public async Task <ActionResult> SendMobileValidateCode(string mobile)
{
//验证传入的是否是有效的手机号。
Regex reg = new Regex(@"^[1]+[3,4,5,7,8]+\d{9}$");
if (!reg.IsMatch(mobile))
{
return(Json(new { code = 401, msg = "无效的手机号码。" }, "text/plain"));
}
using (var client = new TalentGo.ValidationCodeSvc.VerificationCodeClient())
{
try
{
var result = await client.SendAsync(mobile);
if (result.StatusCode == 0)
{
return(Json(true));
}
return(Json(new { code = result.StatusCode, msg = result.Message }, "text/plain"));
}
catch (Exception ex)
{
return(Json(new { code = 500, msg = ex.Message }, "text/plain"));
}
}
}
public async Task <ActionResult> ResetPasswordViaMobile(ResetPasswordViaMobileViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
WebUser user;
try
{
user = await this.personManager.FindByMobileAsync(model.Mobile) as WebUser;
}
catch (Exception ex)
{
throw ex;
}
if (user == null)
{
//不要显示找不到用户。
return(View("ResetPasswordConfirmation"));
}
DateTime now = DateTime.Now;
using (var client = new TalentGo.ValidationCodeSvc.VerificationCodeClient())
{
try
{
var validationResult = await client.VerifyAsync(model.Mobile, model.ValidateCode);
if (!validationResult)
{
return(RedirectToAction("ResetPasswordConfirmation", "Account"));
}
}
catch
{
return(RedirectToAction("ResetPasswordConfirmation", "Account"));
}
}
//if (!await this.phoneNumberValidationService.ValidateAsync(model.Mobile, model.ValidateCode))
// return View("ResetPasswordConfirmation");
//重置密码
var result = await this.UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);
if (result.Succeeded)
{
return(RedirectToAction("ResetPasswordConfirmation", "Account"));
}
AddErrors(result);
return(View());
}
public async Task <ActionResult> FindPasswordViaMobile(FindPasswordViaMobileViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
//为了隐藏,构造一个假的token
string token = "EbzHFOl%2BLSZ%2B3NjS1tgZyL10hmrXA78SfDgKmU%2Fxl5sAXPsfyrsEflP3k%2FBFRL%2BUXNBNtI2XuEQLJi7GiFlMEuUtp%2FCuvgyysDuN6Us3EaVf1kyKNHdyJpx8VkwKc0BwuJ0b1pjfJKITt5UExXTidehh0%2BlyK2NuAFwouA0lVwQ%55";
var user = await this.personManager.FindByMobileAsync(model.Mobile) as WebUser;
if (user == null)
{
//不要提示用户找不到用户对象,以免被自动程序测试。
return(RedirectToAction("ResetPasswordViaMobile", "Account", new { code = token }));
}
//创建真实的token
token = this.UserManager.GeneratePasswordResetToken(user.Id);
//如果手机号码没有被验证,则不发送短信
if (!user.MobileValid)
{
//不要显示任何提示,以免自动程序猜测
return(RedirectToAction("ResetPasswordViaMobile", "Account", new { code = token }));
}
//发送验证码
//await this.phoneNumberValidationService.SendValidationCodeAsync(model.Mobile);
using (var client = new TalentGo.ValidationCodeSvc.VerificationCodeClient())
{
try
{
var result = await client.SendAsync(model.Mobile);
}
catch
{ }
}
return(RedirectToAction("ResetPasswordViaMobile", "Account", new { code = token }));
}
public async Task <ActionResult> Register(RegisterViewModel model)
{
if (!Properties.Settings.Default.AllowUserRegisteration)
{
return(View("_OutOfService"));
}
if (!ModelState.IsValid)
{
return(View(model));
}
//先测试验证码
//再进行其他合规测试,这样可以充分利用验证码测试的复杂性,延缓自动程序利用验证错误条件进行猜测和攻击。
using (var client = new TalentGo.ValidationCodeSvc.VerificationCodeClient())
{
try
{
if (!await client.VerifyAsync(model.Mobile, model.ValidateCode))
{
this.ModelState.AddModelError(nameof(model.ValidateCode), "手机验证码错误或已失效。");
return(View(model));
}
}
catch (Exception ex)
{
this.ModelState.AddModelError(nameof(model.ValidateCode), "验证手机号码遇到异常:" + ex.Message);
return(View(model));
}
}
List <KeyValuePair <string, string> > Errors = new List <KeyValuePair <string, string> >();
///为了防止利用自动程序测试条件导致隐私泄露,我们首先进行验证码测试。只有验证码合格后,才进行唯一性判别
if (!ChineseIDCardNumber.TryParse(model.IDCardNumber, out ChineseIDCardNumber cardNumber))
{
Errors.Add(new KeyValuePair <string, string>("IDCardNumber", "不是一个有效的身份证号码。"));
}
if (await this.UserManager.FindByNameAsync(model.IDCardNumber) != null)
{
Errors.Add(new KeyValuePair <string, string>("IDCardNumber", "此身份证号码已被注册。"));
}
if (await this.UserManager.FindByEmailAsync(model.Email) != null)
{
Errors.Add(new KeyValuePair <string, string>("Email", "此电子邮件地址已被注册。"));
}
if (await this.personManager.FindByMobileAsync(model.Mobile) != null)
{
Errors.Add(new KeyValuePair <string, string>("Mobile", "此手机号码已被注册。"));
}
//唯一性判别结束后,若有错误,抛出之。
if (Errors.Count != 0)
{
foreach (var item in Errors)
{
this.ModelState.AddModelError(item.Key, item.Value);
}
Errors.Clear();
return(View(model));
}
var user = new WebUser(model.IDCardNumber, model.Surname, model.GivenName, model.Mobile, model.Email)
{
MobileValid = true,
};
var result = await UserManager.CreateAsync(user, model.Password);
//
if (result.Succeeded)
{
await SignInManager.SignInAsync(user, isPersistent : false, rememberBrowser : false);
// 有关如何启用帐户确认和密码重置的详细信息,请访问 http://go.microsoft.com/fwlink/?LinkID=320771
// 发送包含此链接的电子邮件
//string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
//var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
//await UserManager.SendEmailAsync(user.Id, "确认你的帐户", "请通过单击 <a href=\"" + callbackUrl + "\">这里</a>来确认你的帐户");
return(RedirectToAction("EditRealId"));
}
AddErrors(result);
return(View(model));
// 如果我们进行到这一步时某个地方出错,则重新显示表单
}
