public object Any(PasswordResetConfirmRequest request)
{
object val = null;
val = Process.PasswordReset(request);
return val;
}
public string PasswordReset(PasswordResetConfirmRequest request)
{
var record = RepoUsers.GetPasswordResetRecord(request.Key);
if (record == null || record.SaltedHash != request.Hash)
throw new InvalidPasswordResetException();
string hash, salt;
Auth.GetHashAndSaltString(request.NewPassword, out hash, out salt);
RepoUsers.UpdatePasswordByUserId(record.UserRef, hash, salt);
// clearup
RepoUsers.DeletePasswordResetRecord(record.UserRef);
// if people forgot to activation their signup,
// password reset can also act as signup activation
RepoUsers.DeleteActivationRecord(record.UserRef);
return request.Key;
}
