public async Task <IActionResult> PasswordReset(PasswordResetRequestModel model)
{
var profileToChange = dbContext.Profiles.FirstOrDefault(p => p.Email == model.Email);
if (profileToChange != null)
{
string resetToken =
await userManager.GeneratePasswordResetTokenAsync(profileToChange);
passwordResetMail.Name = profileToChange.Name;
passwordResetMail.Url = Url.Action(
"PasswordResetFinal",
"Account",
new { token = resetToken, userId = profileToChange.Id }
);
passwordResetMail.Send(model.Email);
ViewBag.Email = model.Email;
ViewBag.Result = true;
}
else
{
ViewBag.Result = false;
}
return(View());
}
public async Task <PasswordResetRequestResponseModel> RequestPasswordReset(PasswordResetRequestModel model)
{
if (!await requestPasswordResetPolicy.IsValid(model))
{
throw new PolicyViolationException(requestPasswordResetPolicy.PolicyViolations);
}
var user = await dbContext
.Users
.Where(n => n.Username.Trim().ToUpper() == model.Username.Trim().ToUpper())
.FirstAsync();
//Expire Old Password Reset Requests
var existingRequests = await dbContext.PasswordResetRequests.Where(n => n.UserId == user.UserId && n.IsActive).ToListAsync();
foreach (var existingRequest in existingRequests)
{
existingRequest.IsActive = false;
}
//Generate New Request
var resetRequest = new PasswordResetRequest(user.UserId);
dbContext.PasswordResetRequests.Add(resetRequest);
await dbContext.SaveChangesAsync();
var email = this.commsService.GetBaseEmail();
email.Subject = "JonkerBudgetCore.Api - Password Reset";
email.IsBodyHtml = true;
email.Body = $@"<style type=""text / css"">
p {{
font-family: ""sans-serif"";
font-size: 15px;
}}
</style>
<p>
Hi {user.Firstname},<br />
<br />
A password reset has been requested for your account ({user.Username}) on JonkerBudgetCore.Api ({websiteConfiguration.BaseAddress}).<br />
If you did not request a password reset or believe this is in error, please contact the administrator immediately.<br />
<br />
To reset your password, please click the following link:<br />
<a href=""{websiteConfiguration.BaseAddress}/reset-password/{resetRequest.UserId}/{resetRequest.Token}"">Reset My Password</a> <br />
<br />
Regards, <br />
JonkerBudgetCore.Api<br />
</p>";
email.To = user.Email;
var emailResult = await this.commsService.SendEmail(email);
return(new PasswordResetRequestResponseModel()
{
EmailAddress = user.Email
});
}
public async Task <ActionResult> PasswordReset([FromBody] PasswordResetRequestModel pwReset)
{
var user = await database.GetUserByUserName(pwReset.UserName);
if (user == null || user.EmailAddress.IsNullOrEmpty() || user.EmailAddress != pwReset.EmailAddress)
{
return(BadRequest());
}
await SendPasswordResetMail(user);
return(NoContent());
}
public async Task <IHttpActionResult> ResetPassword(PasswordResetRequestModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest("Your request is not valid."));
}
if (model.NewPassword != model.ConfirmPassword)
{
return(BadRequest("Confirm password does not match"));
}
var user = await _userService.GetUserAsNoTrackingAsync(model.UserId);
if (user == null)
{
return(BadRequest("Invalid user email verification request."));
}
var result = await _userService.ResetPasswordAsync(user.Id, model.Code, model.NewPassword);
return(Ok(result.Succeeded));
}
public async Task <IActionResult> RequestPasswordReset([FromBody] PasswordResetRequestModel model)
{
var result = await usersService.RequestPasswordReset(model);
return(Ok(result));
}
