Example #1
0
 public async Task<ActionResult> GetAnswerForRecoveryQuestion(PasswordRecoveryModel model)
 {
     var requestedUser = await UserManager.FindByNameAsync(model.UserName);
     if (requestedUser == null)
         return new EmptyResult();
     return RedirectToAction("Manage", new { Username = model.UserName, Question = requestedUser.RecoveryQuestion });
 }
Example #2
0
        public async Task<ActionResult> RecoverPassword(PasswordRecoveryModel model)
        {
            if (ModelState.IsValid)
            {
                if (string.IsNullOrEmpty(model.InputAnswer))
                {
                    // begin recaptcha helper setup
                    var recaptchaHelper = this.GetRecaptchaVerificationHelper();

                    if (String.IsNullOrEmpty(recaptchaHelper.Response))
                    {
                        ModelState.AddModelError("", "Captcha answer cannot be empty");
                        return View(model);
                    }

                    var recaptchaResult = recaptchaHelper.VerifyRecaptchaResponse();

                    if (recaptchaResult != RecaptchaVerificationResult.Success)
                    {
                        ModelState.AddModelError("", "Incorrect captcha answer");
                        return View(model);
                    }
                    // end recaptcha helper setup

                    // Find username and pass it along
                    var user = await UserManager.FindByNameAsync(model.UserName);
                    if (user == null)
                        return View(model);
                    if (string.IsNullOrEmpty(user.RecoveryQuestion))
                    {
                        ModelState.AddModelError("", string.Format("{0} does not have a question to answer therefore no password recovery can be attempted.", model.UserName));
                        return View(model);
                    }
                    ViewBag.HasUsername = true;
                    model.UserName = user.UserName;
                    ViewBag.Username = user.UserName;
                    model.Question = user.RecoveryQuestion;
                }
                else
                {
                    var username = model.UserName;
                    if (username == null)
                        username = ViewBag.Username;
                    if (string.IsNullOrEmpty(model.InputAnswer) ||
                        string.IsNullOrEmpty(username) ||
                        string.IsNullOrEmpty(model.Question))
                    {
                        ModelState.AddModelError("", "Something went wrong!");
                        return View(model);
                    }
                    var user = await UserManager.FindByNameAsync(username);

                    if (user == null)
                    {
                        ModelState.AddModelError("", "Something went wrong!");
                        return View(model);
                    }

                    if (user.RecoveryQuestion != model.Question ||
                        user.Answer.ToLower() != model.InputAnswer.ToLower())
                    {
                        ModelState.AddModelError("", "Invalid answer.");
                        return View(model);
                    }
                    var newPassHash = UserManager.PasswordHasher.HashPassword(model.Password);
                    ApplicationUser cUser = UserManager.FindById(user.Id);
                    UserStore<ApplicationUser> store = new UserStore<ApplicationUser>();
                    await store.SetPasswordHashAsync(cUser, newPassHash);
                    await store.UpdateAsync(cUser);
                }
            }

            // If we got this far, something failed, redisplay form
            return View(model);
        }