/// <summary>
/// Submits form.
/// </summary>
/// <param name="form">View model containing form definition and submitted values.</param>
/// <returns>Result of form post.</returns>
public FormResult PostForm(Form form)
{
try
{
// Get website identifier
long tenantId = _authenticationService.TenantId;
// Get confirm user set password model from submitted form values
ConfirmUserSetPasswordModel model = new ConfirmUserSetPasswordModel
{
Password = ((PasswordTextField)form.Fields["password"]).Value,
ConfirmPassword = ((PasswordTextField)form.Fields["confirmPassword"]).Value,
ConfirmKey = form.Context,
TenantId = tenantId
};
// Confirm user and set password
_authenticationService.ConfirmUserSetPassword(model);
// Return form result with no errors
return(_formHelperService.GetFormResult());
}
catch (ValidationErrorException ex)
{
// Return form result containing errors
return(_formHelperService.GetFormResultWithValidationErrors(ex.Errors));
}
catch (Exception)
{
// Return form result containing unexpected error message
return(_formHelperService.GetFormResultWithErrorMessage(ApplicationResource.UnexpectedErrorMessage));
}
}
public void ConfirmUserSetPassword(ConfirmUserSetPasswordModel model)
{
// Validate supplied confirmation details
_authenticationValidator.ValidateConfirmUserSetPassword(model);
// Get encrypted password
int saltSize = _authenticationConfigurationService.GetPasswordSaltSize(model.TenantId);
byte[] salt = _securityService.CreateSalt(saltSize);
byte[] saltedHash = _securityService.EncryptPassword(model.Password, salt);
// Flag user as confirmed in database and update user's password
Token token = _securityService.DeserializeToken(model.ConfirmKey);
// Get user
User user = _userRepository.ReadUserByConfirmToken(model.TenantId, token);
// Set user details
DateTime passwordChanged = DateTime.UtcNow;
user.Confirmed = true;
user.PasswordSaltedHash = _stringService.GetString(saltedHash);
user.PasswordSalt = _stringService.GetString(salt);
user.ConfirmTokenValue = null;
user.ConfirmTokenExpiry = null;
user.LockedOut = false;
user.LastPasswordFailure = null;
user.PasswordFailures = 0;
user.PasswordChanged = passwordChanged;
// Update user
_userRepository.UpdateUser(user);
}
/// <summary>
/// Performs main validation of supplied user confirmation details.
/// </summary>
/// <param name="model">Confirm user details.</param>
/// <param name="keyPrefix">Validation key prefix.</param>
public void ValidateConfirmUserSetPassword(ConfirmUserSetPasswordModel model, string keyPrefix = null)
{
// Do stock validation
_modelValidator.Validate(model, keyPrefix);
// Check that new and confirm passwords are identical (required while model validator does not support this data annotation)
if (model.Password != model.ConfirmPassword)
{
throw new ValidationErrorException(new ValidationError(null, AuthenticationResource.ConfirmUserPasswordsDoNotMatchMessage, keyPrefix));
}
// Check user status for confirmation action
ValidateConfirmUserStatus(new ConfirmUserStatusModel {
TenantId = model.TenantId, SetPassword = true, ConfirmKey = model.ConfirmKey
}, keyPrefix);
}
