public virtual async Task<ActionResult> ChangePassword(AccountViewModel model) { var user = GetCurrentUser(); var oldPassword = user.Credentials.FirstOrDefault( c => c.Type.StartsWith(CredentialTypes.Password.Prefix, StringComparison.OrdinalIgnoreCase)); if (oldPassword == null) { // User is requesting a password set email await AuthService.GeneratePasswordResetToken(user, Constants.DefaultPasswordResetTokenExpirationHours * 60); return SendPasswordResetEmail(user, forgotPassword: false); } else { if (!ModelState.IsValidField("ChangePassword")) { return AccountView(model); } if (!(await AuthService.ChangePassword(user, model.ChangePassword.OldPassword, model.ChangePassword.NewPassword))) { ModelState.AddModelError("ChangePassword.OldPassword", Strings.CurrentPasswordIncorrect); return AccountView(model); } TempData["Message"] = Strings.PasswordChanged; return RedirectToAction("Account"); } }
private ActionResult AccountView(AccountViewModel model) { // Load Credential info var user = GetCurrentUser(); var creds = user.Credentials.Select(c => AuthService.DescribeCredential(c)).ToList(); model.Credentials = creds; return View("Account", model); }
public virtual async Task<ActionResult> ChangeEmail(AccountViewModel model) { if (!ModelState.IsValidField("ChangeEmail.NewEmail")) { return AccountView(model); } var user = GetCurrentUser(); if (user.HasPassword()) { if (!ModelState.IsValidField("ChangeEmail.Password")) { return AccountView(model); } var authUser = await AuthService.Authenticate(User.Identity.Name, model.ChangeEmail.Password); if (authUser == null) { ModelState.AddModelError("ChangeEmail.Password", Strings.CurrentPasswordIncorrect); return AccountView(model); } } // No password? We can't do any additional verification... if (String.Equals(model.ChangeEmail.NewEmail, user.LastSavedEmailAddress, StringComparison.OrdinalIgnoreCase)) { // email address unchanged - accept return RedirectToAction("Account"); } try { await UserService.ChangeEmailAddress(user, model.ChangeEmail.NewEmail); } catch (EntityException e) { ModelState.AddModelError("NewEmail", e.Message); return AccountView(model); } if (user.Confirmed) { var confirmationUrl = Url.ConfirmationUrl( "Confirm", "Users", user.Username, user.EmailConfirmationToken); MessageService.SendEmailChangeConfirmationNotice(new MailAddress(user.UnconfirmedEmailAddress, user.Username), confirmationUrl); TempData["Message"] = Strings.EmailUpdated_ConfirmationRequired; } else { TempData["Message"] = Strings.EmailUpdated; } return RedirectToAction("Account"); }