Example #1
0
        public async Task <ActionResult> ForgotPassword_Partial(EditModel model)
        {
            LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();

            if (model.ShowCaptcha != config.CaptchaForgotPassword)
            {
                throw new InternalError("Hidden field tampering detected");
            }

            await model.UpdateAsync();

            model.ShowCaptcha      = config.CaptchaForgotPassword;
            model.RegistrationType = config.RegistrationType;
            if (!ModelState.IsValid)
            {
                return(PartialView(model));
            }

            using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
                UserDefinition userDef;
                switch (model.RegistrationType)
                {
                case RegistrationTypeEnum.NameOnly:
                    userDef = await userDP.GetItemAsync(model.UserName);

                    if (userDef == null)
                    {
                        ModelState.AddModelError(nameof(model.UserName), this.__ResStr("badName", "According to our records there is no account associated with this name"));
                        return(PartialView(model));
                    }
                    break;

                case RegistrationTypeEnum.NameAndEmail:
                    userDef = await userDP.GetItemAsync(model.UserNameOrEmail);

                    if (userDef == null)
                    {
                        userDef = await userDP.GetItemByEmailAsync(model.UserNameOrEmail);

                        if (userDef == null)
                        {
                            ModelState.AddModelError(nameof(model.UserNameOrEmail), this.__ResStr("badNameEmail", "According to our records there is no account associated with this name or email address"));
                            return(PartialView(model));
                        }
                    }
                    break;

                default:
                case RegistrationTypeEnum.EmailOnly:
                    userDef = await userDP.GetItemByEmailAsync(model.Email);

                    if (userDef == null)
                    {
                        ModelState.AddModelError(nameof(model.Email), this.__ResStr("badEmail", "According to our records there is no account associated with this email address"));
                        return(PartialView(model));
                    }
                    break;
                }

                using (UserLoginInfoDataProvider logInfoDP = new UserLoginInfoDataProvider()) {
                    if (await logInfoDP.IsExternalUserAsync(userDef.UserId))
                    {
                        ModelState.AddModelError(nameof(model.Email), this.__ResStr("extEmail", "According to our records there is no account associated with this email address"));
                        ModelState.AddModelError(nameof(model.UserName), this.__ResStr("extName", "According to our records there is no account associated with this name"));
                        ModelState.AddModelError(nameof(model.UserNameOrEmail), this.__ResStr("extUser", "According to our records there is no account associated with this name or email address"));
                        return(PartialView(model));
                    }
                }
                switch (userDef.UserStatus)
                {
                case UserStatusEnum.Approved:
                    Emails emails = new Emails();
                    if (config.SavePlainTextPassword)
                    {
                        await emails.SendForgottenEmailAsync(userDef, config.BccForgottenPassword?Manager.CurrentSite.AdminEmail : null);

                        string from = emails.GetSendingEmailAddress();
                        return(FormProcessed(model, this.__ResStr("okForgot", "We just sent an email to your email address with your password information - Please allow a few minutes for delivery and make sure your spam filters allow emails from {0}", from), OnClose: OnCloseEnum.Nothing, OnPopupClose: OnPopupCloseEnum.ReloadModule));
                    }
                    else
                    {
                        if (userDef.ResetKey != null && userDef.ResetValidUntil != null && userDef.ResetValidUntil > DateTime.UtcNow)
                        {
                            // preserve existing key in case user resends
                        }
                        else
                        {
                            userDef.ResetKey        = Guid.NewGuid();
                            userDef.ResetValidUntil = DateTime.UtcNow.Add(config.ResetTimeSpan);
                            if (await userDP.UpdateItemAsync(userDef) != Core.DataProvider.UpdateStatusEnum.OK)    // update reset key info
                            {
                                throw new Error(this.__ResStr("resetUpdate", "User information could not be updated"));
                            }
                        }
                        await emails.SendPasswordResetEmailAsync(userDef, config.BccForgottenPassword?Manager.CurrentSite.AdminEmail : null);

                        string from = emails.GetSendingEmailAddress();
                        return(FormProcessed(model, this.__ResStr("okReset", "We just sent an email to your email address to reset your password - Please allow a few minutes for delivery and make sure your spam filters allow emails from {0}", from), OnClose: OnCloseEnum.Nothing, OnPopupClose: OnPopupCloseEnum.ReloadModule));
                    }

                case UserStatusEnum.NeedApproval:
                    throw new Error(this.__ResStr("needApproval", "This account has not yet been approved and is awaiting approval by the site administrator"));

                case UserStatusEnum.NeedValidation:
                    throw new Error(this.__ResStr("needValidation", "This account has not yet been verified - Please check your emails for our verification email"));

                case UserStatusEnum.Rejected:
                    throw new Error(this.__ResStr("rejected", "This account has been rejected and is not accessible"));

                case UserStatusEnum.Suspended:
                    throw new Error(this.__ResStr("suspended", "This account has been suspended and is not accessible"));

                default:
                    throw new Error(this.__ResStr("unknownState", "This account is in an undefined state and is not accessible"));
                }
            }
        }