public async Task <ServiceResponseResult> ForgotPassword(PasswordRecoverReqModel model) { Logger.WriteInformation("Requesting forgot password."); var user = await _context.User.FirstOrDefaultAsync(x => x.Email == model.Email.ToLower()); if (user == null) { return(new ServiceResponseResult { Result = new { Message = "No user exists with email" }, StatusCode = System.Net.HttpStatusCode.NotFound }); } if (!(user.SecurityQuestion == model.SecurityQuestion && user.SecurityQuestionAnswer == model.SecurityQuestionReply)) { return(new ServiceResponseResult { Result = new { Message = "Security question and answer does not match" }, StatusCode = System.Net.HttpStatusCode.BadRequest }); } if (!user.IsEmailVerified.HasValue || !user.IsEmailVerified.Value) { return(new ServiceResponseResult { Result = new { Message = "Email not verified" }, StatusCode = System.Net.HttpStatusCode.BadRequest }); } var tempPwd = Guid.NewGuid().ToString(); var pwdHash = HashUtility.CreatePasswordHash(tempPwd, _appSettings.Secret); user = user.UpdateIsTemporaryPassword(true) .UpdatePasswordHash(pwdHash) .UpdateLastUpdatedOn(DateTime.UtcNow) .UpdateLastUpdatedBy(user.Id); _context.User.Update(user); await _context.SaveChangesAsync(); var emailData = await _emailService.ConstructResetPassword(tempPwd); await _emailSender.SendMailViaSmtpClientAsync(new string[] { user.Email }, new string[] { }, new string[] { }, emailData); return(new ServiceResponseResult { StatusCode = System.Net.HttpStatusCode.OK }); }
public async Task <ActionResult> ForgotPassword([FromBody] PasswordRecoverReqModel model) { if (!ModelState.IsValid) { return(BadRequest(new ErrorModel { Message = string.Join(",", ModelState.Values.SelectMany(v => v.Errors)) })); } var res = await _authService.ForgotPassword(model); return(StatusCode(res.GetStatusCode(), res.Result)); }