private bool AnotherMemberHasRequestedThisEmailAddress(string email)
{
#pragma warning disable CA1308 // Normalize strings to uppercase
var membersRequestingThisEmail = Services.MemberService.GetMembersByPropertyValue("requestedEmail", email?.Trim().ToLowerInvariant(), StringPropertyMatchType.Exact);
#pragma warning restore CA1308 // Normalize strings to uppercase
return(membersRequestingThisEmail.Any(x => !_verificationToken.HasExpired(x.GetValue <DateTime>("requestedEmailTokenExpires"))));
}
public override ActionResult Index(ContentModel contentModel)
{
var model = new ResetPassword(contentModel?.Content);
model.Metadata = new ViewMetadata
{
PageTitle = model.Name,
Description = model.Description
};
try
{
model.PasswordResetToken = Request.QueryString["token"];
// If there's no token, show the form to request a password reset
if (string.IsNullOrEmpty(model.PasswordResetToken))
{
return(View("ResetPasswordRequest", model));
}
// Show a message saying the reset was successful
if (Request.QueryString["successful"] == "yes")
{
model.ShowPasswordResetSuccessful = true;
return(View("ResetPasswordComplete", model));
}
var memberId = _verificationToken.ExtractId(model.PasswordResetToken);
var member = Services.MemberService.GetById(memberId);
if (member.GetValue("passwordResetToken").ToString() == model.PasswordResetToken && !_verificationToken.HasExpired(member.GetValue <DateTime>("passwordResetTokenExpires")))
{
// Show the set a new password form
model.PasswordResetTokenValid = true;
}
else
{
// Show a message saying the token was not valid
Logger.Info(typeof(ResetPasswordController), LoggingTemplates.MemberPasswordResetTokenInvalid, model.PasswordResetToken, typeof(ResetPasswordController), nameof(ResetPasswordController.Index));
model.PasswordResetTokenValid = false;
}
}
catch (FormatException)
{
// Show a message saying the token was not valid
Logger.Info(typeof(ResetPasswordController), LoggingTemplates.MemberPasswordResetTokenInvalid, model.PasswordResetToken, typeof(ResetPasswordController), nameof(ResetPasswordController.Index));
model.PasswordResetTokenValid = false;
}
return(View("ResetPassword", model));
}
public ActionResult UpdatePassword([Bind(Prefix = "resetPasswordUpdate")] ResetPasswordFormData model)
{
var contentModel = new ResetPassword(CurrentPage);
contentModel.Metadata = new ViewMetadata
{
PageTitle = contentModel.Name,
Description = contentModel.Description
};
if (model == null)
{
contentModel.ShowPasswordResetSuccessful = false;
return(View("ResetPasswordComplete", contentModel));
}
// Assume the token is valid and this will be checked later
contentModel.PasswordResetToken = Request.QueryString["token"];
if (!ModelState.IsValid)
{
contentModel.PasswordResetTokenValid = true;
return(View("ResetPassword", contentModel));
}
try
{
var memberId = _verificationToken.ExtractId(contentModel.PasswordResetToken);
var memberService = Services.MemberService;
var member = memberService.GetById(memberId);
if (member != null)
{
if (member.GetValue <string>("passwordResetToken") == contentModel.PasswordResetToken &&
!_verificationToken.HasExpired(member.GetValue <DateTime>("passwordResetTokenExpires")))
{
// If the user has tried repeatedly they might have locked their account
// Remove the lockout and expire the token
member.IsLockedOut = false;
member.SetValue("passwordResetTokenExpires", _verificationToken.ResetExpiryTo());
memberService.Save(member);
// Reset the password
memberService.SavePassword(member, model.NewPassword);
Logger.Info(typeof(ResetPasswordSurfaceController), LoggingTemplates.MemberPasswordReset, member.Username, member.Key, typeof(ResetPasswordSurfaceController), nameof(UpdatePassword));
// They obviously wanted to login, so be helpful and do it, unless they're blocked
if (!member.GetValue <bool>("blockLogin"))
{
_loginMemberWrapper.LoginMember(member.Username, model.NewPassword);
}
// Redirect because the login doesn't update the thread identity
return(RedirectToCurrentUmbracoPage($"token={contentModel.PasswordResetToken}&successful=yes"));
}
else
{
Logger.Info(typeof(ResetPasswordSurfaceController), LoggingTemplates.MemberPasswordResetTokenInvalid, contentModel.PasswordResetToken, typeof(ResetPasswordSurfaceController), nameof(UpdatePassword));
contentModel.ShowPasswordResetSuccessful = false;
return(View("ResetPasswordComplete", contentModel));
}
}
else
{
Logger.Info(typeof(ResetPasswordSurfaceController), LoggingTemplates.MemberPasswordResetTokenInvalid, contentModel.PasswordResetToken, typeof(ResetPasswordSurfaceController), nameof(UpdatePassword));
contentModel.ShowPasswordResetSuccessful = false;
return(View("ResetPasswordComplete", contentModel));
}
}
catch (FormatException)
{
Logger.Info(typeof(ResetPasswordSurfaceController), LoggingTemplates.MemberPasswordResetTokenInvalid, contentModel.PasswordResetToken, typeof(ResetPasswordSurfaceController), nameof(UpdatePassword));
contentModel.ShowPasswordResetSuccessful = false;
return(View("ResetPasswordComplete", contentModel));
}
}
public override ActionResult Index(ContentModel contentModel)
{
var model = new ApproveMember(contentModel?.Content);
model.Metadata = new ViewMetadata
{
PageTitle = model.Name,
Description = model.Description
};
try
{
var approvalToken = Request.QueryString["token"];
var memberId = _verificationToken.ExtractId(approvalToken);
var memberService = Services.MemberService;
var member = memberService.GetById(memberId);
if (member != null && member.GetValue("approvalToken")?.ToString() == approvalToken && !_verificationToken.HasExpired(member.GetValue <DateTime>("approvalTokenExpires")))
{
// Approve the member and expire the token
member.IsApproved = true;
member.SetValue("approvalTokenExpires", _verificationToken.ResetExpiryTo());
memberService.Save(member);
model.ApprovalTokenValid = true;
model.MemberName = member.Name;
Logger.Info(typeof(ApproveMemberController), LoggingTemplates.ApproveMember, member.Username, member.Key, typeof(ApproveMemberController), nameof(Index));
}
else
{
model.ApprovalTokenValid = false;
}
}
catch (FormatException)
{
model.ApprovalTokenValid = false;
}
return(View("ApproveMember", model));
}
private bool MemberHasValidEmailToken(IMember member, string token)
{
return(member != null && member.GetValue("requestedEmailToken")?.ToString() == token && !_verificationToken.HasExpired(member.GetValue <DateTime>("requestedEmailTokenExpires")));
}