/// <summary> /// Resets <paramref name="passwordResetDTO"/>.UserName's password with <paramref name="passwordResetDTO"/>.NewPassword, if <paramref name="passwordResetDTO"/>.TokenString is valid. /// </summary> /// <param name="passwordResetDTO"></param> /// <returns></returns> public async Task <IdentityResult> ResetPasswordAsync(PasswordResetDTO passwordResetDTO) { var user = await _userRepository.GetFirstOrDefaultAsync(a => a.UserName == _userName).ConfigureAwait(false); user.ThrowIfParameterIsNull("IdentityInvalidUserName"); return(await _userManager.ResetPasswordAsync(user, passwordResetDTO.TokenString, passwordResetDTO.NewPassword).ConfigureAwait(false)); }
public async Task <IActionResult> PasswordReset([FromBody] PasswordResetDTO dto) { try { await _loginService.ResetPassword(dto.Token, dto.Password); return(Ok()); } catch (UnknownTokenException) { return(Unauthorized(new { Reason = "invalid-token" })); } }
public async Task <IActionResult> PasswordResetHook([FromBody] PasswordResetDTO dto) { if (!ModelState.IsValid) { return(BadRequest("Invalid email" + ModelState.ToString())); } IdentityExpressUser identityExpressUser = await _userManager.FindByEmailAsync(dto.Email); string resetToken = await _userManager.GeneratePasswordResetTokenAsync(identityExpressUser); string emailHost = _configuration.GetValue <string>("smtp_host"); string emailPort = _configuration.GetValue <string>("smtp_port"); string smtpUsername = _configuration.GetValue <string>("smtp_username"); string smtpPassword = _configuration.GetValue <string>("smtp_password"); string origin = _configuration.GetValue <string>("Public_Origin"); int port = 587; int.TryParse(emailPort, out port); string senderEmail = _configuration.GetValue <string>("Email_Host"); string senderName = _configuration.GetValue <string>("Sender_Name"); MailMessage message = new MailMessage(); message.IsBodyHtml = true; message.From = new MailAddress(senderEmail, senderName); message.To.Add(new MailAddress(dto.Email)); message.Subject = "Password reset"; string urlEncodedEmail = HttpUtility.UrlEncode(identityExpressUser.Email); string urlEncodedToken = HttpUtility.UrlEncode(resetToken); message.Body = "<h1>IdentityServer Password Reset</h1>" + "<p>Plese reset you password using the following link:</p>" + "<p><a href='" + origin + "/Account/PasswordReset?email=" + urlEncodedEmail + "&token=" + urlEncodedToken + "'>resetToken</a></p>"; Console.WriteLine(resetToken); Console.WriteLine(urlEncodedToken); using (var client = new SmtpClient(emailHost, port)) { client.Credentials = new NetworkCredential(smtpUsername, smtpPassword); client.EnableSsl = true; client.Send(message); } return(Ok()); }
public async Task <IActionResult> UpdatePassword([FromBody] PasswordResetDTO passwordResetDTO) { try { var response = await _identityService.ResetPassword(passwordResetDTO.Token, passwordResetDTO.NewPassword, passwordResetDTO.Email); return(Ok(response)); } catch (Exception ex) { var resetResult = new ResetRequestResultDTO { Status = "failed", ResponseMessage = ex.Message, ResponseCode = "01" }; return(StatusCode(500, resetResult)); } }
public async Task <IActionResult> PostPasswordReset([FromBody] PasswordResetDTO model) { try { if (await repo.ResetPassword(model.UserName, model.Password, model.Code)) { var login = await repo.PostLogin(model.UserName, model.Password); var token = await repo.GetJWTToken(model.UserName); return(StatusCode(StatusCodes.Status200OK, new LoginViewModel() { User = login, Token = token })); } return(StatusCode(StatusCodes.Status200OK, null)); } catch (System.Exception ex) { return(StatusCode(StatusCodes.Status400BadRequest, ex.Message)); } }
public async Task <IActionResult> ResetPassword([FromBody] PasswordResetDTO resetViewModel) { try { if (!ModelState.IsValid) { _logger.LogTrace("Password reset failed due to missing parameters."); return(BadRequest("Invalid request.")); } if (!resetViewModel.Password.Equals(resetViewModel.ConfirmPassword, StringComparison.Ordinal)) { return(BadRequest("Passwords do not match.")); } var user = await _unitOfWork.UserManager.FindByIdAsync(resetViewModel.UserId).ConfigureAwait(false); if (user == null) { _logger.LogWarning("Password reset attempted with invalid user details."); return(StatusCode(500, "Password reset unsuccessful.")); } var token = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(resetViewModel.Token)); var result = await _unitOfWork.UserManager.ResetPasswordAsync(user, token, resetViewModel.Password).ConfigureAwait(false); if (!result.Succeeded) { return(BadRequest("Password reset failed: validation token not valid.")); } _logger.LogInformation($"{user.UserName} successfully reset their password."); try { await RevokeAllActiveUserRefreshCookiesAsync(user).ConfigureAwait(false); _logger.LogInformation($"Revoked active refresh tokens for {user.UserName}."); } catch (InvalidOperationException ex) { _logger.LogError(ex, "Exception thrown attempting to modify refresh tokens in database."); } catch (DbUpdateConcurrencyException ex) { _logger.LogError(ex, "Exception thrown attempting to modify refresh tokens in database."); } InvalidateRefreshCookieInBrowser(); var emailData = new UsernameTemplate() { Username = user.UserName }; var emailResponse = await _emailSender .SendEmailAsync(user.Email, _config["SendGrid:Templates:PasswordChanged"], EmailFrom.Account, emailData) .ConfigureAwait(false); if (emailResponse.StatusCode != System.Net.HttpStatusCode.Accepted) { _logger.LogError($"SendGrid failed to send password change notification to {user.UserName}."); } else { _logger.LogInformation($"Password change email dispatched to {user.UserName}."); } return(NoContent()); } catch (DbUpdateConcurrencyException ex) { _logger.LogError(ex, "Exception thrown attempting to save new refresh token to database."); return(StatusCode(500, "Password reset unsuccessful.")); } catch (Exception ex) { _logger.LogError(ex, "Exception thrown attempting to reset password."); return(StatusCode(500, "Password reset unsuccessful.")); } }
public async Task <IActionResult> ResetPasswordAsync([FromBody] PasswordResetDTO passwordResetDTO) => await _accountService.ResetPasswordAsync(passwordResetDTO).ConfigureAwait(false).GetActivityResponseAsync(_sharedLocalizer["PasswordResetSuccessfull"], _sharedLocalizer["AccountActivityErrorMessage"]).ConfigureAwait(false);