public async Task <Response> Handle(Request request, CancellationToken cancellationToken)
{
//TODO: Track user-agent and possibly location/ip
var user = _session.Query <User>()
.FirstOrDefault(x => x.Email == request.Email);
if (user == null)
{
throw new NotFoundCoreException();
}
var tokenAsString = GenerateToken(20);
var tokenHash = SecurePasswordHasher.Hash(tokenAsString);
var resetTicket = new ResetTicket(user.Email, tokenHash, DateTime.UtcNow.AddMinutes(30));
_session.Store(resetTicket);
await _emailService.SendPasswordResetEmail(user, tokenAsString, request.UserAgent, "127.0.0.1");
return(new Response());
}
public ActionResult byEmail(string Email)
{
db.Database.ExecuteSqlCommand("delete from ResetTickets where Email='" + Email.ToString() + "'");
string code = Guid.NewGuid().ToString();
ResetTicket RT = new ResetTicket();
RT.Email = Email;
RT.Expiration = DateTime.Now.AddDays(1);
RT.TokenHash = code;
RT.TokenUsed = false;
db.ResetTicket.Add(RT);
StringBuilder sbody = new StringBuilder();
sbody.Append("<h1>CCL</h1>Here is your password reset link:");
sbody.Append("<a href=http://localhost:17382/PasswordRecovery/PasswordResetbyMail?Email=" + Email);
sbody.Append("&ticket=" + code + "&u=" + RT.TokenUsed + "&expire=" + RT.Expiration + ">Click here to change your password</a>");
sbody.Append("<br/><br/><br/>This is for testing");
MailMessage mail = new MailMessage();
mail.To.Add(Email.ToString());
mail.From = new MailAddress("*****@*****.**");
mail.Subject = "Reset Password";
mail.Body = sbody.ToString();
mail.IsBodyHtml = true;
SmtpClient smtp = new SmtpClient();
smtp.Host = "smtp.gmail.com";
smtp.Credentials = new System.Net.NetworkCredential("*****@*****.**", "password");
smtp.Port = 587;
smtp.EnableSsl = true;
smtp.Send(mail);
db.SaveChanges();
return(View("EmailSent"));
}
public ActionResult PasswordResetbyMail(string Email, ResetPassword rp, string Ticket, bool?U, string Expire)
{
if (ModelState.IsValid)
{
DateTime chk = DateTime.Now;
var tokeHash = db.ResetTicket.Where(x => x.Email == Email).Select(y => y.TokenHash).FirstOrDefault();
var IsTicketUsed = db.ResetTicket.Where(x => x.Email == Email).Select(y => y.TokenUsed).FirstOrDefault();
var IsExpired = db.ResetTicket.Where(x => x.Email == Email).Select(y => y.Expiration).FirstOrDefault();
if (IsExpired < chk)
{
return(RedirectToAction("Expired"));
}
if (tokeHash == Ticket && IsTicketUsed == false)
{
List <UserRegistration> appusers = db.User.ToList();
foreach (var appuser in appusers)
{
if (appuser.Email.Equals(Email))
{
ResetTicket RT = new ResetTicket();
RT.TokenUsed = true;
appuser.Password = encryptionDecryptionUtil.CreatePasswordHash(rp.NewPassword, appuser.Salt);
db.Entry(appuser).State = EntityState.Modified;
//db.Database.ExecuteSqlCommand("update ResetTickets set TokenUsed='"+true+"' where TokenHash= '" + Ticket.ToString() + "'");
db.Database.ExecuteSqlCommand("delete from ResetTickets where Email='" + Email.ToString() + "'");
db.SaveChanges();
return(RedirectToAction("Confirmation"));
}
}
}
if (ModelState.IsValid)
{
ModelState.AddModelError("", "Something gonna wrong!");
}
}
return(View(rp));
}
