public static PasswordResetToken Create(User user)
{
PasswordResetToken resetToken = new PasswordResetToken();
resetToken.User = user;
resetToken.Token = Guid.NewGuid().ToString();
resetToken.IsActive = true;
return(resetToken);
}
public bool ResetPasswordFromToken(PasswordResetRequest resetRequest)
{
bool isPasswordReset = false;
Debug.WriteLine("Attempt to reset password for token {0}", resetRequest.Token);
if (resetRequest.IsValid())
{
Debug.WriteLine("Token is verified to be valid {0}", resetRequest.Token);
var exp = PredicateBuilder.Create <PasswordResetToken>(t => t.Token.ToLower() == resetRequest.Token.ToLower() &&
t.IsActive == true);
PasswordResetToken token = Repository.Get <PasswordResetToken>(exp);
if (token != null)
{
if (DateTime.UtcNow.Subtract(token.CreatedDate).TotalHours <= 24)
{
User user = token.User;
user.Salt = Guid.NewGuid().ToString().Substring(0, 5);
user.Password = HashProvider.CreateHash(user.Salt + resetRequest.NewPassword);
Util.SetCredentials(user);
Repository.Save <User>(user);
//Make the token inactive to prevent repate usage
token.IsActive = false;
Repository.Save <PasswordResetToken>(token);
Log.Info(String.Format("Password reset successfully for token {0}/userid:{1}", token.Token, user.Id));
}
else
{
Log.Error(String.Format("Attempt to reset password using expired token {0}", resetRequest.Token));
throw new Exception("Expired reset token");
}
}
else
{
var excp = new Exception("Invalid token or token has already expired");
Log.Fatal("Invalid Password Reset Token", excp);
throw excp;
}
}
return(isPasswordReset);
}
public bool IsPasswordRequestTokenValid(string token)
{
bool isPasswordRequestValid = false;
var exp = PredicateBuilder.Create <PasswordResetToken>(t => t.Token.ToLower() == token.ToLower() &&
t.IsActive == true);
PasswordResetToken resetToken = Repository.Get <PasswordResetToken>(exp);
if (resetToken != null)
{
if (DateTime.UtcNow.Subtract(resetToken.CreatedDate).TotalHours <= 24)
{
isPasswordRequestValid = true;
}
}
return(isPasswordRequestValid);
}
public bool RequestPasswordReset(string email)
{
bool isPasswordResetLinkSent = false;
Util.SetAnonymousCredentials();
var emailExp = PredicateBuilder.Create <User>(d => d.IsActive == true &&
d.DeletedDate == null &&
d.DeletedUser == null &&
d.Email.ToLower() == email.ToLower());
var user = Repository.Get <User>(emailExp);
if (user != null)
{
PasswordResetToken token = PasswordResetToken.Create(user);
token = Repository.Save <PasswordResetToken>(token);
//Sent confirmation mail to the suer
string subject = "Action required: Reset your password";
emailService.Sent("PasswordReset", subject, user.Email, new
{
User = user,
Token = token,
Domain = Application.GetSettings(SettingType.GENERAL).RootDomain.ToString(),
AppName = Application.GetSettings(SettingType.GENERAL).ApplicationName.ToString()
});
isPasswordResetLinkSent = true;
}
else
{
throw new Exception("Sorry, But we could not find any records for the given email address.");
}
return(isPasswordResetLinkSent);
}
