public ActionResult ForgotPassword(ForgotPasswordViewModel model) { SessionManager.RegisterSessionActivity(); if (ModelState.IsValid) { User anActiveOrBlockedUser = null; CEUserManager ceUserManager = new CEUserManager(); anActiveOrBlockedUser = ceUserManager.GetSigningUserByEmail(model.Email); if (anActiveOrBlockedUser == null) { // Don't reveal that the user does not exist or is not confirmed return(View("ForgotPasswordConfirmation")); } // For more information on how to enable account confirmation and password reset please visit https://go.microsoft.com/fwlink/?LinkID=320771 // Send an email with this link string longTicks = DateTime.Now.Ticks.ToString(), code = DataSecurityTripleDES.GetEncryptedText(longTicks); using (CraveatsDbContext craveatsDbContext = new CraveatsDbContext()) { User anUser = craveatsDbContext.User.First(u => u.Id == anActiveOrBlockedUser.Id); anUser.ResetCode = longTicks; anUser.ResetCodeExpiry = DateTime.Now.AddDays(1); anUser.ResetCodeSentAt = DateTime.Now; anUser.LastUpdated = DateTime.Now; craveatsDbContext.SaveChanges(); } var callbackUrl = Url.Action("ResetPassword", "Login", new { userId = DataSecurityTripleDES.GetEncryptedText(anActiveOrBlockedUser.Id), code = code }, protocol: Request.Url.Scheme); StringBuilder sbSubject = new StringBuilder("Craveats reset password request"), sbEmailBody = new StringBuilder("<p>Dear [FullName],</p><p>We have received a request that you would like to reset your account password with us." + "Please reset your password by clicking <a href=\"" + callbackUrl + "\">here</a></p><p>Thank you.</p><p>Craveats</p>"); CommunicationServiceProvider.SendOutgoingNotification( new MailAddress( anActiveOrBlockedUser.EmailAddress, string.Format("{0}{1}{2}", anActiveOrBlockedUser?.FirstName, " ", anActiveOrBlockedUser?.Surname).Trim()), sbSubject.ToString(), sbEmailBody.Replace("[FullName]", string.Format("{0}{1}{2}", anActiveOrBlockedUser?.FirstName, " ", anActiveOrBlockedUser?.Surname).Trim()).ToString()); return(RedirectToAction("ForgotPasswordConfirmation", "Login")); } // If we got this far, something failed, redisplay form return(View(model)); }
public ActionResult Register(RegisterViewModel model) { SessionManager.RegisterSessionActivity(); // Get all states again var roles = GetAllRoles(); // Set these states on the model. We need to do this because // only the selected value from the DropDownList is posted back, not the whole // list of states. model.Roles = GenUtil.GetSelectListItems(roles); // In case everything is fine - i.e. both "Name" and "State" are entered/selected, // redirect user to the "Done" page, and pass the user object along via Session if (ModelState.IsValid) { SHA1HashProvider sHA1HashProvider = new SHA1HashProvider(); if (!ceUserManager.IsRegistered(model.Email)) { string sha1HashText = sHA1HashProvider.SecureSHA1(model.Password.Trim()); int? newUserID = ceUserManager.RegisterNew(model.Email, sha1HashText, model.Role); if (newUserID.HasValue) { UserDTO userDTO = new UserDTO() { Id = DataSecurityTripleDES.GetEncryptedText(newUserID), FirstName = model.FirstName, Surname = model.Surname, UserStatus = (int?)UserStatusEnum.Active }; ceUserManager.SaveUserDetail(userDTO); StringBuilder sbSubject = new StringBuilder("Craveats new registrant notification"), sbEmailBody = new StringBuilder("<p>A new user with the following detail has been registered in the system. " + $"<br/><em>FirstName </em>: {model.FirstName}" + $"<br/><em>Surname </em>: {model.Surname}" + $"<br/><em>Email </em>: {model.Email}" + $"<br/><em>Registration Type </em>: {model.Role}" + "</p><p>Thank you.</p><p>Craveats</p>"); CommunicationServiceProvider.SendOutgoingNotification( new MailAddress( model.Email, string.Format("{0}{1}{2}", model.FirstName, " ", model?.Surname).Trim()), sbSubject.ToString(), sbEmailBody.ToString()); User result = ceUserManager.FindByCriteria(email: model.Email, userStatusEnums: new List <int> { (int)UserStatusEnum.Active, (int)UserStatusEnum.Blocked }); if (result != null) { userDTO = EntityDTOHelper.GetEntityDTO <User, UserDTO>(result); AuthenticatedUserInfo authenticatedUserInfo = new AuthenticatedUserInfo(userDTO); Session["loggeduser"] = authenticatedUserInfo; SessionManager.RegisterSessionActivity(userID: result.Id, loggedInAt: DateTime.Now); ceUserManager.SignInUser(HttpContext, string.Format("{0}", authenticatedUserInfo.FullName), false); return(RedirectToAction("Index", "Home")); } else { ModelState.AddModelError(string.Empty, "An error occurred in reading user data. Please review input and re-try."); } } else { ModelState.AddModelError(string.Empty, "An error occurred in registering new user. Please review input and re-try."); } } else { ModelState.AddModelError(string.Empty, "Email is registered and cannot be used to create another account."); } } // Something is not right - so render the registration page again, // keeping the data user has entered by supplying the model. return(View("Register", model)); }