private static PasswordResetRequest CreateResetRequest(AccountInfo account, string token = null)
{
PasswordResetRequest req = new PasswordResetRequest();
req.accountIdentifier = account.Identifier;
req.accountType = account.Type;
req.secureToken = token != null ? token : SecureToken.GetToken(account);
req.email = account.Email;
req.displayName = account.DisplayName;
req.tokenExpiration = SecureToken.GetMinimumTokenLifespan();
return(req);
}
/// <summary>
/// Completes the password reset as requested and returns the new password. If the request fails to validate (it may have been tampered with, expired, etc) returns null.
/// </summary>
/// <param name="type">Account type.</param>
/// <param name="accountIdentifier">The unique identifier for the account (user name or email address, depending on account type).</param>
/// <param name="token">The token from a reset request.</param>
/// <param name="req">Upon success, this is set to a copy of the PasswordResetRequest so that some metadata such as the email address and user display name can be returned.</param>
/// <returns></returns>
public string CompletePasswordReset(string type, string accountIdentifier, string token, out PasswordResetRequest req)
{
req = null;
if (type != accountType)
{
throw new Exception(this.GetType().Name + " received PasswordResetRequest with type " + type + ". Expected type " + accountType + ".");
}
AccountInfo account = GetCurrentAccountInfo(accountIdentifier);
if (account == null || string.IsNullOrWhiteSpace(account.Email))
{
return(null); // Specified account is not eligible for password resets.
}
account.Type = accountType; // In case the derived class forgets to set this.
if (SecureToken.VerifyToken(account, token))
{
string newPassword = GenerateNewPassword();
if (CommitPasswordChange(account.Identifier, newPassword))
{
req = CreateResetRequest(account, token);
return(newPassword);
}
else
{
return(null); // Password change failed
}
}
else
{
return(null); // Request validation failed
}
}