public ActionResult ForgotPassword(ForgotPasswordViewModel model)
{
if (ModelState.IsValid)
{
// First assume the username was typed in.
var userName = model.UserNameOrEmail;
var userId = _webSecurity.GetUserId(model.UserNameOrEmail);
if (userId == -1)
{
// If the user was not found by name, assume his email was typed in.
var user = _volunteerSvc.FindUserByEmail(model.UserNameOrEmail);
if (user != null)
{
userName = user.UserName;
userId = user.Id;
}
}
// Only send email when user actually exists. For security reasons
// don't show an error when the given user doesn't exist.
if (userId != -1)
{
var volunteer = _volunteerSvc.FindByUserId(userId);
if (volunteer != null)
{
var token = _webSecurity.GeneratePasswordResetToken(userName);
// Generate the absolute Url for the password reset action.
var routeValues = new RouteValueDictionary {
{ "token", token }
};
var passwordResetLink = Url.Action("ResetPassword", "Account", routeValues, Request.Url.Scheme);
var body = String.Format(@"<p>Click on the following link to reset your password: <a href='{0}'>{0}</a></p>", passwordResetLink);
var message = new Message("CrisisCheckin - Password Reset", body);
_messageService.SendMessage(message, volunteer);
}
}
return(RedirectToAction("PasswordResetRequested"));
}
return(View(model));
}
