public ActionResult ConfirmRestore(RestorePasswordViewDto dto)
{
if (dto == null)
return View("Error");
try
{
using (var context = new DatabaseContext())
{
PasswordRecovery recovery;
if (!context.PasswordRecoveries.TryGetByCode(dto.Token, out recovery))
{
//TODO: Log Error.
return View("Error");
}
if (recovery.IsExpiredOrClaimed())
{
//TODO: Log Error.
return View("Error");
}
var subscription = context.Subscriptions.Single(x => x.Id == recovery.SubscriptionId);
var user = context.Users.Single(x => x.Id == subscription.Subscriptor.Id);
recovery.Claimed = true;
user.Password = dto.NewPassword;
context.SaveChanges();
}
return RedirectToAction("SignIn");
}
catch (Exception)
{
//TODO: Log exception
return View("Error");
}
}
public ActionResult RestorePassword(string recoveryLink)
{
if (string.IsNullOrWhiteSpace(recoveryLink))
return View("Error");
try
{
using (var context = new DatabaseContext())
{
//recoveryLink format: http://teammashup.com/signin/restorepassword?token=2456C5CE-E935-434A-962B-DD9675A688B4
Guid token;
if (!SecurityManager.TryGetToken(recoveryLink, out token))
{
//TODO: Log Error.
return View("Error");
}
PasswordRecovery recovery;
if (!context.PasswordRecoveries.TryGetByCode(token, out recovery))
{
//TODO: Log Error.
return View("Error");
}
if (recovery.IsExpiredOrClaimed())
{
//TODO: Log Error.
return View("Error");
}
var model = new RestorePasswordViewDto();
return View(model);
}
}
catch (Exception)
{
//TODO: Log exception
return View("Error");
}
}
