public ActionResult ResetCompletion(string resetKey, string email)
{
// Get the restriction object with matching key and email address.
var accountRestriction = new LinqMetaData().AccountRestriction.First(u => u.RestrictionKey == resetKey && u.EmailAddress == email);
if (accountRestriction == null)
{
throw new HttpException(404, SharedRes.Error.NotFound_User);
}
// It must be active.
if (!accountRestriction.IsActive)
{
throw new HttpException(404, SharedRes.Error.NotFound_User);
}
ResetCompletionModel model = new ResetCompletionModel();
if (accountRestriction.UserAccountRestrictions.Count > 1)
{
model.UserNames = accountRestriction.UserAccountRestrictions.Where(r => r.User.IsActive).Select(u => u.User.Username).ToList();
// Must be at least one.
if (model.UserNames.Count == 0)
{
throw new HttpException(412, Account.Invalid_InactiveAccount);
}
model.Step = 1;
}
else
{
// The user account must also be active.
if (!accountRestriction.UserAccountRestrictions[0].User.IsActive)
{
throw new HttpException(412, Account.Invalid_InactiveAccount);
}
model.UserName = accountRestriction.UserAccountRestrictions[0].User.Username;
model.Step = 2;
}
model.ResetKey = resetKey;
model.OriginalEmail = email;
return(View(model));
}
public ActionResult ResetCompletion(ResetCompletionModel model)
{
if (ModelState.IsValid)
{
// Get the restriction object with matching key and email address.
var accountRestriction = new LinqMetaData().AccountRestriction.First(u => u.RestrictionKey == model.ResetKey && u.EmailAddress == model.OriginalEmail);
if (accountRestriction == null)
{
throw new HttpException(404, SharedRes.Error.NotFound_User);
}
// It must be active.
if (!accountRestriction.IsActive)
{
throw new HttpException(404, SharedRes.Error.NotFound_User);
}
if (model.Step == 1)
{
var user = accountRestriction.UserAccountRestrictions.Where(r => r.User.Username == model.UserName).Select(u => u.User).ToArray()[0];
if (!user.IsActive)
{
throw new HttpException(404, SharedRes.Error.NotFound_User);
}
model.Step = 2;
}
else
{
// NOTE: Presently validating presence of password here because it can't be required for
// step 1. Need to fix this so the standard validation can be used.
if (!string.IsNullOrWhiteSpace(model.Password))
{
if (accountRestriction.UserAccountRestrictions.Any(r => r.User.Username == model.UserName))
{
var user = Membership.GetUser(model.UserName);
if (user != null && !user.IsLockedOut)
{
if (user.SetPassword(model.Password))
{
// Successfully rest. Remove the joins between the restriction and the users.
// Make the restriction inactive; it's kept around for auditing.
foreach (var restriction in accountRestriction.UserAccountRestrictions)
{
restriction.Delete();
}
accountRestriction.RemovalTime = DateTime.UtcNow;
accountRestriction.IsActive = false;
accountRestriction.Save();
return(RedirectToAction("ResetCompletionSuccess"));
}
ModelState.AddModelError("", Account.Error_PasswordResetFailed);
}
else
{
ModelState.AddModelError("", Account.Invalid_AccountLocked);
}
}
else
{
throw new HttpException(404, SharedRes.Error.NotFound_User);
}
}
else
{
ModelState.AddModelError("", Account.Invalid_PasswordNotSpecified);
}
}
}
ModelState.SetModelValue("Step", new ValueProviderResult(null, null, null));
return(View(model));
}
