public async Task <IActionResult> PostSend2FACode([FromBody] string provider)
{
if (provider.IsNullOrWhiteSpace())
{
return(NotFound());
}
var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
if (user == null)
{
_logger.LogWarning("PostSend2FACode :: No verified user found, returning 404");
return(NotFound());
}
var from = _globalSettings.Smtp.From;
// Generate the token and send it
var code = await _userManager.GenerateTwoFactorTokenAsync(user, provider);
if (string.IsNullOrWhiteSpace(code))
{
_logger.LogWarning("PostSend2FACode :: Could not generate 2FA code");
return(BadRequest("Invalid code"));
}
var subject = _textService.Localize("login", "mfaSecurityCodeSubject",
// Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(user.Culture, _textService, _globalSettings));
var message = _textService.Localize("login", "mfaSecurityCodeMessage",
// Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(user.Culture, _textService, _globalSettings),
new[] { code });
if (provider == "Email")
{
var mailMessage = new EmailMessage(from, user.Email, subject, message, true);
await _emailSender.SendAsync(mailMessage, Constants.Web.EmailTypes.TwoFactorAuth);
}
else if (provider == "Phone")
{
await _smsSender.SendSmsAsync(await _userManager.GetPhoneNumberAsync(user), message);
}
return(Ok());
}
private async Task SendUserInviteEmailAsync(UserBasic?userDisplay, string?from, string?fromEmail, IUser?to, string?message)
{
var user = await _userManager.FindByIdAsync(((int?)userDisplay?.Id).ToString());
var token = await _userManager.GenerateEmailConfirmationTokenAsync(user);
// Use info from SMTP Settings if configured, otherwise set fromEmail as fallback
var senderEmail = !string.IsNullOrEmpty(_globalSettings.Smtp?.From) ? _globalSettings.Smtp.From : fromEmail;
var inviteToken = string.Format("{0}{1}{2}",
(int?)userDisplay?.Id,
WebUtility.UrlEncode("|"),
token.ToUrlBase64());
// Get an mvc helper to get the URL
var action = _linkGenerator.GetPathByAction(
nameof(BackOfficeController.VerifyInvite),
ControllerExtensions.GetControllerName <BackOfficeController>(),
new
{
area = Constants.Web.Mvc.BackOfficeArea,
invite = inviteToken
});
// Construct full URL using configured application URL (which will fall back to request)
Uri applicationUri = _httpContextAccessor.GetRequiredHttpContext().Request.GetApplicationUri(_webRoutingSettings);
var inviteUri = new Uri(applicationUri, action);
var emailSubject = _localizedTextService.Localize("user", "inviteEmailCopySubject",
// Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(to?.Language, _localizedTextService, _globalSettings));
var emailBody = _localizedTextService.Localize("user", "inviteEmailCopyFormat",
// Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(to?.Language, _localizedTextService, _globalSettings),
new[] { userDisplay?.Name, from, message, inviteUri.ToString(), senderEmail });
// This needs to be in the correct mailto format including the name, else
// the name cannot be captured in the email sending notification.
// i.e. "Some Person" <*****@*****.**>
var toMailBoxAddress = new MailboxAddress(to?.Name, to?.Email);
var mailMessage = new EmailMessage(senderEmail, toMailBoxAddress.ToString(), emailSubject, emailBody, true);
await _emailSender.SendAsync(mailMessage, Constants.Web.EmailTypes.UserInvite, true);
}
private async Task SendUserInviteEmailAsync(UserBasic userDisplay, string from, string fromEmail, IUser to, string message)
{
var user = await _userManager.FindByIdAsync(((int)userDisplay.Id).ToString());
var token = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var inviteToken = string.Format("{0}{1}{2}",
(int)userDisplay.Id,
WebUtility.UrlEncode("|"),
token.ToUrlBase64());
// Get an mvc helper to get the URL
var action = _linkGenerator.GetPathByAction(
nameof(BackOfficeController.VerifyInvite),
ControllerExtensions.GetControllerName <BackOfficeController>(),
new
{
area = Constants.Web.Mvc.BackOfficeArea,
invite = inviteToken
});
// Construct full URL using configured application URL (which will fall back to request)
var applicationUri = _hostingEnvironment.ApplicationMainUrl;
var inviteUri = new Uri(applicationUri, action);
var emailSubject = _localizedTextService.Localize("user", "inviteEmailCopySubject",
//Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(to.Language, _localizedTextService, _globalSettings));
var emailBody = _localizedTextService.Localize("user", "inviteEmailCopyFormat",
//Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(to.Language, _localizedTextService, _globalSettings),
new[] { userDisplay.Name, from, message, inviteUri.ToString(), fromEmail });
// This needs to be in the correct mailto format including the name, else
// the name cannot be captured in the email sending notification.
// i.e. "Some Person" <*****@*****.**>
var toMailBoxAddress = new MailboxAddress(to.Name, to.Email);
var mailMessage = new EmailMessage(null /*use info from smtp settings*/, toMailBoxAddress.ToString(), emailSubject, emailBody, true);
await _emailSender.SendAsync(mailMessage, Constants.Web.EmailTypes.UserInvite, true);
}
public async Task <IActionResult> PostRequestPasswordReset(RequestPasswordResetModel model)
{
// If this feature is switched off in configuration the UI will be amended to not make the request to reset password available.
// So this is just a server-side secondary check.
if (_securitySettings.AllowPasswordReset == false)
{
return(BadRequest());
}
var identityUser = await _userManager.FindByEmailAsync(model.Email);
if (identityUser != null)
{
var user = _userService.GetByEmail(model.Email);
if (user != null)
{
var from = _globalSettings.Smtp.From;
var code = await _userManager.GeneratePasswordResetTokenAsync(identityUser);
var callbackUrl = ConstructCallbackUrl(identityUser.Id, code);
var message = _textService.Localize("login", "resetPasswordEmailCopyFormat",
// Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(identityUser.Culture, _textService, _globalSettings),
new[] { identityUser.UserName, callbackUrl });
var subject = _textService.Localize("login", "resetPasswordEmailCopySubject",
// Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(identityUser.Culture, _textService, _globalSettings));
var mailMessage = new EmailMessage(from, user.Email, subject, message, true);
await _emailSender.SendAsync(mailMessage, Constants.Web.EmailTypes.PasswordReset);
_userManager.NotifyForgotPasswordRequested(User, user.Id.ToString());
}
}
return(Ok());
}
