public async Task <IActionResult> Confirm(ConfirmInputModel model) { if (!this.applicationOptions.EnableInvitationCreateEndpoint) { return(NotFound()); } var result = await userAccountService.HandleVerificationKeyAsync(model.Key, VerificationKeyPurpose.ConfirmAccount); if (result.UserAccount == null || result.TokenExpired || !result.PurposeValid) { // TODO: clear token if account is there ModelState.AddModelError(IdentityBaseConstants.ErrorMessages.TokenIsInvalid); return(View("InvalidToken")); } if (!ModelState.IsValid) { return(View(new ConfirmViewModel { Key = model.Key, Email = result.UserAccount.Email })); } var returnUrl = result.UserAccount.VerificationStorage; userAccountService.SetEmailVerified(result.UserAccount); userAccountService.AddLocalCredentials(result.UserAccount, model.Password); await userAccountService.UpdateUserAccountAsync(result.UserAccount); if (result.UserAccount.CreationKind == CreationKind.Invitation) { // TODO: validate return(Redirect(returnUrl)); } else { if (applicationOptions.LoginAfterAccountRecovery) { await httpContextAccessor.HttpContext.SignInAsync(result.UserAccount, null); if (interaction.IsValidReturnUrl(returnUrl)) { return(Redirect(returnUrl)); } } return(Redirect(Url.Action("Index", "Login", new { ReturnUrl = returnUrl }))); } }