public HttpResponseMessage ChangeRequest(ChangeRequest_RequestSM data)
{
// 1. Check does user with mobilePhone exist?
AppUser user = _appUserDal.GetByMobile(data.Mobile);
if (user != null)
{
// 2. If yes - create new entry in collection "ChangePasswordRequest".
var changePasswordRequest = new ChangePasswordRequest {
Mobile = data.Mobile,
Created = DateTime.Now,
Code = CodeGenerator.Generate4DigitCode(),
Approved = false,
Hash = StringHasher.GenerateHash()
};
_changePasswordRequestDal.Insert(changePasswordRequest);
// 3. Send SMS with code to user.
_omm.SendPasswordToUserWhoForgotPassword(user, changePasswordRequest.Code.ToString());
// 4. Response user with hash. With this hash user will send code back and change password then.
var changeRequest_ResponseSM = new ChangeRequest_ResponseSM {
Hash = changePasswordRequest.Hash
};
return Request.CreateResponse(HttpStatusCode.OK, changeRequest_ResponseSM);
}
else
{
// TODO: maybe return OK anyway to not let malefactors spam website to know all available mobilephone numbers?
return Request.CreateResponse(HttpStatusCode.BadRequest, "User with such mobile phone doesn't exists.");
}
}
public void Update(ChangePasswordRequest changePasswordRequest)
{
MongoCnn.GetChangePasswordRequestCollection().Save(changePasswordRequest);
}
