public async Task<ActionResult> ForgotPassword(ForgotPasswordModel model)
{
if (!ModelState.IsValid)
return View(model);
// GetUserAsync the user, check that his email is confirmed
AuthUser user = await UserManager.FindByEmailAsync(model.Email);
if (user == null || !await UserManager.IsEmailConfirmedAsync(user.Id))
// Don't reveal that the user does not exist or is not confirmed
return View("ForgotPassword");
await SendConfirmPasswordAsync(user.Id);
return RedirectToAction("ForgotPasswordConfirmation");
}
public async Task<IHttpActionResult> ForgotPasswordAsync(ForgotPasswordModel model)
{
if (!ModelState.IsValid)
return BadRequest(ModelState);
// GetUserAsync the user, check that his email is confirmed
AuthUser user = await _userManager.FindByEmailAsync(model.Email);
if (user == null || !await _userManager.IsEmailConfirmedAsync(user.Id))
{
// Don't reveal that the user does not exist or is not confirmed
return Ok();
}
await SendResetPasswordEmailAsync(user.Id);
return Ok();
}
