public override async Task <PasswordResetCode> CreatePasswordResetCode(UserKey userKey)
{
this.CreatePasswordResetCode_InputUserKey = userKey;
this.CreatePasswordResetCode_Output = await base.CreatePasswordResetCode(userKey);
return(this.CreatePasswordResetCode_Output);
}
protected void btnSendPasswordReset_Click(object sender, EventArgs e)
{
if (Data.Rows.Count > 0)
{
PasswordResetCode result = ResetPassword.SendResetEmail(Data.Rows[0]["Email"].ToString());
switch (result)
{
case PasswordResetCode.Success: //Success
TopMessage.SuccessMessage = "A message was sent to the email address containing a link to reset the user's password.";
break;
case PasswordResetCode.InvalidEmail: //Invalid email
TopMessage.ErrorMessage = "Invalid email address.";
break;
case PasswordResetCode.GuidUpdateFailure: //Failed updating GUID
TopMessage.ErrorMessage = "Invalid user information.";
break;
case PasswordResetCode.CriticalError: //Critical error
default:
TopMessage.ErrorMessage = "It looks like there was an error sending the password reset email. Please try again.";
break;
}
}
else
{
TopMessage.ErrorMessage = "Unable to verify the user's email address. Please try again. (EUE102)";
}
}
public virtual Task <bool> ValidatePasswordResetCode(UserKey userKey,
PasswordResetCode code)
{
Guard.Null(nameof(userKey), userKey);
Guard.Null(nameof(code), code);
return(this.SingleUseTokenService.Validate(
CreateSingleUseToken("pw", userKey, code)));
}
public override Task <bool> ValidatePasswordResetCode(UserKey userKey,
PasswordResetCode code)
{
this.ValidatePasswordResetCode_InputUserKey = userKey;
this.ValidatePasswordResetCode_InputCode = code;
return(!this.ValidatePasswordResetCode_OutputOverride.HasValue
? base.ValidatePasswordResetCode(userKey, code)
: Task.FromResult(this.ValidatePasswordResetCode_OutputOverride.Value));
}
public virtual async Task <PasswordResetCode> CreatePasswordResetCode(UserKey userKey)
{
Guard.Null(nameof(userKey), userKey);
var code = new PasswordResetCode((int)this._random.GenerateNumber(6));
await this.SingleUseTokenService.Create(
CreateSingleUseToken("pw", userKey, code),
expiration : new UtcDateTime(this.Clock.UtcNow.ToOffset().AddDays(1)))
.ConfigureAwait(false);
return(code);
}
public static async Task <Result <UserMessage> > UpdatePassword <TUser>(
this IIdentityService <TUser> identity, TUser user, PasswordResetCode code,
Password password)
where TUser : IUserKey, IUserPasswordHash, IUserSecurityStamp
{
Guard.Null(nameof(identity), identity);
Guard.Null(nameof(user), user);
Guard.Null(nameof(code), code);
Guard.Null(nameof(password), password);
var key = user.Key();
if (key == null)
{
throw new ArgumentException(
paramName: nameof(user),
message: $"The {nameof(user)} argument's {nameof(user.Key)}() method cannot return null.");
}
var validCode = await identity.Helper.ValidatePasswordResetCode(key, code)
.ConfigureAwait(false);
if (!validCode)
{
return(identity.Helper.InvalidPasswordResetCode);
}
var result = await identity.Helper.SetPasswordHash(user, password)
.ConfigureAwait(false);
if (result.Success)
{
await identity.Helper.RefreshSecurityStamp(user).ConfigureAwait(false);
await identity.Update(user).ConfigureAwait(false);
}
return(result);
}
public IActionResult ResetPasswordAction(string email, string code, string password, string confirm_pw)
{
if (email != null && code != null && password != null && confirm_pw != null)
{
Console.WriteLine("we're in");
if (password == confirm_pw)
{
User returnedUser = _context.users.Where(p => p.email == email).FirstOrDefault();
if (returnedUser != null)
{
PasswordResetCode codeToMatch = _context.password_reset_codes.Where(p => p.user_id == returnedUser.user_id)
.OrderByDescending(p => p.created_at)
.Take(1)
.FirstOrDefault();
if (code == codeToMatch.code)
{
//hash and save new password
PasswordHasher <User> Hasher = new PasswordHasher <User>();
password = Hasher.HashPassword(returnedUser, password);
returnedUser.password = password;
_context.Update(returnedUser);
_context.SaveChanges();
//log user in
HttpContext.Session.SetInt32("loggedUser", returnedUser.user_id);
return(RedirectToAction("Homepage"));
}
}
TempData["error"] = "Email not registered";
return(View("confirmresetcode"));
}
TempData["error"] = "Passwords dont match";
return(View("confirmresetcode"));
}
TempData["error"] = "Can't be blank";
