public async Task <ActionResult> ResetPasswordConfirmation(
[FromForm] PostResetPasswordConfirmationRequest request,
CancellationToken ct)
{
if (request.NewPassword != request.NewPasswordConfirmation)
{
var resetPasswordConfirmationRequest = new ResetPasswordConfirmationRequest
{
TokenId = request.TokenId,
Code = request.Code,
IsPasswordsNotEqual = true
};
return(RedirectToAction("ResetPasswordConfirmation", resetPasswordConfirmationRequest));
}
var response = await _passwordResetService.SetNewPasswordAsync(
request.TokenId,
request.Code,
request.NewPassword,
ct);
if (response.IsInvalidToken)
{
return(BadRequest("Invalid code"));
}
return(View("~/OAuth/Views/NewPasswordSet.cshtml"));
}
public async Task <ActionResult> ResetPasswordConfirmation(ResetPasswordConfirmationRequest model)
{
// Using email address since the username is public information
var user = await this.userManager.FindByEmailAsync(model.Email);
if (user == null)
{
// Don't reveal that the user does not exist
return(this.Ok());
}
var result = await this.userManager.ResetPasswordAsync(user, model.Code, model.Password);
if (result.Succeeded)
{
return(this.Ok());
}
foreach (var error in result.Errors)
{
this.ModelState.AddModelError(string.Empty, error.Description);
}
return(this.BadRequest(this.ModelState));
}
public async Task <ActionResult> ResetPasswordConfirmation(
ResetPasswordConfirmationRequest request,
CancellationToken ct)
{
var isTokenValid = await _passwordResetService.IsTokenValidAsync(request.TokenId, request.Code, ct);
if (!isTokenValid)
{
return(BadRequest("Invalid code"));
}
var model = new ResetPasswordConfirmationViewModel(
request.TokenId,
request.Code,
request.IsPasswordsNotEqual);
return(View("~/OAuth/Views/SetNewPassword.cshtml", model));
}
