public ActionResult ConfirmRestore(RestorePasswordViewDto dto) { if (dto == null) return View("Error"); try { using (var context = new DatabaseContext()) { PasswordRecovery recovery; if (!context.PasswordRecoveries.TryGetByCode(dto.Token, out recovery)) { //TODO: Log Error. return View("Error"); } if (recovery.IsExpiredOrClaimed()) { //TODO: Log Error. return View("Error"); } var subscription = context.Subscriptions.Single(x => x.Id == recovery.SubscriptionId); var user = context.Users.Single(x => x.Id == subscription.Subscriptor.Id); recovery.Claimed = true; user.Password = dto.NewPassword; context.SaveChanges(); } return RedirectToAction("SignIn"); } catch (Exception) { //TODO: Log exception return View("Error"); } }
public ActionResult RestorePassword(string recoveryLink) { if (string.IsNullOrWhiteSpace(recoveryLink)) return View("Error"); try { using (var context = new DatabaseContext()) { //recoveryLink format: http://teammashup.com/signin/restorepassword?token=2456C5CE-E935-434A-962B-DD9675A688B4 Guid token; if (!SecurityManager.TryGetToken(recoveryLink, out token)) { //TODO: Log Error. return View("Error"); } PasswordRecovery recovery; if (!context.PasswordRecoveries.TryGetByCode(token, out recovery)) { //TODO: Log Error. return View("Error"); } if (recovery.IsExpiredOrClaimed()) { //TODO: Log Error. return View("Error"); } var model = new RestorePasswordViewDto(); return View(model); } } catch (Exception) { //TODO: Log exception return View("Error"); } }