public async Task <ServiceResponseResult> ForgotPassword(PasswordRecoverReqModel model)
{
Logger.WriteInformation("Requesting forgot password.");
var user = await _context.User.FirstOrDefaultAsync(x => x.Email == model.Email.ToLower());
if (user == null)
{
return(new ServiceResponseResult
{
Result = new { Message = "No user exists with email" },
StatusCode = System.Net.HttpStatusCode.NotFound
});
}
if (!(user.SecurityQuestion == model.SecurityQuestion && user.SecurityQuestionAnswer == model.SecurityQuestionReply))
{
return(new ServiceResponseResult
{
Result = new { Message = "Security question and answer does not match" },
StatusCode = System.Net.HttpStatusCode.BadRequest
});
}
if (!user.IsEmailVerified.HasValue || !user.IsEmailVerified.Value)
{
return(new ServiceResponseResult
{
Result = new { Message = "Email not verified" },
StatusCode = System.Net.HttpStatusCode.BadRequest
});
}
var tempPwd = Guid.NewGuid().ToString();
var pwdHash = HashUtility.CreatePasswordHash(tempPwd, _appSettings.Secret);
user = user.UpdateIsTemporaryPassword(true)
.UpdatePasswordHash(pwdHash)
.UpdateLastUpdatedOn(DateTime.UtcNow)
.UpdateLastUpdatedBy(user.Id);
_context.User.Update(user);
await _context.SaveChangesAsync();
var emailData = await _emailService.ConstructResetPassword(tempPwd);
await _emailSender.SendMailViaSmtpClientAsync(new string[] { user.Email }, new string[] { }, new string[] { }, emailData);
return(new ServiceResponseResult
{
StatusCode = System.Net.HttpStatusCode.OK
});
}
public async Task <ActionResult> ForgotPassword([FromBody] PasswordRecoverReqModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(new ErrorModel {
Message = string.Join(",", ModelState.Values.SelectMany(v => v.Errors))
}));
}
var res = await _authService.ForgotPassword(model);
return(StatusCode(res.GetStatusCode(), res.Result));
}
