public ActionResult ResetCompletion(string resetKey, string email) { // Get the restriction object with matching key and email address. var accountRestriction = new LinqMetaData().AccountRestriction.First(u => u.RestrictionKey == resetKey && u.EmailAddress == email); if (accountRestriction == null) { throw new HttpException(404, SharedRes.Error.NotFound_User); } // It must be active. if (!accountRestriction.IsActive) { throw new HttpException(404, SharedRes.Error.NotFound_User); } ResetCompletionModel model = new ResetCompletionModel(); if (accountRestriction.UserAccountRestrictions.Count > 1) { model.UserNames = accountRestriction.UserAccountRestrictions.Where(r => r.User.IsActive).Select(u => u.User.Username).ToList(); // Must be at least one. if (model.UserNames.Count == 0) { throw new HttpException(412, Account.Invalid_InactiveAccount); } model.Step = 1; } else { // The user account must also be active. if (!accountRestriction.UserAccountRestrictions[0].User.IsActive) { throw new HttpException(412, Account.Invalid_InactiveAccount); } model.UserName = accountRestriction.UserAccountRestrictions[0].User.Username; model.Step = 2; } model.ResetKey = resetKey; model.OriginalEmail = email; return(View(model)); }
public ActionResult ResetCompletion(ResetCompletionModel model) { if (ModelState.IsValid) { // Get the restriction object with matching key and email address. var accountRestriction = new LinqMetaData().AccountRestriction.First(u => u.RestrictionKey == model.ResetKey && u.EmailAddress == model.OriginalEmail); if (accountRestriction == null) { throw new HttpException(404, SharedRes.Error.NotFound_User); } // It must be active. if (!accountRestriction.IsActive) { throw new HttpException(404, SharedRes.Error.NotFound_User); } if (model.Step == 1) { var user = accountRestriction.UserAccountRestrictions.Where(r => r.User.Username == model.UserName).Select(u => u.User).ToArray()[0]; if (!user.IsActive) { throw new HttpException(404, SharedRes.Error.NotFound_User); } model.Step = 2; } else { // NOTE: Presently validating presence of password here because it can't be required for // step 1. Need to fix this so the standard validation can be used. if (!string.IsNullOrWhiteSpace(model.Password)) { if (accountRestriction.UserAccountRestrictions.Any(r => r.User.Username == model.UserName)) { var user = Membership.GetUser(model.UserName); if (user != null && !user.IsLockedOut) { if (user.SetPassword(model.Password)) { // Successfully rest. Remove the joins between the restriction and the users. // Make the restriction inactive; it's kept around for auditing. foreach (var restriction in accountRestriction.UserAccountRestrictions) { restriction.Delete(); } accountRestriction.RemovalTime = DateTime.UtcNow; accountRestriction.IsActive = false; accountRestriction.Save(); return(RedirectToAction("ResetCompletionSuccess")); } ModelState.AddModelError("", Account.Error_PasswordResetFailed); } else { ModelState.AddModelError("", Account.Invalid_AccountLocked); } } else { throw new HttpException(404, SharedRes.Error.NotFound_User); } } else { ModelState.AddModelError("", Account.Invalid_PasswordNotSpecified); } } } ModelState.SetModelValue("Step", new ValueProviderResult(null, null, null)); return(View(model)); }