestServer.CreateClient().SendAsync(requestMessage);
var result = await response.Content.ReadAsAsync <ForgotPasswordOutput>();
var inputResetPassword = new ResetPasswordInput
{
UserNameOrEmail = testUser.Email,
Token = result.ResetToken,
Password = "******"
};
var requestMessageResetPassword = new HttpRequestMessage(HttpMethod.Post, "/api/resetPassword");
requestMessageResetPassword.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
requestMessageResetPassword.Content = inputResetPassword.ToStringContent(Encoding.UTF8, "application/json");
var responseResetPassword = await TestServer.CreateClient().SendAsync(requestMessageResetPassword);
Assert.Equal(HttpStatusCode.OK, responseResetPassword.StatusCode);
}
public async Task <IActionResult> ForgotSend(ForgotPasswordInput Input)
{
if (ModelState.IsValid)
{
var user = await _userManager.FindByEmailAsync(Input.Email);
if (user == null || !(await _userManager.IsEmailConfirmedAsync(user)))
{
// Don't reveal that the user does not exist or is not confirmed
return(View("ForgotPasswordConfirmation"));
}
// For more information on how to enable account confirmation and password reset please
// visit https://go.microsoft.com/fwlink/?LinkID=532713
var code = await _userManager.GeneratePasswordResetTokenAsync(user);
code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
var callbackUrl = Url.Action("ResetPassword", "Account", new { code = code }, Request.Scheme);
await _emailSender.SendEmailAsync(
Input.Email,
"Reset Password",
$"Please reset your password by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
return(View("ForgotPasswordConfirmation"));
}
return(View("ResetPasswordFail"));
}
public async Task <IActionResult> ForgotPassword([FromBody] ForgotPasswordInput input)
{
if (ModelState.IsValid)
{
var user = await _userManager.FindByEmailAsync(input.Email);
if (user == null || !(await _userManager.IsEmailConfirmedAsync(user)))
{
// Don't reveal that the user does not exist or is not confirmed
return(Ok(new RedirectResponse()
{
Pathname = "/Account/ForgotPasswordConfirmation"
}));
}
// For more information on how to enable account confirmation and password reset please
// visit https://go.microsoft.com/fwlink/?LinkID=532713
var code = await _userManager.GeneratePasswordResetTokenAsync(user);
code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
var callbackUrl = $"/Account/ResetPassword?code={code}";
await _emailSender.SendEmailAsync(
input.Email,
"Reset Password",
$"Please reset your password by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
return(Ok(new RedirectResponse()
{
Pathname = "/Account/ForgotPasswordConfirmation"
}));
}
return(Ok(ModelState));
}
public async Task <ActionResult> ForgotPassword([FromBody] ForgotPasswordInput input)
{
var user = await FindUserByUserNameOrEmail(input.UserNameOrEmail);
if (user == null)
{
return(BadRequest(new List <NameValueDto>
{
new NameValueDto("UserNotFound", "User is not found!")
}));
}
var resetToken = await _userManager.GeneratePasswordResetTokenAsync(user);
var callbackUrl = _configuration["App:ClientUrl"] + "/account/reset-password?token=" + resetToken;
var message = new MailMessage(
from: _configuration["Email:Smtp:Username"],
to: "*****@*****.**",
subject: "Reset your password",
body: $"Please confirm your account by clicking this link: <a href='{callbackUrl}'>link</a>"
);
message.IsBodyHtml = true;
await _smtpClient.SendMailAsync(message);
return(Ok());
}
public async Task <IActionResult> UpdatePassword([FromBody] ForgotPasswordInput input)
{
var forgotPasswordInfo = await ForgotPasswordInfoRepository
.FirstOrDefaultAsync(f => f.Hash == input.Hash && f.ExpirationTime >= DateTime.Now);
if (forgotPasswordInfo == null || forgotPasswordInfo.Hash != input.Hash)
{
return(NoContent());
}
var user = await UserRepository.FindAsync(forgotPasswordInfo.UserId);
if (user == null)
{
return(NoContent());
}
PasswordManager.CreatePasswordSaltAndHash(input.Password, out var passwordSalt, out var passwordHash);
user.PasswordSalt = passwordSalt;
