/// <summary>
/// Process the request for a forgotten password from the main forgot password screen. This will lookup the
/// user and if found email them a link to reset their password.
/// </summary>
/// <param name="model"></param>
public SendInstructionsToResetPasswordResponse SendInstructionsToResetPassword(SendInstructionsToResetPasswordRequest request)
{
//
//Validate the parameters
//
if (request == null || String.IsNullOrWhiteSpace(request.UserNameOrEmail))
{
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = false,
Message = "An invalid user name or email address was specified."
});
}
SecurityUser securityUser = null;
ADUser adUser = null;
//
//See if we can reset this users active directory account. We only need to do this
//if active directory auth is enabled, if AD users are allowed to reset their password,
//and we are not storing the users in the SecurityUser table.
//
if (ApplicationService.Instance.FormsAuthenticationADEnabled &&
ApplicationService.Instance.ForgotPasswordResetAllowedForADUser &&
adUser == null && securityUser == null
)
{
//
//Try to find by username first
//
adUser = new ADUser(request.UserNameOrEmail);
//
//If not found, try to find by email address
//
if (!adUser.ValidUser)
{
var searchFilter = adUser.GetUserSearchFilterByEmailAddress(request.UserNameOrEmail);
adUser.PopulateUserInformation(searchFilter);
}
//Ensure we clear the record if we dont have a valid AD user
if (!adUser.ValidUser)
{
adUser = null;
}
//
//Get the security user record if we have security user records for AD users
//
else
{
if (ApplicationService.Instance.FormsAuthenticationCreateSecurityUserRecordOnADAuth)
{
securityUser =
_repository.GetAll <SecurityUser>()
.FirstOrDefault(p => p.ActiveDirectoryGuid == adUser.ObjectGuid);
}
}
}
//
//Then try to find the user by their SecurityUser table record
//
if (ApplicationService.Instance.FormsAuthenticationSecurityUserTableEnabled && adUser == null && securityUser == null)
{
//
//First try lookup only by userid
//Check the security user table first
//
var securityUsers =
_repository.GetAll <SecurityUser>().Where(p => p.UserName.Equals(request.UserNameOrEmail));
//If no match found, try lookup by email address
if (!securityUsers.Any())
{
securityUsers = _repository.GetAll <SecurityUser>()
.Where(p => p.EmailAddress.Equals(request.UserNameOrEmail));
}
//
//If there is more than one result, we cannot reset the password
//
if (securityUsers.Count() > 1)
{
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = false,
Message =
"Multiple records were found with the supplied username or email, your password cannot be reset. Please contact support to have your password reset."
});
}
securityUser = securityUsers.FirstOrDefault();
}
//
//Now ensure we can continue with the password reset
//
//
var canUserPasswordBeChangedRequest = new CanUserPasswordBeChangedRequest()
{
SecurityUser = securityUser,
ADUser = adUser
};
var canUserPasswordBeChangedResponse = _passwordService.CanUserPasswordBeChanged(canUserPasswordBeChangedRequest);
if (!canUserPasswordBeChangedResponse.IsSuccessful)
{
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = false,
Message = "That username or email address cannot have it's password reset. Please contact support to have your password reset."
});
}
//
//Ensure the user has an email address
//
if ((securityUser == null || String.IsNullOrWhiteSpace(securityUser.EmailAddress)) &&
(adUser == null || String.IsNullOrWhiteSpace(adUser.EmailAddress)))
{
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = false,
Message = "That username or email address cannot have it's password reset as it has no email on file. Please contact support to have your password reset."
});
}
//
//Create the password reset entry
//
var passwordResetRequest = CreateSecurityPasswordResetRequestEntry(request, securityUser, adUser);
//
//Send the password reset email
//
var sendForgotPasswordEmailRequest = new SendForgotPasswordEmailRequest()
{
SecurityUser = securityUser,
ADUser = adUser,
SecurityPasswordResetRequest = passwordResetRequest
};
var sendForgotPasswordEmailResponse = SendForgotPasswordEmail(sendForgotPasswordEmailRequest);
if (!sendForgotPasswordEmailResponse.IsSuccessful)
{
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = false,
Message = sendForgotPasswordEmailResponse.Message
});
}
//
//Request was successful
//
return(new SendInstructionsToResetPasswordResponse()
{
IsSuccessful = true,
Message = null
});
}
/// <summary>
/// Send the user the email telling them instructions on how to reset their password
/// </summary>
/// <param name="request"></param>
public SendForgotPasswordEmailResponse SendForgotPasswordEmail(SendForgotPasswordEmailRequest request)
{
//
//Validate parameters
//
if (request == null || request.SecurityPasswordResetRequest == null || (request.ADUser == null && request.SecurityUser == null))
{
return(new SendForgotPasswordEmailResponse()
{
IsSuccessful = false,
Message = "An invalid request was specified to the SendForgotPasswordEmail service."
