Exemple #1
0
        public void SendPasswordResetToken(SendPasswordResetTokenParameters parameters)
        {
            if (parameters == null)
            {
                throw new ClientException("It is not allowed to call this authentication service method with no parameters provided.");
            }
            _logger.Trace("SendPasswordResetToken " + parameters.UserName);
            parameters.Validate();

            const string logErrorFormat = "SendPasswordResetToken failed for {0}: {1}";

            try
            {
                string passwordResetToken;
                try
                {
                    var tokenParameters = new GeneratePasswordResetTokenParameters
                    {
                        UserName = parameters.UserName,
                        TokenExpirationInMinutesFromNow = Int32.Parse(ConfigUtility.GetAppSetting("AspNetFormsAuth.SendPasswordResetToken.ExpirationInMinutes") ?? "1440")
                    };
                    passwordResetToken = GeneratePasswordResetTokenInternal(tokenParameters);
                }
                // Providing an error information to the client might be a security issue, because this method allows anonymous access.
                catch (UserException ex)
                {
                    _logger.Trace(logErrorFormat, parameters.UserName, ex);
                    return;
                }
                catch (ClientException ex)
                {
                    _logger.Info(logErrorFormat, parameters.UserName, ex);
                    return;
                }

                // The plugin may choose it's own client error messages (UserException and ClientException will not be suppressed).
                _sendPasswordResetTokenPlugin.Value.SendPasswordResetToken(parameters.UserName, parameters.AdditionalClientInfo, passwordResetToken);
            }
            catch (Exception ex)
            {
                if (ex is UserException || ex is ClientException)
                {
                    ExceptionsUtility.Rethrow(ex);
                }

                // Don't return an internal error to the client. Log it and return a generic error message:
                _logger.Error(logErrorFormat, parameters.UserName, ex);
                throw new FrameworkException(FrameworkException.GetInternalServerErrorMessage(_localizer, ex));
            }
        }
        public void SendPasswordResetToken(SendPasswordResetTokenParameters parameters)
        {
            if (parameters == null)
                throw new ClientException("It is not allowed to call this authentication service method with no parameters provided.");
            _logger.Trace("SendPasswordResetToken " + parameters.UserName);
            parameters.Validate();

            const string logErrorFormat = "SendPasswordResetToken failed for {0}: {1}";

            try
            {
                string passwordResetToken;
                try
                {
                    var tokenParameters = new GeneratePasswordResetTokenParameters
                    {
                        UserName = parameters.UserName,
                        TokenExpirationInMinutesFromNow = Int32.Parse(ConfigUtility.GetAppSetting("AspNetFormsAuth.SendPasswordResetToken.ExpirationInMinutes") ?? "1440")
                    };
                    passwordResetToken = GeneratePasswordResetTokenInternal(tokenParameters);
                }
                // Providing an error information to the client might be a security issue, because this method allows anonymous access.
                catch (UserException ex)
                {
                    _logger.Trace(logErrorFormat, parameters.UserName, ex);
                    return;
                }
                catch (ClientException ex)
                {
                    _logger.Info(logErrorFormat, parameters.UserName, ex);
                    return;
                }

                // The plugin may choose it's own client error messages (UserException and ClientException will not be suppressed).
                _sendPasswordResetTokenPlugin.Value.SendPasswordResetToken(parameters.UserName, parameters.AdditionalClientInfo, passwordResetToken);
            }
            catch (Exception ex)
            {
                if (ex is UserException || ex is ClientException)
                    ExceptionsUtility.Rethrow(ex);

                _logger.Error(logErrorFormat, parameters.UserName, ex);
                throw new FrameworkException("Internal server error occurred. See RhetosServer.log for more information.");
            }
        }
Exemple #3
0
 public async Task SendPasswordResetToken([FromBody] SendPasswordResetTokenParameters parameters)
 {
     ValidateForEmptyParameters(parameters);
     await _authenticationService.SendPasswordResetTokenAsync(parameters.UserName, parameters.AdditionalClientInfo);
 }