public IActionResult VerifyEmailPost(VerifyEmailChangeViewModel viewModel)
{
ChangeEmailVerificationToken changeEmailToken = Encryption.DecryptModel <ChangeEmailVerificationToken>(viewModel.Code);
if (TokenHasExpired(changeEmailToken))
{
string error = "Your email verification link has expired. Please go to My Account and start the email change process again.";
return(View("VerifyEmailError", error));
}
User user = dataRepository.Get <User>(changeEmailToken.UserId);
viewModel.User = user;
viewModel.NewEmailAddress = changeEmailToken.NewEmailAddress;
// Check if the user has entered a password (they might have left this field blank)
viewModel.ParseAndValidateParameters(Request, m => m.Password);
if (viewModel.HasAnyErrors())
{
return(View("VerifyEmail", viewModel));
}
if (!userRepository.CheckPassword(user, viewModel.Password))
{
viewModel.AddErrorFor(m => m.Password, "Incorrect password");
return(View("VerifyEmail", viewModel));
}
if (OtherUserWithThisEmailAddressAlreadyExists(viewModel.NewEmailAddress))
{
string error = "This email address is already taken by another account.";
return(View("VerifyEmailError", error));
}
string oldEmailAddress = user.EmailAddress;
userRepository.UpdateEmail(user, changeEmailToken.NewEmailAddress);
NotifyBothOldAndNewEmailAddressesThatEmailAddressHasBeenChanged(oldEmailAddress, changeEmailToken.NewEmailAddress);
return(View("ChangeEmailComplete", changeEmailToken.NewEmailAddress));
}
private bool IsReferrerChangeEmailVerification(AuthorizationRequest authRequest,
out ChangeEmailVerificationToken changeEmailToken)
{
// Check if the referring url is an email change verification
var referrerPathAndQuery = authRequest.Parameters["Referrer"];
if (referrerPathAndQuery != null &&
referrerPathAndQuery.StartsWith("/manage-account/complete-change-email"))
{
var query = referrerPathAndQuery.AfterFirst("?");
var queryDict = HttpUtility.ParseQueryString(query);
var code = queryDict["code"];
changeEmailToken = Encryption.DecryptModel <ChangeEmailVerificationToken>(code);
return(true);
}
changeEmailToken = null;
return(false);
}
public IActionResult VerifyEmailGet(string code)
{
ChangeEmailVerificationToken changeEmailToken = Encryption.DecryptModel <ChangeEmailVerificationToken>(code);
if (TokenHasExpired(changeEmailToken))
{
string error = "Your email verification link has expired. Please go to My Account and start the email change process again.";
return(View("VerifyEmailError", error));
}
User user = dataRepository.Get <User>(changeEmailToken.UserId);
var viewModel = new VerifyEmailChangeViewModel
{
User = user,
Code = code,
NewEmailAddress = changeEmailToken.NewEmailAddress
};
return(View("VerifyEmail", viewModel));
}
private static bool TokenHasExpired(ChangeEmailVerificationToken changeEmailToken)
{
DateTime verifyExpiryDate = changeEmailToken.TokenTimestamp.AddDays(Global.EmailVerificationExpiryDays);
return(verifyExpiryDate < VirtualDateTime.Now);
}
