private static PasswordResetRequest CreateResetRequest(AccountInfo account, string token = null) { PasswordResetRequest req = new PasswordResetRequest(); req.accountIdentifier = account.Identifier; req.accountType = account.Type; req.secureToken = token != null ? token : SecureToken.GetToken(account); req.email = account.Email; req.displayName = account.DisplayName; req.tokenExpiration = SecureToken.GetMinimumTokenLifespan(); return(req); }
/// <summary> /// Completes the password reset as requested and returns the new password. If the request fails to validate (it may have been tampered with, expired, etc) returns null. /// </summary> /// <param name="type">Account type.</param> /// <param name="accountIdentifier">The unique identifier for the account (user name or email address, depending on account type).</param> /// <param name="token">The token from a reset request.</param> /// <param name="req">Upon success, this is set to a copy of the PasswordResetRequest so that some metadata such as the email address and user display name can be returned.</param> /// <returns></returns> public string CompletePasswordReset(string type, string accountIdentifier, string token, out PasswordResetRequest req) { req = null; if (type != accountType) { throw new Exception(this.GetType().Name + " received PasswordResetRequest with type " + type + ". Expected type " + accountType + "."); } AccountInfo account = GetCurrentAccountInfo(accountIdentifier); if (account == null || string.IsNullOrWhiteSpace(account.Email)) { return(null); // Specified account is not eligible for password resets. } account.Type = accountType; // In case the derived class forgets to set this. if (SecureToken.VerifyToken(account, token)) { string newPassword = GenerateNewPassword(); if (CommitPasswordChange(account.Identifier, newPassword)) { req = CreateResetRequest(account, token); return(newPassword); } else { return(null); // Password change failed } } else { return(null); // Request validation failed } }