public IActionResult PasswordRecovery([FromBody] ForgotPasswordDataModel model)
{
///
/// User submits, system checks for username, if the username exists, it emails the user the reset key/email.
/// If the username does not exist, the user will still see the same message, this is to ensure that somebody
/// doesn't just attempt to guess the username/email.
/// Password Recovery emails are sent via the UPQ.
///
if (ModelState.IsValid)
{
if (model.Email == null || model.Email == "")
{
return(BadRequest("Email is required"));
}
User user = UserHelper.GetUserByEmail(model.Email);
if (user != null)
{
PasswordRecoveryToken items = new PasswordRecoveryToken()
{
Expiration = DateTime.Now + new TimeSpan(2, 0, 0, 0),
UserId = user.Id
};
var jwt = TokenHelper.EncodeStandardJwtToken(items);
try
{
//Send recovery email containing token
}
catch
{
}
return(Ok()); //Do not return the recoveryToken in the service. Send a recovery email to validate the users ownership of the account.
}
else
{
return(NotFound());
}
}
else
{
return(BadRequest());
}
}
public async Task <IActionResult> ForgotPassword([FromBody] ForgotPasswordDataModel model)
{
if (ModelState.IsValid)
{
var user = await _userManager.FindByEmailAsync(model.Email);
if (user != null)
{
var token = await _userManager.GeneratePasswordResetTokenAsync(user);
var resetUrl = Url.Action("ResetPassword", "Account",
new { token = token, email = user.Email }, Request.Scheme);
await _emailSender.SendResetPasswordEmailAsync(model.Email, resetUrl);
}
else
{
await _emailSender.SendEmailAsync(model.Email, "ResetPassword", "You don't have an Account with this Email Address");
}
return(new OkResult());
}
return(BadRequest());
}
