Esempio n. 1
0
        private static PasswordResetRequest CreateResetRequest(AccountInfo account, string token = null)
        {
            PasswordResetRequest req = new PasswordResetRequest();

            req.accountIdentifier = account.Identifier;
            req.accountType       = account.Type;
            req.secureToken       = token != null ? token : SecureToken.GetToken(account);
            req.email             = account.Email;
            req.displayName       = account.DisplayName;
            req.tokenExpiration   = SecureToken.GetMinimumTokenLifespan();
            return(req);
        }
Esempio n. 2
0
        /// <summary>
        /// Completes the password reset as requested and returns the new password.  If the request fails to validate (it may have been tampered with, expired, etc) returns null.
        /// </summary>
        /// <param name="type">Account type.</param>
        /// <param name="accountIdentifier">The unique identifier for the account (user name or email address, depending on account type).</param>
        /// <param name="token">The token from a reset request.</param>
        /// <param name="req">Upon success, this is set to a copy of the PasswordResetRequest so that some metadata such as the email address and user display name can be returned.</param>
        /// <returns></returns>
        public string CompletePasswordReset(string type, string accountIdentifier, string token, out PasswordResetRequest req)
        {
            req = null;
            if (type != accountType)
            {
                throw new Exception(this.GetType().Name + " received PasswordResetRequest with type " + type + ". Expected type " + accountType + ".");
            }

            AccountInfo account = GetCurrentAccountInfo(accountIdentifier);

            if (account == null || string.IsNullOrWhiteSpace(account.Email))
            {
                return(null);                // Specified account is not eligible for password resets.
            }
            account.Type = accountType;      // In case the derived class forgets to set this.

            if (SecureToken.VerifyToken(account, token))
            {
                string newPassword = GenerateNewPassword();
                if (CommitPasswordChange(account.Identifier, newPassword))
                {
                    req = CreateResetRequest(account, token);
                    return(newPassword);
                }
                else
                {
                    return(null);                    // Password change failed
                }
            }
            else
            {
                return(null);                // Request validation failed
            }
        }