public async Task <IActionResult> ResetPassword([FromBody] ResetPasswordApiModel model) { if (!ModelState.IsValid) { var errorList = new List <string>(); foreach (var modelState in ViewData.ModelState.Values) { foreach (var error in modelState.Errors) { errorList.Add(error.ErrorMessage.Replace("\"", string.Empty)); } } return(BadRequest(errorList)); } var user = await _userManager.FindByEmailAsync(model.Email); if (user == null) { return(BadRequest()); } // https://stackoverflow.com/questions/27241658/token-invalid-on-reset-password-with-asp-net-identity var code = model.Code.Replace(" ", "+"); var resetResult = await _userManager.ResetPasswordAsync(user, code, model.Password); if (!resetResult.Succeeded) { var result = resetResult.Errors; return(resetResult.Errors.Count() == 1 ? BadRequest(resetResult.Errors.First().Description) : BadRequest(resetResult.Errors.Select(err => err.Description).ToArray())); } return(Ok()); }
public HttpResponseMessage ValidateCode([FromBody] ResetPasswordApiModel apiModel) { var response = new HttpResponseMessage(); ResponseFormat responseData = new ResponseFormat(); if (apiModel == null) { response.StatusCode = HttpStatusCode.BadRequest; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.INVALID_KEY; } else { //validate the key sent if (string.IsNullOrEmpty(apiModel.key) || string.IsNullOrEmpty(apiModel.newPassword)) { response.StatusCode = HttpStatusCode.BadRequest; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.INVALID_KEY; } else { var payload = JwtTokenManager.ValidateJwtToken(apiModel.key); if (payload.ContainsKey("error")) { if ((string)payload["error"] == ErrorMessages.TOKEN_EXPIRED) { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.TOKEN_EXPIRED; } if ((string)payload["error"] == ErrorMessages.TOKEN_INVALID) { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.TOKEN_INVALID; } } else { //decode key for field "validationCode" and "email" var userEmail = Convert.ToString(payload["email"]); var userCode = Convert.ToString(payload["validationCode"]); //find user with email, if validation code is the same, hash password and save it to db var dbUser = db.USERs.Where(c => c.Email == userEmail).FirstOrDefault(); if (dbUser != null) { if (dbUser.RememberMeToken == userCode) { //hash user password dbUser.Hash = _hashManager.Hash(apiModel.newPassword); db.SaveChanges(); response.StatusCode = HttpStatusCode.OK; responseData = ResponseFormat.Success; responseData.message = SuccessMessages.PASSWORD_RESET; } else { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.INVALID_KEY; } } else { response.StatusCode = HttpStatusCode.NotFound; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.USER_NOT_FOUND; } } } } var json = JsonConvert.SerializeObject(responseData); response.Content = new StringContent(json, Encoding.UTF8, "application/json"); return(response); }