public virtual ActionResult Reset(ResetForgottenPasswordViewModel model) { if (!ModelState.IsValid) { return(View(model)); } // //Validate the id and token //This will decrypt the values, find the record, and ensure its not expired //If not valid then throw error, and redirect to ForgotPassword page to have them enter userid and email // var request = new ResetForgottenPasswordRequest() { Id = model.Id, Token = model.Token, NewPassword = model.NewPassword, NewPasswordConfirm = model.NewPasswordConfirm }; var response = _service.ResetForgottenPassword(request); if (!response.IsSuccessful) { //Redirect to the forgot password page with an error message if there is an issue ModelState.AddModelError("", response.Message); return(View("Reset", model)); } else { return(View("PasswordSuccessfullyReset", model)); } }
/// <summary> /// For a forgotten password request that has been emailed to the user, allow them to /// reset their password. /// </summary> /// <param name="model"></param> public ResetForgottenPasswordResponse ResetForgottenPassword( ResetForgottenPasswordRequest request) { // //Validate the parameters // if (request == null || String.IsNullOrWhiteSpace(request.Id) || String.IsNullOrWhiteSpace(request.Token)) { return(new ResetForgottenPasswordResponse() { IsSuccessful = false, Message = "An invalid password reset request was made." }); } // //Ensure the id and token is valid // var validationRequest = new ValidateSecurityPasswordResetTokenRequest() { Id = request.Id, Token = request.Token }; var validationResponse = this.ValidateSecurityPasswordResetToken(validationRequest); if (!validationResponse.IsSuccessful) { return(new ResetForgottenPasswordResponse() { IsSuccessful = false, Message = validationResponse.Message }); } var securityPasswordResetRequest = validationResponse.SecurityPasswordResetRequest; // //Get the SecurityUser record if it exists // SecurityUser securityUser = null; if (securityPasswordResetRequest.SecurityUserId != null) { securityUser = _repository.GetAll <SecurityUser>() .FirstOrDefault(p => p.SecurityUserId == securityPasswordResetRequest.SecurityUserId); } // //Change the password // var changePasswordRequest = new ChangePasswordRequest() { UserName = securityPasswordResetRequest.UserName, AuthenticationMethod = (securityUser != null ? securityUser.AuthenticationMethod : null), SecurityUserId = (securityUser != null ? securityUser.SecurityUserId : (int?)null), NewPassword = request.NewPassword, NewPasswordConfirm = request.NewPasswordConfirm, CheckPasswordComplexity = true, CheckIfUserPasswordCanBeChanged = true, EnforcePasswordHistory = true, SendPasswordSuccessfullyChangedEmail = true }; var changePasswordResponse = _passwordService.ChangePassword(changePasswordRequest); if (!changePasswordResponse.IsSuccessful) { return(new ResetForgottenPasswordResponse() { IsSuccessful = false, Message = changePasswordResponse.Message }); } // //Update the password reset request entity to store that the request has been processed // securityPasswordResetRequest.Processed = true; securityPasswordResetRequest.ProcessDate = DateTime.Now; _repository.Commit(); // //Successful reset of forgotten password if we got to here // return(new ResetForgottenPasswordResponse() { IsSuccessful = true, Message = null }); }