public async Task<IHttpActionResult> ChangeEmail(ChangeEmailModel model)
{
try
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
using (AuthRepository repo = new AuthRepository())
{
ApplicationUser user = await repo.FindAspUserByUserId(HttpContext.Current.User.Identity.Name);
if (user != null)
{
IdentityResult updatedEmail = await repo.ChangeEmailAsync(user, model.Email, user.Email);
if (!updatedEmail.Succeeded)
{
foreach (string error in updatedEmail.Errors)
ModelState.AddModelError(ModelStateType.ErrorList, error);
return BadRequest(ModelState);
}
return Ok(user);
}
else
{
// Don't reveal that the user does not exist
ModelState.AddModelError(string.Empty, "Sorry, there was an error.");
return BadRequest(ModelState);
}
}
}
catch (Exception ex)
{
Helper.ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
}
public async Task<HttpResponseMessage> ConfirmEmail(string aspUserId, string code)
{
AuthRepository repo = new AuthRepository();
try
{
if (aspUserId != null && code != null)
{
IdentityResult result = await repo.ConfirmEmail(aspUserId, code);
if (result.Succeeded)
{
//If email confirmation succeeds, automatically give the a 2FA token
ApplicationUser user = await repo.FindAspUserByUserId(aspUserId);
var userIdentity = await user.GenerateUserIdentityAsync(UserManager);
string pinCode = await repo.GetTwoFactorCode(aspUserId);
await repo.VerifyTwoFactorToken(aspUserId, pinCode);
var rememberBrowserIdentity = repo.authManager.CreateTwoFactorRememberBrowserIdentity(user.Id);
repo.authManager.SignIn(new AuthenticationProperties { IsPersistent = true }, userIdentity, rememberBrowserIdentity);
var response = Request.CreateResponse(HttpStatusCode.Moved);
response.Headers.Location = new Uri(Config.BaseWWClientURL + "#/registerConfirm");
return response;
}
}
var errorResponse = Request.CreateResponse(HttpStatusCode.Moved);
errorResponse.Headers.Location = new Uri(Config.BaseWWClientURL + "/#/registerError?id=" + aspUserId);
return errorResponse;
}
catch (Exception ex)
{
ErrorLogging.LogError(ex);
var errorResponse = Request.CreateResponse(HttpStatusCode.Moved);
errorResponse.Headers.Location = new Uri(Config.BaseWWClientURL + "/#/registerError?id=" + aspUserId);
return errorResponse;
}
finally
{
repo.Dispose();
}
}
public async Task<IHttpActionResult> ChangePassword(ChangePasswordModel model)
{
try
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
using (AuthRepository repo = new AuthRepository())
{
ApplicationUser appUser = await repo.FindAspUserByUserId(User.Identity.Name);
var user = await repo.CheckCredentials(appUser.UserName, model.OldPassword);
if (user == null)
{
// Don't reveal that the user does not exist
ModelState.AddModelError(ModelStateType.ErrorList, "The current password is incorrect");
return BadRequest(ModelState);
}
IdentityResult result = await repo.ChangePasswordAsync(user, model.OldPassword, model.NewPassword);
if (!result.Succeeded)
{
foreach (string error in result.Errors)
ModelState.AddModelError(ModelStateType.ErrorList, error);
return BadRequest(ModelState);
}
return Ok();
}
}
catch (Exception ex)
{
Helper.ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
}