public async Task <IHttpActionResult> ChangePassword(ChangePasswordBinding changedPassword)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var requestingUserId = User.Identity.GetUserId();
var result = await JWTUserManager.ChangePasswordAsync(
User.Identity.GetUserId(), changedPassword.OldPassword, changedPassword.NewPassword);
if (!result.Succeeded)
{
return(GetErrorResult(result));
}
var changingUser = JWTUserManager.FindById(requestingUserId);
var client = JWTClientManager.FindById(changingUser.ClientId);
JWTMailer.Send(changingUser.Email, JWTAuthServerConstants.PasswordChangeMailSubject,
string.Format(JWTAuthServerConstants.PasswordChangeMailBody, client.Name));
return(Ok());
}
public async Task <IHttpActionResult> ConfirmEmail(string userId = "", string code = "")
{
if (string.IsNullOrWhiteSpace(userId) || string.IsNullOrWhiteSpace(code))
{
ModelState.AddModelError("", JWTAuthServerConstants.UserIdAndCode);
return(BadRequest(ModelState));
}
var result = await JWTUserManager.ConfirmEmailAsync(userId, code);
if (result.Succeeded)
{
// Assigning the default user role when successfully confirming the email
// so the user will have the default rights to access the API.
await JWTUserManager.AddToRoleAsync(userId,
ConfigurationManager.AppSettings["JWTServer.InitialUserRole"]);
var confirmedUser = JWTUserManager.FindById(userId);
var client = JWTClientManager.FindById(confirmedUser.ClientId);
JWTMailer.Send(confirmedUser.Email, JWTAuthServerConstants.ConfirmResponseMailSubject,
string.Format(JWTAuthServerConstants.ConfirmResponseMailBody, client.Name));
return(Ok());
}
else
{
return(GetErrorResult(result));
}
}
// ----- External Auth Logic ------------------------------------------
private string ValidateClientAndRedirectUri(ref string redirectUriOutput)
{
Uri redirectUri;
var redirectUriString = GetQueryString(Request, "redirect_uri");
if (string.IsNullOrWhiteSpace(redirectUriString))
{
return("redirect_uri is required");
}
var validUri = Uri.TryCreate(redirectUriString, UriKind.Absolute, out redirectUri);
if (!validUri)
{
return("redirect_uri is invalid");
}
var clientId = GetQueryString(Request, "client_id");
if (string.IsNullOrWhiteSpace(clientId))
{
return("client_Id is required");
}
var client = JWTClientManager.FindById(clientId);
if (client == null)
{
return(string.Format("Client_id '{0}' is not registered in the system.", clientId));
}
if (!string.Equals(client.AllowedOrigin, redirectUri.GetLeftPart(UriPartial.Authority), StringComparison.OrdinalIgnoreCase))
{
return(string.Format("The given URL is not allowed by Client_id '{0}' configuration.", clientId));
}
redirectUriOutput = redirectUri.AbsoluteUri;
return(string.Empty);
}
