public ActionResult Code(string userId, string loginCode)
{
if (userId == null || loginCode == null)
{
return(RedirectToAction("Index", "Login"));
}
long userIdLong;
if (!long.TryParse(userId, out userIdLong))
{
return(RedirectToAction("Index", "Login"));
}
var otp = DatabaseOtpService.GetByCode(loginCode);
if (otp.Time.AddMinutes(10) < DateTime.Now || otp.UserId != userIdLong)
{
return(RedirectToAction("Index", "Login"));
}
DatabaseOtpService.Disable(otp.Id);
Session[Models.Login.UserIdSession] = otp.UserId;
return(RedirectToAction("Index", "Patient"));
}
/**
* Receives a password reset token sent from email in order to redirect to
* the proper password reset page.
*
* @receives - request link from email with embedded one time password
*/
public ActionResult Reset()
{
try {
var userOtp = DatabaseOtpService.GetByCode(RouteData.Values["otp"].ToString());
var user = DatabaseUserService.GetById(userOtp.UserId);
if (userOtp.IsActive())
{
if (user.Enabled)
{
return(View("../Login/Reset", new LoginController.ResetData {
Email = user.Email, OTP = userOtp.Code
}));
}
else
{
return(ResetFailure());
}
}
else
{
return(ExpiredOtp());
}
} catch (Exception) {
return(BadLink());
}
}
public ActionResult Reset(string email, string password, string confirm_password, string otpCode)
{
var otp = DatabaseOtpService.GetByCode(otpCode);
if (otp == null || !otp.IsActive())
{
return(Index());
}
DatabaseOtpService.Disable(otp.Id);
var user = Login.GetLogin(email);
if (user == null)
{
return(Index());
}
if (string.IsNullOrEmpty(password) || string.IsNullOrEmpty(confirm_password))
{
return(ResetResult(ResetResults.PasswordNotSet));
}
if (password != confirm_password)
{
return(ResetResult(ResetResults.PasswordsDontMatch));
}
user.SetPassword(password);
return(ResetResult(null));
}