public async Task <ActionResult> ResetPasswordConfirmation( [FromForm] PostResetPasswordConfirmationRequest request, CancellationToken ct) { if (request.NewPassword != request.NewPasswordConfirmation) { var resetPasswordConfirmationRequest = new ResetPasswordConfirmationRequest { TokenId = request.TokenId, Code = request.Code, IsPasswordsNotEqual = true }; return(RedirectToAction("ResetPasswordConfirmation", resetPasswordConfirmationRequest)); } var response = await _passwordResetService.SetNewPasswordAsync( request.TokenId, request.Code, request.NewPassword, ct); if (response.IsInvalidToken) { return(BadRequest("Invalid code")); } return(View("~/OAuth/Views/NewPasswordSet.cshtml")); }
public async Task <ActionResult> ResetPasswordConfirmation(ResetPasswordConfirmationRequest model) { // Using email address since the username is public information var user = await this.userManager.FindByEmailAsync(model.Email); if (user == null) { // Don't reveal that the user does not exist return(this.Ok()); } var result = await this.userManager.ResetPasswordAsync(user, model.Code, model.Password); if (result.Succeeded) { return(this.Ok()); } foreach (var error in result.Errors) { this.ModelState.AddModelError(string.Empty, error.Description); } return(this.BadRequest(this.ModelState)); }
public async Task <ActionResult> ResetPasswordConfirmation( ResetPasswordConfirmationRequest request, CancellationToken ct) { var isTokenValid = await _passwordResetService.IsTokenValidAsync(request.TokenId, request.Code, ct); if (!isTokenValid) { return(BadRequest("Invalid code")); } var model = new ResetPasswordConfirmationViewModel( request.TokenId, request.Code, request.IsPasswordsNotEqual); return(View("~/OAuth/Views/SetNewPassword.cshtml", model)); }