public virtual ActionResult Index(ForgotPasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(View("Index"));
}
var request = new SendInstructionsToResetPasswordRequest()
{
UserNameOrEmail = model.UserNameOrEmail,
IPAddress = Request.UserHostAddress
};
var response = _service.SendInstructionsToResetPassword(request);
if (!response.IsSuccessful)
{
ModelState.AddModelError("", response.Message);
return(View("Index", model));
}
else
{
return(View("ForgotPasswordSuccessfullyRequested", model));
}
}
/// <summary>
/// Creates a Password Reset History object recording this reset attempt
/// </summary>
/// <returns></returns>
private SecurityPasswordResetRequest CreateSecurityPasswordResetRequestEntry(SendInstructionsToResetPasswordRequest request, SecurityUser securityUser, ADUser adUser)
{
string token = Guid.NewGuid().ToString().ToUpper();
var passwordResetRequest = new SecurityPasswordResetRequest()
{
SecurityUserId = (securityUser == null ? (int?)null : securityUser.SecurityUserId),
UserName = (securityUser == null ? adUser.UserName : securityUser.UserName),
Token = token,
EmailAddress = ((securityUser == null || String.IsNullOrWhiteSpace(securityUser.EmailAddress))
? adUser.EmailAddress
: securityUser.EmailAddress),
IPAddress = request.IPAddress,
RequestDate = DateTime.Now,
ExpirationDate = DateTime.Now.AddHours(24),
Processed = false,
ProcessDate = null
};
_repository.Add <SecurityPasswordResetRequest>(passwordResetRequest);
_repository.Commit();
return(passwordResetRequest);
}
/// <summary>
/// Process the request for a forgotten password from the main forgot password screen. This will lookup the
/// user and if found email them a link to reset their password.
/// </summary>
/// <param name="model"></param>
public SendInstructionsToResetPasswordResponse SendInstructionsToResetPassword(SendInstructionsToResetPasswordRequest request)
{
//
//Validate the parameters
//
if (request == null || String.IsNullOrWhiteSpace(request.UserNameOrEmail))
{
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = false,
Message = "An invalid user name or email address was specified."
});
}
SecurityUser securityUser = null;
ADUser adUser = null;
//
//See if we can reset this users active directory account. We only need to do this
//if active directory auth is enabled, if AD users are allowed to reset their password,
//and we are not storing the users in the SecurityUser table.
//
if (ApplicationService.Instance.FormsAuthenticationADEnabled &&
ApplicationService.Instance.ForgotPasswordResetAllowedForADUser &&
adUser == null && securityUser == null
)
{
//
//Try to find by username first
//
adUser = new ADUser(request.UserNameOrEmail);
//
//If not found, try to find by email address
//
if (!adUser.ValidUser)
{
var searchFilter = adUser.GetUserSearchFilterByEmailAddress(request.UserNameOrEmail);
adUser.PopulateUserInformation(searchFilter);
}
//Ensure we clear the record if we dont have a valid AD user
if (!adUser.ValidUser)
{
adUser = null;
}
//
//Get the security user record if we have security user records for AD users
//
else
{
if (ApplicationService.Instance.FormsAuthenticationCreateSecurityUserRecordOnADAuth)
{
securityUser =
_repository.GetAll <SecurityUser>()
.FirstOrDefault(p => p.ActiveDirectoryGuid == adUser.ObjectGuid);
}
}
}
//
//Then try to find the user by their SecurityUser table record
//
if (ApplicationService.Instance.FormsAuthenticationSecurityUserTableEnabled && adUser == null && securityUser == null)
{
//
//First try lookup only by userid
//Check the security user table first
//
var securityUsers =
_repository.GetAll <SecurityUser>().Where(p => p.UserName.Equals(request.UserNameOrEmail));
//If no match found, try lookup by email address
if (!securityUsers.Any())
{
securityUsers = _repository.GetAll <SecurityUser>()
.Where(p => p.EmailAddress.Equals(request.UserNameOrEmail));
}
//
//If there is more than one result, we cannot reset the password
//
if (securityUsers.Count() > 1)
{
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = false,
Message =
"Multiple records were found with the supplied username or email, your password cannot be reset. Please contact support to have your password reset."
});
}
securityUser = securityUsers.FirstOrDefault();
}
//
//Now ensure we can continue with the password reset
//
//
var canUserPasswordBeChangedRequest = new CanUserPasswordBeChangedRequest()
{
SecurityUser = securityUser,
ADUser = adUser
};
var canUserPasswordBeChangedResponse = _passwordService.CanUserPasswordBeChanged(canUserPasswordBeChangedRequest);
if (!canUserPasswordBeChangedResponse.IsSuccessful)
{
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = false,
Message = "That username or email address cannot have it's password reset. Please contact support to have your password reset."
});
}
//
//Ensure the user has an email address
//
if ((securityUser == null || String.IsNullOrWhiteSpace(securityUser.EmailAddress)) &&
(adUser == null || String.IsNullOrWhiteSpace(adUser.EmailAddress)))
{
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = false,
Message = "That username or email address cannot have it's password reset as it has no email on file. Please contact support to have your password reset."
});
}
//
//Create the password reset entry
//
var passwordResetRequest = CreateSecurityPasswordResetRequestEntry(request, securityUser, adUser);
//
//Send the password reset email
//
var sendForgotPasswordEmailRequest = new SendForgotPasswordEmailRequest()
{
SecurityUser = securityUser,
ADUser = adUser,
SecurityPasswordResetRequest = passwordResetRequest
};
var sendForgotPasswordEmailResponse = SendForgotPasswordEmail(sendForgotPasswordEmailRequest);
if (!sendForgotPasswordEmailResponse.IsSuccessful)
{
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = false,
Message = sendForgotPasswordEmailResponse.Message
});
}
//
//Request was successful
//
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = true,
Message = null
});
}
