public ActionResult DeleteConfirmed(int id)
{
pwdReset pwdReset = db.pwdReset.Find(id);
db.pwdReset.Remove(pwdReset);
db.SaveChanges();
return(RedirectToAction("Index"));
}
public ActionResult Edit([Bind(Include = "pwdReset_id,pwdReset_email,pwdReset_selector,pwdReset_token,pwdReset_expires")] pwdReset pwdReset)
{
if (ModelState.IsValid)
{
db.Entry(pwdReset).State = EntityState.Modified;
db.SaveChanges();
return(RedirectToAction("Index"));
}
return(View(pwdReset));
}
public ActionResult Create([Bind(Include = "pwdReset_id,pwdReset_email,pwdReset_selector,pwdReset_token,pwdReset_expires")] pwdReset pwdReset)
{
if (ModelState.IsValid)
{
db.pwdReset.Add(pwdReset);
db.SaveChanges();
return(RedirectToAction("Index"));
}
return(View(pwdReset));
}
// GET: pwdResets/Delete/5
public ActionResult Delete(int?id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
pwdReset pwdReset = db.pwdReset.Find(id);
if (pwdReset == null)
{
return(HttpNotFound());
}
return(View(pwdReset));
}
public ActionResult About(pwdReset pwdReset)
{
return(View());
}
public ActionResult resetedPassword(pwdReset pwdReset)
{
// Generate a selector and token for verification
var selector = randomBytes.GenerateRandomBytes(8);
var token = randomBytes.GenerateRandomBytes(32);
// Retrieve data from post method
int pwdReset_id = pwdReset.pwdReset_id;
string pwdReset_email = pwdReset.pwdReset_email;
string pwdReset_selector = pwdReset.pwdReset_selector;
string pwdReset_token = pwdReset.pwdReset_token;
int pwdReset_expires = pwdReset.pwdReset_expires;
var areUser = db.users.Where(x => x.user_email == pwdReset_email).FirstOrDefault();
// Verify if user exists
if (areUser != null)
{
// Making HashedToken for security with BCrypt
string hashedToken = BCryptHelper.HashPassword(token, BCryptHelper.GenerateSalt(7));
pwdReset_selector = selector;
pwdReset_token = token;
// Construct URL
string url = "localhost:62403/iforgot/createNewPassword?selector=" + pwdReset_selector + "&validator=" + pwdReset_token;
// Time now on seconds (UNIX TIME)
var dateU = Convert.ToInt32(DateTimeOffset.Now.ToUnixTimeSeconds());
// Expire date from now to 30 min
pwdReset_expires = dateU + 1800;
// Delete any data from database before now
iforgotInsert.pwdResetDelete(pwdReset_email);
// Inserting new data for recovery with expiration time setted on 30 min
iforgotInsert.pwdResetInsert(pwdReset_email, pwdReset_selector, hashedToken, pwdReset_expires);
// Message for the Email
string message = url;
try
{
// Sending URL to user
if (ModelState.IsValid)
{
var senderEmail = new MailAddress("*****@*****.**", "TEST");
var receiverEmail = new MailAddress(pwdReset_email, "Receiver");
var password = "******";
var sub = "Test";
var body = message;
var smtp = new SmtpClient
{
Host = "smtp.gmail.com",
Port = 587,
EnableSsl = true,
DeliveryMethod = SmtpDeliveryMethod.Network,
UseDefaultCredentials = false,
Credentials = new NetworkCredential(senderEmail.Address, password)
};
using (var mess = new MailMessage(senderEmail, receiverEmail)
{
Subject = sub,
Body = body
})
{
smtp.Send(mess);
}
return(View());
}
}
catch (Exception e)
{
ViewBag.Error = e;
return(View());
}
}
else if (areUser == null)
{
// Are not user
return(RedirectToAction("Index", "Home"));
}
return(View());
}
public ActionResult confirmedNewPass(pwdReset pwdReset)
{
// Retrieve data from post method after create new password
string pwdReset_selector = pwdReset.pwdReset_selector;
string pwdReset_validator = pwdReset.pwdReset_token;
string pwdReset_pwd = pwdReset.pwdReset_pwd;
string pwdReset_pwdRepeat = pwdReset.pwdReset_pwdRepeat;
try
{
if (pwdReset_pwd == null || pwdReset_pwdRepeat == null)
{
// Verify if boxes are empty
// return RedirectToAction("createNewPassword", "Home", "Test");
throw new NullReferenceException();
}
else if (pwdReset_pwd != pwdReset_pwdRepeat)
{
// Verify if pwd is the same on both boxes
throw new PasswordException();
}
// Time now on seconds (UNIX TIME)
var dateU = Convert.ToInt32(DateTimeOffset.Now.ToUnixTimeSeconds());
// Searching the user on pwdReset table using the selector and verifying if the expiration time are passed
var resultToken = db.pwdReset.Where(x => x.pwdReset_selector == pwdReset_selector && x.pwdReset_expires >= dateU).FirstOrDefault();
// Checking the validator
bool tokenCheck = BCryptHelper.CheckPassword(pwdReset_validator, resultToken.pwdReset_token);
if (tokenCheck == false)
{
// If NOT valid
throw new TokenOrValidationException();
}
else if (tokenCheck == true)
{
// If is valid
// Searching the user on users table with the email of pwdReset_email
var resultUser = db.users.Where(x => x.user_email == resultToken.pwdReset_email).FirstOrDefault();
if (resultUser != null)
{
// Hashing the new pwd with BCrypt and updating it
var hashedPwd = BCryptHelper.HashPassword(pwdReset_pwd, BCryptHelper.GenerateSalt(7));
resultUser.user_pwd = hashedPwd;
// Cleaning pwdReset Table
db.pwdReset.RemoveRange(db.pwdReset.Where(x => x.pwdReset_selector == pwdReset_selector));
db.SaveChanges();
// Cleaning variables
pwdReset_pwd = null;
pwdReset_pwdRepeat = null;
return(View());
}
else if (resultUser == null)
{
// If are any error from select
throw new NullReferenceException();
}
}
}
catch (NullReferenceException)
{
return(RedirectToAction("Index", "Home", new { error = "error" }));
}
catch (TokenOrValidationException)
{
return(RedirectToAction("Index", "Home", new { error = "badtoken" }));
}
catch (PasswordException)
{
return(RedirectToAction("Index", "Home", new { error = "badpwd" }));
}
catch (Exception e)
{
// If any unknown error
return(RedirectToAction("Index", "Home"));
}
return(View());
}
