public ActionResult GetPassword(GetPasswordViewModel model)
{
if (ModelState.IsValid)
{
int memberAction = (int)MemberActionType.GetPassword;
int limitMin = ConfigSetting.GetPasswordEmailTimeDiffMin;
if (MemberService.HasGetPasswordActionInLimitTime(model.Email, limitMin, memberAction))
{
ViewBag.SendMail = true;
ViewBag.HasSendMail = true;
ViewBag.Message = limitMin;
}
else
{
Member member = MemberService.GetALL().Single(x => x.Email.Equals(model.Email, StringComparison.CurrentCultureIgnoreCase));
string userKey = Guid.NewGuid().ToString();
string emailTitle = member.NickName + string.Format(" 您好!找回{0}密码!", ConfigSetting.SiteName);
EmailModel em = EmailService.GetMail(Server.MapPath("~/EmailTemplate/getpwd.htm"), emailTitle, member.MemberID, member.Email, member.NickName, userKey);
EmailService.SendMail(em);
Member_ActionService.Create(member, memberAction, userKey);
ViewBag.HasSendMail = false;
ViewBag.SendMail = true;
ViewBag.Title = "";
}
return(View(model));
}
return(View(model));
}
public async Task <IActionResult> GetPassword([FromBody] GetPasswordViewModel getPasswordViewModel)
{
// Given this is a sensitive method, we don't give the correct error
if (ModelState.IsValid == false)
{
return(BadRequest());
}
if (getPasswordViewModel.AssetId < 0)
{
return(BadRequest());
}
if (getPasswordViewModel.ProjectId < 0)
{
return(BadRequest());
}
if (string.IsNullOrWhiteSpace(getPasswordViewModel.FormDigest))
{
return(BadRequest());
}
string accessIpAddress = HttpContext?.Connection?.RemoteIpAddress?.ToString();
if (string.IsNullOrWhiteSpace(accessIpAddress))
{
return(BadRequest());
}
try
{
var asset = await _assetService.GetAssetAsync(getPasswordViewModel.ProjectId, getPasswordViewModel.AssetId, accessIpAddress);
var credential = asset as Credential;
var decryptedPassword = _assetService.DecryptPassword(credential.Password);
return(new OkObjectResult(decryptedPassword));
}
catch (Exception ex)
{
// LOG through SERVICE TODO
var t = new TelemetryClient();
t.TrackException(ex);
return(BadRequest());
}
}
public async Task <ActionResult> GetPassword(GetPasswordViewModel model)
{
if (ModelState.IsValid)
{
var employee = ERSAIDB.Employees.FirstOrDefault(e => e.BadgeNumber == model.BadgeNumber);
if (employee == null)
{
ModelState.AddModelError("", "No employee with specified badge number");
return(View(model));
}
if (employee.BirthDate?.Date != model.BirthDate?.Date)
{
ModelState.AddModelError("", "Wrong date of birth");
return(View(model));
}
var payslipUser = ERSAIDB.PersonalAccountUsers.FirstOrDefault(u => u.Badge == employee.BadgeNumber);
payslipUser = payslipUser ?? ERSAIDB.PersonalAccountUsers.Add(new DataModels.ERSAI.PersonalAccountUser()
{
Badge = employee.BadgeNumber,
ModifiedDate = DateTime.Now
});
/*payslipUser.AppUser = payslipUser.AppUser ?? new AppUser()
* {
* SecurityStamp = Guid.NewGuid().ToString(),
* UserName = employee.BadgeNumber
* };*/
var newPassword = payslipUser.SetNewPassword();
ERSAIDB.SaveChanges();
bool mailSent = false, SMSSent = false;
if (App.SMTPClient != null)
{
try
{
App.SMTPClient.TrySendEmail(new IntegrationClients.SMTP.EmailMessage()
{
Body = $"Your new password is {newPassword}",
Header = IntegrationClients.SMTP.MessageHeader.GetDefault(employee.FullName),
Footer = IntegrationClients.SMTP.MessageFooter.GetDefault(),
Subject = "Your new password",
To = payslipUser.ERSAIAccount?.Mail
});
mailSent = true;
}
catch
{
mailSent = false;
}
}
if (App.SMSClient != null)
{
try
{
var response = await App.SMSClient.SendSMS(new IntegrationClients.Infobip.SMSMessage()
{
To = new[] { payslipUser.MobPhone?.Primary_MobilePhone },
Text = $"Your new payslip password is:{Environment.NewLine}{newPassword}"
});
SMSSent = true;
}
catch
{
SMSSent = false;
}
}
LoginPageMessage message;
if (SMSSent || mailSent)
{
message = new LoginPageMessage()
{
CssClass = "positive",
Content = $"Your new password was sent to {(mailSent ? (payslipUser.ERSAIAccount?.Mail + (SMSSent ? " and " : string.Empty)) : string.Empty)}{(SMSSent ? payslipUser.MobPhone?.Primary_MobilePhone : "")}"
}
}
;
else
{
message = new LoginPageMessage()
{
CssClass = "error",
Content = "We couldn't send your new password to you due to contact information absense. Please, contact your HR"
}
};
return(RedirectToAction("Login", message));
}
// If we got this far, something failed, redisplay form
return(View(model));
}