return(View("confirmresetcode"));
}
public IActionResult GetPasswordCode(string email)
{
if (email != null)
{
User returnedUser = _context.users.Where(p => p.email == email).FirstOrDefault();
if (returnedUser != null)
{
//generate random alphanumeric string
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
var randomString = new char[8];
Random rand = new Random();
for (int i = 0; i < randomString.Length; i++)
{
randomString[i] = chars[rand.Next(chars.Length)];
}
string resetCode = new string(randomString);
//convert string phone number to int
Int64 phone_num = Int64.Parse(returnedUser.phone);
SendText(phone_num, $"Hello, {returnedUser.name}! Your password reset code is: {resetCode}");
//save reset code to DB
PasswordResetCode newCode = new PasswordResetCode();
newCode.user_id = returnedUser.user_id;
newCode.code = resetCode;
_context.password_reset_codes.Add(newCode);
_context.SaveChanges();
return(RedirectToAction("ConfirmResetCode", new { user_id = returnedUser.user_id }));
}
Console.WriteLine("User not found");
}
return(RedirectToAction("ResetPassword"));
}
/// <summary>
/// <para>Generates a new GUID in the database and sends a reset password email to the user.</para>
/// <para>Return codes are as follows:</para>
/// <para>0 - Success.</para>
/// <para>1 - Invalid email address.</para>
/// <para>2 - Failed updating GUID. Either there was a database error or a user doesn't exist with that email.</para>
/// <para>3 - Critical error when attempting to send email.</para>
/// </summary>
/// <param name="email">The user's email.</param>
/// <returns></returns>
public static PasswordResetCode SendResetEmail(string email)
{
//Ensure we have a valid email.
string link;
string GCCPortalUrl = ConfigurationManager.AppSettings["GCCPortalURL"].ToString();
bool isValid = Validation.RegExCheck(email, ValidationType.Email);
if (!isValid)
{
return(PasswordResetCode.InvalidEmail);
}
//Get new GUID for password reset
string newGuid = UserInfo.ResetPassword(email);
if (string.IsNullOrEmpty(newGuid))
{
return(PasswordResetCode.InvalidEmail);
}
if (System.Diagnostics.Debugger.IsAttached)
{
Uri uri = HttpContext.Current.Request.Url;
link = uri.Scheme + "://" + uri.Host + ":" + uri.Port + "/PasswordChange?id=" + newGuid;
}
else
{
link = GCCPortalUrl + "PasswordChange?id=" + newGuid;
}
//Send email here.
#region Create and send email
MailMessage msg = new MailMessage {
Subject = "Reporting Portal Password Recovery"
};
//Set subject
//To address
msg.To.Add(new MailAddress(email, email));
//From [email protected]
msg.From = new MailAddress("*****@*****.**", "Forum Research");
//Set the reply-to email so it goes back to the help desk
msg.ReplyToList.Add(new MailAddress("*****@*****.**", "Forum Research"));
AlternateView plainView = AlternateView.CreateAlternateViewFromString(String.Format(
@"We have received your request to reset your password for the GCGC Reporting Portal website. To complete this request, simply click on the following link or paste it into your browser to reset your password.
{0}
Note: This link will only be active for 12 hours.
Regards,
Great Canadian Gaming Corporation", link), null, "text/plain");
msg.AlternateViews.Add(plainView);
AlternateView htmlView = AlternateView.CreateAlternateViewFromString(String.Format(
@"<p>We have received your request to reset your password for the GCGC Reporting Portal website. To complete this request, simply click on the following link or paste it into your browser to reset your password.<br />
{0}<br />
Note: This link will only be active for 12 hours.</p>
<p>Regards,</p>
<p>Great Canadian Gaming Corporation</p>",
"<a href='" + link + "'>" + link + "</a>"), null, "text/html");
msg.AlternateViews.Add(htmlView);
#endregion Create and send email
// ReSharper disable RedundantAssignment
PasswordResetCode response = PasswordResetCode.Success;
// ReSharper restore RedundantAssignment
try
{
//Settings in web.config
SmtpClient smtp = new SmtpClient();
smtp.Send(msg);
response = PasswordResetCode.Success; //Success
}
catch (Exception ex)
{
ErrorHandler.WriteLog("GCGCReportingPortal.ResetPassword", String.Format("There was an error sending the password recovery email to: {0}", email), ErrorHandler.ErrorEventID.General, ex);
response = PasswordResetCode.CriticalError; //Critical error!
}
finally
{
msg.Dispose();
}
return(response);
}
