public ActionResult ChangePassword(FormCollection form) { UserEntity user = null; using (AuthLogic.Disable()) { ViewData["Title"] = AuthMessage.ChangePassword.NiceToString(); if (UserEntity.Current == null) { var username = (string)TempData["username"]; if (!username.HasText()) { username = (string)form["username"]; } using (AuthLogic.Disable()) user = AuthLogic.RetrieveUser(username); var context = user.ApplyChanges(this, UserMapping.ChangePasswordOld, "").Validate(); if (context.HasErrors()) { ViewData["username"] = username; ModelState.FromContext(context); return(View(AuthClient.ChangePasswordView)); } string errorPasswordValidation = UserEntity.OnValidatePassword(Request.Params[UserMapping.NewPasswordKey]); if (errorPasswordValidation.HasText()) { ViewData["username"] = username; ModelState.AddModelError("password", errorPasswordValidation); return(View(AuthClient.ChangePasswordView)); } } else { var context = UserEntity.Current.ApplyChanges(this, UserMapping.ChangePasswordOld, "").Validate(); if (context.HasErrors()) { ModelState.FromContext(context); RefreshSessionUserChanges(); return(View(AuthClient.ChangePasswordView)); } string errorPasswordValidation = UserEntity.OnValidatePassword(Request.Params[UserMapping.NewPasswordKey]); if (errorPasswordValidation.HasText()) { ModelState.AddModelError("password", errorPasswordValidation); RefreshSessionUserChanges(); return(View(AuthClient.ChangePasswordView)); } user = context.Value; } AuthLogic.ChangePassword(user.ToLite(), Security.EncodePassword(form[UserMapping.OldPasswordKey]), Security.EncodePassword(form[UserMapping.NewPasswordKey])); } Login(user.UserName, form[UserMapping.NewPasswordKey], false, null); return(RedirectToAction("ChangePasswordSuccess")); }