public IActionResult PasswordRecovery([FromBody] ForgotPasswordDataModel model) { /// /// User submits, system checks for username, if the username exists, it emails the user the reset key/email. /// If the username does not exist, the user will still see the same message, this is to ensure that somebody /// doesn't just attempt to guess the username/email. /// Password Recovery emails are sent via the UPQ. /// if (ModelState.IsValid) { if (model.Email == null || model.Email == "") { return(BadRequest("Email is required")); } User user = UserHelper.GetUserByEmail(model.Email); if (user != null) { PasswordRecoveryToken items = new PasswordRecoveryToken() { Expiration = DateTime.Now + new TimeSpan(2, 0, 0, 0), UserId = user.Id }; var jwt = TokenHelper.EncodeStandardJwtToken(items); try { //Send recovery email containing token } catch { } return(Ok()); //Do not return the recoveryToken in the service. Send a recovery email to validate the users ownership of the account. } else { return(NotFound()); } } else { return(BadRequest()); } }
public async Task <IActionResult> ForgotPassword([FromBody] ForgotPasswordDataModel model) { if (ModelState.IsValid) { var user = await _userManager.FindByEmailAsync(model.Email); if (user != null) { var token = await _userManager.GeneratePasswordResetTokenAsync(user); var resetUrl = Url.Action("ResetPassword", "Account", new { token = token, email = user.Email }, Request.Scheme); await _emailSender.SendResetPasswordEmailAsync(model.Email, resetUrl); } else { await _emailSender.SendEmailAsync(model.Email, "ResetPassword", "You don't have an Account with this Email Address"); } return(new OkResult()); } return(BadRequest()); }