public async Task <Response> Handle(Request request, CancellationToken cancellationToken) { //TODO: Track user-agent and possibly location/ip var user = _session.Query <User>() .FirstOrDefault(x => x.Email == request.Email); if (user == null) { throw new NotFoundCoreException(); } var tokenAsString = GenerateToken(20); var tokenHash = SecurePasswordHasher.Hash(tokenAsString); var resetTicket = new ResetTicket(user.Email, tokenHash, DateTime.UtcNow.AddMinutes(30)); _session.Store(resetTicket); await _emailService.SendPasswordResetEmail(user, tokenAsString, request.UserAgent, "127.0.0.1"); return(new Response()); }
public ActionResult byEmail(string Email) { db.Database.ExecuteSqlCommand("delete from ResetTickets where Email='" + Email.ToString() + "'"); string code = Guid.NewGuid().ToString(); ResetTicket RT = new ResetTicket(); RT.Email = Email; RT.Expiration = DateTime.Now.AddDays(1); RT.TokenHash = code; RT.TokenUsed = false; db.ResetTicket.Add(RT); StringBuilder sbody = new StringBuilder(); sbody.Append("<h1>CCL</h1>Here is your password reset link:"); sbody.Append("<a href=http://localhost:17382/PasswordRecovery/PasswordResetbyMail?Email=" + Email); sbody.Append("&ticket=" + code + "&u=" + RT.TokenUsed + "&expire=" + RT.Expiration + ">Click here to change your password</a>"); sbody.Append("<br/><br/><br/>This is for testing"); MailMessage mail = new MailMessage(); mail.To.Add(Email.ToString()); mail.From = new MailAddress("*****@*****.**"); mail.Subject = "Reset Password"; mail.Body = sbody.ToString(); mail.IsBodyHtml = true; SmtpClient smtp = new SmtpClient(); smtp.Host = "smtp.gmail.com"; smtp.Credentials = new System.Net.NetworkCredential("*****@*****.**", "password"); smtp.Port = 587; smtp.EnableSsl = true; smtp.Send(mail); db.SaveChanges(); return(View("EmailSent")); }
public ActionResult PasswordResetbyMail(string Email, ResetPassword rp, string Ticket, bool?U, string Expire) { if (ModelState.IsValid) { DateTime chk = DateTime.Now; var tokeHash = db.ResetTicket.Where(x => x.Email == Email).Select(y => y.TokenHash).FirstOrDefault(); var IsTicketUsed = db.ResetTicket.Where(x => x.Email == Email).Select(y => y.TokenUsed).FirstOrDefault(); var IsExpired = db.ResetTicket.Where(x => x.Email == Email).Select(y => y.Expiration).FirstOrDefault(); if (IsExpired < chk) { return(RedirectToAction("Expired")); } if (tokeHash == Ticket && IsTicketUsed == false) { List <UserRegistration> appusers = db.User.ToList(); foreach (var appuser in appusers) { if (appuser.Email.Equals(Email)) { ResetTicket RT = new ResetTicket(); RT.TokenUsed = true; appuser.Password = encryptionDecryptionUtil.CreatePasswordHash(rp.NewPassword, appuser.Salt); db.Entry(appuser).State = EntityState.Modified; //db.Database.ExecuteSqlCommand("update ResetTickets set TokenUsed='"+true+"' where TokenHash= '" + Ticket.ToString() + "'"); db.Database.ExecuteSqlCommand("delete from ResetTickets where Email='" + Email.ToString() + "'"); db.SaveChanges(); return(RedirectToAction("Confirmation")); } } } if (ModelState.IsValid) { ModelState.AddModelError("", "Something gonna wrong!"); } } return(View(rp)); }