});
}
if (String.IsNullOrWhiteSpace(request.SecurityPasswordResetRequest.EmailAddress))
{
return(new SendForgotPasswordEmailResponse()
{
IsSuccessful = false,
Message = "An invalid request was specified to the SendForgotPasswordEmail service. The email address to send to is empty."
});
}
//
//Send the email
//
var adUser = request.ADUser;
var securityUser = request.SecurityUser;
var passwordResetRequest = request.SecurityPasswordResetRequest;
try
{
_tokenResolver.GetTokenResolutionProvider().ClearTokens();
var tokenValues = new Dictionary <String, String>();
//
//Create the URL for the user to reset their password with
//
String passwordResetId = AESEncryption.Encrypt(passwordResetRequest.SecurityPasswordResetRequestId.ToString());
String passwordResetToken = AESEncryption.Encrypt(passwordResetRequest.Token);
//
//Setup the values for the Token Resolver so the email parses properly
//Override the email address and other attributes since it may come from an AD User,
//we cant bank on this always being security user.
//
var firstName = (adUser != null ? adUser.FirstName : securityUser.FirstName);
tokenValues.Add(TokenNames.FirstName.ToString(), firstName);
var lastName = (adUser != null ? adUser.LastName : securityUser.LastName);
tokenValues.Add(TokenNames.LastName.ToString(), lastName);
tokenValues.Add(TokenNames.EmailAddress.ToString(), passwordResetRequest.EmailAddress);
//We send both the encrypted ID and token to the user, making it harder for them to hack a reset entry
String forgotPasswordUrl = String.Format("{0}Authentication/ForgotPassword/Reset?id={1}&t={2}",
DomainApplicationService.Instance.SiteBaseURL,
HttpUtility.UrlEncode(passwordResetId),
HttpUtility.UrlEncode(passwordResetToken));
tokenValues.Add(TokenNames.ForgotPasswordURL.ToString(), forgotPasswordUrl);
//
//Process the email template and send it
//
var emailTemplate = _authenticationContentProvider.GetForgotPasswordEmail();
_sendMail.MessageHtml = emailTemplate.Html;
_sendMail.Subject = _tokenResolver.TokenizeString(emailTemplate.EmailSubject,
TokenResolutionObjectTypes.SecurityUser.ToString(),
passwordResetRequest.SecurityUserId.ToString(),
tokenValues);
_sendMail.Body = _tokenResolver.TokenizeString(emailTemplate.EmailBody,
TokenResolutionObjectTypes.SecurityUser.ToString(),
passwordResetRequest.SecurityUserId.ToString(),
tokenValues);
_sendMail.AddMessageTo(_tokenResolver.TokenizeString(emailTemplate.EmailTo,
TokenResolutionObjectTypes.SecurityUser.ToString(),
passwordResetRequest.SecurityUserId.ToString(),
tokenValues));
_sendMail.AddMessageCC(_tokenResolver.TokenizeString(emailTemplate.EmailCC,
TokenResolutionObjectTypes.SecurityUser.ToString(),
passwordResetRequest.SecurityUserId.ToString(),
tokenValues));
_sendMail.AddMessageBCC(_tokenResolver.TokenizeString(emailTemplate.EmailBCC,
TokenResolutionObjectTypes.SecurityUser.ToString(),
passwordResetRequest.SecurityUserId.ToString(),
tokenValues));
var fromAddress = _tokenResolver.TokenizeString(emailTemplate.EmailFrom,
TokenResolutionObjectTypes.SecurityUser.ToString(),
passwordResetRequest.SecurityUserId.ToString(),
tokenValues);
var fromDisplayName = _tokenResolver.TokenizeString(emailTemplate.EmailFromDisplayName,
TokenResolutionObjectTypes.SecurityUser.ToString(),
passwordResetRequest.SecurityUserId.ToString(),
tokenValues);
var from = new MailAddress(fromAddress, fromDisplayName);
_sendMail.SetMessageFrom(from);
_sendMail.Send();
}
catch (Exception e)
{
String errorMessage = String.Format("An error occurred sending the forgot password email to user {0}",
(adUser != null ? adUser.UserName : securityUser.UserName));
LogService.Instance.Log.Error(errorMessage, e);
return(new SendForgotPasswordEmailResponse()
{
IsSuccessful = false,
Message = errorMessage
});
}
//
//Everything is good if we got hee
//
return(new SendForgotPasswordEmailResponse()
{
IsSuccessful = true,
Message = null
});
}
