public async Task <HttpResponseMessage> PostRequestPasswordReset(RequestPasswordResetModel model)
{
// If this feature is switched off in configuration the UI will be amended to not make the request to reset password available.
// So this is just a server-side secondary check.
if (UmbracoConfig.For.UmbracoSettings().Security.AllowPasswordReset == false)
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
var identityUser = await SignInManager.UserManager.FindByEmailAsync(model.Email);
if (identityUser != null)
{
var user = Services.UserService.GetByEmail(model.Email);
if (user != null)
{
var code = await UserManager.GeneratePasswordResetTokenAsync(identityUser.Id);
var callbackUrl = ConstructCallbackUrl(identityUser.Id, code);
var message = Services.TextService.Localize("resetPasswordEmailCopyFormat",
//Ensure the culture of the found user is used for the email!
UserExtensions.GetUserCulture(identityUser.Culture, Services.TextService),
new[] { identityUser.UserName, callbackUrl });
await UserManager.SendEmailAsync(identityUser.Id,
Services.TextService.Localize("login/resetPasswordEmailCopySubject",
//Ensure the culture of the found user is used for the email!
UserExtensions.GetUserCulture(identityUser.Culture, Services.TextService)),
message);
}
}
return(Request.CreateResponse(HttpStatusCode.OK));
}
public async Task <IActionResult> RequestReset(RequestPasswordResetModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var output = await _passwordService.RequestResetAsync(model);
if (output.Success)
{
string resetPasswordLink =
$"{_emailSettings.UIServer}resetPassword?token={HttpUtility.UrlEncode(output.Value)}&email={HttpUtility.UrlEncode(model.Email)}";
try
{
var resetPasswordEmailResponse = await _emailService.SendEmail(
model.Email,
message : $"{_emailSettings.HtmlContent_ResetPassword}{resetPasswordLink}{_emailSettings.HtmlContent_ResetPasswordEnding}",
subject : _emailSettings.Subject_ResetPassword);
return(Ok(resetPasswordEmailResponse));
}
catch (Exception e)
{
_log.LogError(e, "Request Reset Exception");
return(StatusCode(500));
}
}
return(Ok(output));
}
public async Task <IActionResult> PostRequestPasswordReset(RequestPasswordResetModel model)
{
// If this feature is switched off in configuration the UI will be amended to not make the request to reset password available.
// So this is just a server-side secondary check.
if (_securitySettings.AllowPasswordReset == false)
{
return(BadRequest());
}
var identityUser = await _userManager.FindByEmailAsync(model.Email);
if (identityUser != null)
{
var user = _userService.GetByEmail(model.Email);
if (user != null)
{
var from = _globalSettings.Smtp.From;
var code = await _userManager.GeneratePasswordResetTokenAsync(identityUser);
var callbackUrl = ConstructCallbackUrl(identityUser.Id, code);
var message = _textService.Localize("login", "resetPasswordEmailCopyFormat",
// Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(identityUser.Culture, _textService, _globalSettings),
new[] { identityUser.UserName, callbackUrl });
var subject = _textService.Localize("login", "resetPasswordEmailCopySubject",
// Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(identityUser.Culture, _textService, _globalSettings));
var mailMessage = new EmailMessage(from, user.Email, subject, message, true);
await _emailSender.SendAsync(mailMessage, Constants.Web.EmailTypes.PasswordReset);
_userManager.NotifyForgotPasswordRequested(User, user.Id.ToString());
}
}
return(Ok());
}
public async Task <OperationResult <string> > RequestResetAsync(RequestPasswordResetModel model)
{
try
{
_logger.LogInformation("Started RequestResetAsync.");
var user = await _userManager.FindByEmailAsync(model.Email);
if (user != null)
{
string resetPasswordToken = await _userManager.GeneratePasswordResetTokenAsync(user);
return(OperationResult.Ok(resetPasswordToken));
}
return(OperationResult.Fail <string>($"No Accounts registered with mail {model.Email}"));
}
catch (Exception e)
{
_logger.LogError($"Exception caught in RequestResetAsync mehod. {e}");
return(OperationResult.Fail <string>(string.Empty));
}
}
