public ActionResult ResetPassword(PasswordResetViewModel model)
        {
            if (model.ConfirmNewPassword != model.NewPassword)
            {
                ModelState.AddModelError(nameof(PasswordResetViewModel.ConfirmNewPassword), Resources.Global.PasswordConfirmation_NoMatch);
                model.NewPassword        = null;
                model.ConfirmNewPassword = null;
                return(View(model));
            }
            if (!ModelState.IsValid)
            {
                model.NewPassword        = null;
                model.ConfirmNewPassword = null;
                return(View(model));
            }

            var user = _userRepository.GetUserWithoutProtectedData(model.UserId);

            if (user == null)
            {
                return(View("Message", model: Resources.Global.PasswordReset_TokenInvalid));
            }

            if (!_passwordResetTokenSource.Validate(user.GetPasswordResetTokenGenerationInputString(), model.Token))
            {
                ModelState.AddModelError(nameof(PasswordResetViewModel.Token), Resources.Global.PasswordReset_TokenInvalid);
                return(View(model));
            }

            // all good, reset password
            _userRepository.SetPassword(_mapper.Map <PasswordResetModel>(model));
            return(View("Message", model: Resources.Global.PasswordReset_Success));
        }
        public ActionResult Confirm(long userId, string token)
        {
            if (string.IsNullOrWhiteSpace(token))
            {
                return(HttpNotFound());
            }

            var user = _userRepository.GetUserWithoutProtectedData(userId);

            if (user == null)
            {
                return(View("Message", model: Resources.Global.EmailConfirmation_TokenInvalid));
            }

            if (!_emailConfirmationTokenSource.Validate(user.GetEmailConfirmationTokenGenerationInputString(), token))
            {
                return(View("Message", model: Resources.Global.EmailConfirmation_TokenInvalid));
            }

            _userRepository.EmailConfirm(userId);
            return(View("Message", model: Resources.Global.EmailConfirmedMessage));
        }