public async Task <ActionResult> VerifyUser(ChallengeQandAViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var user = await UserManager.FindByEmailAsync(model.UserId);
var qId = user.UserQuestions.Where(m => m.Q_ID.Equals(model.Q_ID)).FirstOrDefault();
if (model.Answer.Equals(qId.Answer, StringComparison.OrdinalIgnoreCase))
{
model.Code = await UserManager.GeneratePasswordResetTokenAsync(user.Id);
return(RedirectToAction("ResetPassword", "Account", new { code = model.Code, email = model.UserId }));
}
else
{
user.SecQandAFailCount += 1;
await UserManager.UpdateAsync(user);
if (user.SecQandAFailCount >= UserManager.MaxFailedAccessAttemptsBeforeLockout)
{
UserManager.SetLockoutEndDate(user.Id, DateTimeOffset.UtcNow.Add(UserManager.DefaultAccountLockoutTimeSpan));
user.SecQandAFailCount = 0;
await UserManager.UpdateAsync(user);
ViewBag.DefaultAccountLockoutTimeSpan = UserManager.DefaultAccountLockoutTimeSpan.TotalMinutes;
return(View("Lockout"));
}
return(RedirectToAction("VerifyUser", new { userId = model.UserId, code = model.Code }));
}
}
public async Task <ActionResult> VerifyUser(string userId, string code)
{
var user = await UserManager.FindByEmailAsync(userId);
if (user != null && UserManager.IsLockedOut(user.Id))
{
ViewBag.DefaultAccountLockoutTimeSpan = UserManager.DefaultAccountLockoutTimeSpan.TotalMinutes;
return(View("Lockout"));
}
else if (user != null && UserManager.VerifyUserToken(user.Id, "CanAnswerSecQuestions", code))
{
var questionVM = new ChallengeQandAViewModel();
var r = new Random();
var num = r.Next(user.UserQuestions.Count);
var userQandA = user.UserQuestions.ToList()[num];
questionVM.Question = userQandA.SecurityQuestion.Questions;
questionVM.Q_ID = userQandA.SecurityQuestion.ID;
questionVM.Code = code;
questionVM.UserId = userId;
return(View(questionVM));
}
return(View("InvalidToken"));
}