user.PasswordHash = passwordHash;
UserRepository.Update(user);
ForgotPasswordInfoRepository.Remove(forgotPasswordInfo);
await _userContext.SaveChangesAsync();
return(Ok());
}
public async Task <bool> ForgotPassword([FromBody] ForgotPasswordInput passwordInput)
{
var user = UserRepository.FirstOrDefault(u => u.NormalizedEmail == Strings.ToUpperCase(passwordInput.Email));
if (user == null)
{
return(false);
}
if (await ForgotPasswordInfoRepository.AnyAsync(f => f.UserId == user.Id))
{
var infosToDelete = await ForgotPasswordInfoRepository.Where(f => f.UserId == user.Id).ToListAsync();
ForgotPasswordInfoRepository.RemoveRange(infosToDelete);
await _userContext.SaveChangesAsync();
}
var forgotPasswordInfo = new ForgotPasswordInfo
{
ExpirationTime = DateTime.Now.AddHours(48), // 2 dias
UserId = user.Id,
Hash = Guid.NewGuid().ToString()
};
await ForgotPasswordInfoRepository.AddAsync(forgotPasswordInfo);
await _userContext.SaveChangesAsync();
dynamic templateArgs = new JObject();
templateArgs.PasswordHash = forgotPasswordInfo.Hash;
EmailTemplate template = _mailTemplateService.GetTemplate("welcome", templateArgs);
var request = new MailRequest
{
ToEmail = passwordInput.Email,
Subject = template.Subject,
Body = template.Body
};
try
{
await _mailService.SendEmailAsync(request);
return(true);
}
catch
{
return(false);
}
}
public ForgotPasswordOutput ForgotPassword(ForgotPasswordInput input)
{
try
{
RestHTTP http = new RestHTTP();
RestRequest req = new RestRequest("api/accounts/ForgotPassword", RestSharp.Method.POST);
req.AddHeader("Content-Type", "application/json");
req.AddJsonBody(input);
ForgotPasswordOutput response = http.HttpPost <ForgotPasswordOutput>(req);
return(response);
}
catch (Exception ex)
{
WriteLogFile.Append("ForgotPassword : ");
WriteLogFile.Append(ex.Message);
WriteLogFile.Append(ex.StackTrace);
}
return(null);
}
public async Task <ActionResult <ForgotPasswordOutput> > ForgotPassword([FromBody] ForgotPasswordInput input)
{
var user = await _authenticationAppService.FindUserByUserNameOrEmailAsync(input.UserNameOrEmail);
if (user == null)
{
return(NotFound("User is not found!")); // TODO: Make these messages static object
}
var resetToken = await _authenticationAppService.GeneratePasswordResetTokenAsync(user);
var callbackUrl = $"{_configuration[AppConfig.App_ClientUrl]}/account/reset-password?token={HttpUtility.UrlEncode(resetToken)}";
var subject = "Reset your password.";
var message = $"Please reset your password by clicking this link: <a href='{callbackUrl}'>{callbackUrl}</a>";
//await _emailSender.SendEmailAsync(user.Email, subject, message);
return(Ok(new ForgotPasswordOutput {
ResetToken = resetToken
}));
}
public async Task <ActionResult <ForgotPasswordOutput> > ForgotPassword([FromBody] ForgotPasswordInput input)
{
var user = await FindUserByUserNameOrEmail(input.UserNameOrEmail);
if (user == null)
{
return(NotFound(new List <NameValueDto>
{
new NameValueDto("UserNotFound", "User is not found!")
}));
}
var resetToken = await _userManager.GeneratePasswordResetTokenAsync(user);
var callbackUrl = _configuration["App:ClientUrl"] + "/account/reset-password?token=" + resetToken;
var message = new MailMessage(
@from: _configuration["Email:Smtp:Username"],
to: user.Email,
subject: "Reset your password",
body: $"Please confirm your account by clicking this link: <a href='{callbackUrl}'>link</a>"
);
message.IsBodyHtml = true;
#if !DEBUG
await _smtpClient.SendMailAsync(message);
#endif
_logger.LogInformation(Environment.NewLine + Environment.NewLine +
"******************* Reset Password Link *******************" +
Environment.NewLine + Environment.NewLine +
callbackUrl +
Environment.NewLine + Environment.NewLine +
"***********************************************************" +
Environment.NewLine);
return(Ok(new ForgotPasswordOutput {
ResetToken = resetToken
}));
}
public IHttpActionResult ForgotPassword(ForgotPasswordInput input)
{
Init();
ForgotPasswordOutput output = _authSvc.ForgotPassword(input);
return Ok(output);
}
