public async Task <IActionResult> ResetPassword([FromBody] ResetPasswordApiModel model)
{
if (!ModelState.IsValid)
{
var errorList = new List <string>();
foreach (var modelState in ViewData.ModelState.Values)
{
foreach (var error in modelState.Errors)
{
errorList.Add(error.ErrorMessage.Replace("\"", string.Empty));
}
}
return(BadRequest(errorList));
}
var user = await _userManager.FindByEmailAsync(model.Email);
if (user == null)
{
return(BadRequest());
}
// https://stackoverflow.com/questions/27241658/token-invalid-on-reset-password-with-asp-net-identity
var code = model.Code.Replace(" ", "+");
var resetResult = await _userManager.ResetPasswordAsync(user, code, model.Password);
if (!resetResult.Succeeded)
{
var result = resetResult.Errors;
return(resetResult.Errors.Count() == 1
? BadRequest(resetResult.Errors.First().Description)
: BadRequest(resetResult.Errors.Select(err => err.Description).ToArray()));
}
return(Ok());
}
public HttpResponseMessage ValidateCode([FromBody] ResetPasswordApiModel apiModel)
{
var response = new HttpResponseMessage();
ResponseFormat responseData = new ResponseFormat();
if (apiModel == null)
{
response.StatusCode = HttpStatusCode.BadRequest;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.INVALID_KEY;
}
else
{
//validate the key sent
if (string.IsNullOrEmpty(apiModel.key) || string.IsNullOrEmpty(apiModel.newPassword))
{
response.StatusCode = HttpStatusCode.BadRequest;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.INVALID_KEY;
}
else
{
var payload = JwtTokenManager.ValidateJwtToken(apiModel.key);
if (payload.ContainsKey("error"))
{
if ((string)payload["error"] == ErrorMessages.TOKEN_EXPIRED)
{
response.StatusCode = HttpStatusCode.Unauthorized;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.TOKEN_EXPIRED;
}
if ((string)payload["error"] == ErrorMessages.TOKEN_INVALID)
{
response.StatusCode = HttpStatusCode.Unauthorized;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.TOKEN_INVALID;
}
}
else
{
//decode key for field "validationCode" and "email"
var userEmail = Convert.ToString(payload["email"]);
var userCode = Convert.ToString(payload["validationCode"]);
//find user with email, if validation code is the same, hash password and save it to db
var dbUser = db.USERs.Where(c => c.Email == userEmail).FirstOrDefault();
if (dbUser != null)
{
if (dbUser.RememberMeToken == userCode)
{
//hash user password
dbUser.Hash = _hashManager.Hash(apiModel.newPassword);
db.SaveChanges();
response.StatusCode = HttpStatusCode.OK;
responseData = ResponseFormat.Success;
responseData.message = SuccessMessages.PASSWORD_RESET;
}
else
{
response.StatusCode = HttpStatusCode.Unauthorized;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.INVALID_KEY;
}
}
else
{
response.StatusCode = HttpStatusCode.NotFound;
responseData = ResponseFormat.Fail;
responseData.message = ErrorMessages.USER_NOT_FOUND;
}
}
}
}
var json = JsonConvert.SerializeObject(responseData);
response.Content = new StringContent(json, Encoding.UTF8, "application/json");
return(response);
}
