public async Task <ActionResult> ResetPassword(string code, string userId)
{
if (string.IsNullOrEmpty(code) && string.IsNullOrEmpty(userId))
{
WorkContext.ErrorMessage = "Error in URL format";
return(View("error", WorkContext));
}
var user = await _commerceCoreApi.StorefrontSecurityGetUserByIdAsync(userId);
if (user == null)
{
WorkContext.ErrorMessage = "User was not found.";
return(View("error", WorkContext));
}
var tokenCookie = new HttpCookie(StorefrontConstants.PasswordResetTokenCookie, code);
tokenCookie.Expires = DateTime.UtcNow.AddDays(1);
HttpContext.Response.Cookies.Add(tokenCookie);
var customerIdCookie = new HttpCookie(StorefrontConstants.CustomerIdCookie, userId);
customerIdCookie.Expires = DateTime.UtcNow.AddDays(1);
HttpContext.Response.Cookies.Add(customerIdCookie);
return(View("customers/reset_password", WorkContext));
}
public async Task <ActionResult> Login(Login formModel, string returnUrl)
{
var loginResult = await _commerceCoreApi.StorefrontSecurityPasswordSignInAsync(formModel.Email, formModel.Password);
if (string.Equals(loginResult.Status, "success", StringComparison.InvariantCultureIgnoreCase))
{
var user = await _commerceCoreApi.StorefrontSecurityGetUserByNameAsync(formModel.Email);
var customer = await GetStorefrontCustomerByUserAsync(user);
//Check that it's login on behalf request
var onBehalfUserId = GetUserIdForLoginOnBehalf(Request);
if (!string.IsNullOrEmpty(onBehalfUserId) && !string.Equals(onBehalfUserId, customer.UserId) && await _customerService.CanLoginOnBehalfAsync(WorkContext.CurrentStore.Id, customer.UserId))
{
var userOnBehalf = await _commerceCoreApi.StorefrontSecurityGetUserByIdAsync(onBehalfUserId);
if (userOnBehalf != null)
{
var customerOnBehalf = await GetStorefrontCustomerByUserAsync(userOnBehalf);
customerOnBehalf.OperatorUserId = customer.UserId;
customerOnBehalf.OperatorUserName = customer.UserName;
//change the operator login on the customer login
customer = customerOnBehalf;
//Clear LoginOnBehalf cookies
SetUserIdForLoginOnBehalf(Response, null);
}
// TODO: Configure the reduced login expiration
}
//Check that current user can sing in to current store
if (customer.AllowedStores.IsNullOrEmpty() || customer.AllowedStores.Any(x => string.Equals(x, WorkContext.CurrentStore.Id, StringComparison.InvariantCultureIgnoreCase)))
{
var identity = CreateClaimsIdentity(customer);
_authenticationManager.SignIn(identity);
//Publish user login event
await _userLoginEventPublisher.PublishAsync(new UserLoginEvent(WorkContext, WorkContext.CurrentCustomer, customer));
return(StoreFrontRedirect(returnUrl));
}
else
{
ModelState.AddModelError("form", "User cannot login to current store.");
}
}
if (string.Equals(loginResult.Status, "lockedOut", StringComparison.InvariantCultureIgnoreCase))
{
return(View("lockedout", WorkContext));
}
if (string.Equals(loginResult.Status, "requiresVerification", StringComparison.InvariantCultureIgnoreCase))
{
return(StoreFrontRedirect("~/account/sendcode"));
}
ModelState.AddModelError("form", "Login attempt failed.");
return(View("customers/login", WorkContext));
}
