public async Task <IActionResult> SetPassword(ResetPasswordBindingModel model) { if (string.IsNullOrEmpty(model.UserId) || string.IsNullOrEmpty(model.NewPassword) || string.IsNullOrEmpty(model.Token)) { ModelState.AddModelError("", "userId or password or token is missing"); return(BadRequest(ModelState)); } if (!IsPasswordValid(model.NewPassword)) { ModelState.AddModelError("Password", PasswordRequirementMessage(model.NewPassword)); return(BadRequest(ModelState)); } ApplicationUser user = await userManager.FindByIdAsync(model.UserId).ConfigureAwait(false); user.ForcedPasswordChange = false; var token = WebUtility.UrlDecode(model.Token); if (user != null) { var result = await userManager.ResetPasswordAsync(user, token, model.NewPassword); if (!result.Succeeded) { return(GetErrorResult(result)); } } return(Ok()); }
public async Task <IActionResult> UpdateOrganizationMember(UpdateTeamMemberViewModel request, string personId, string organizationId) { var currentUser = await _userManager.FindByEmailAsync(_accessor.HttpContext.User.Identity.Name); OrganizationMember currentOrgMember = _organzationMemberRepo.Find(null, o => o.PersonId == Guid.Parse(personId)).Items?.FirstOrDefault(); if (!currentOrgMember.IsAdministrator ?? false || currentOrgMember.OrganizationId != Guid.Parse(organizationId)) { throw new UnauthorizedOperationException("Only admins of this organization can update existing users", EntityOperationType.Update); } var userToUpdate = _aspNetUsersRepository.Find(null, u => u.PersonId == Guid.Parse(personId)).Items?.FirstOrDefault(); var personToUpdate = _personRepo.Find(null, p => p.Id == Guid.Parse(personId)).Items?.FirstOrDefault(); ApplicationUser appUser = await _userManager.FindByIdAsync(userToUpdate.Id).ConfigureAwait(false); //check password's validity if one was provided if (!string.IsNullOrEmpty(request.Password)) { if (!IsPasswordValid(request.Password)) { throw new Exception(PasswordRequirementMessage(request.Password)); } } //if email was provided check its availability if (!string.IsNullOrEmpty(request.Email)) { //if email is not the same as user's current email if (!appUser.NormalizedEmail.Equals(request.Email.ToUpper())) { var existingEmailUser = _aspNetUsersRepository.Find(null, u => u.Email == request.Email).Items?.FirstOrDefault(); if (existingEmailUser != null) { throw new Exception("A user already exists for the provided email address"); } var personEmailToUpdate = _personEmailRepository.Find(null, p => p.PersonId == Guid.Parse(personId)).Items?.FirstOrDefault(); var emailVerificationToUpdate = _emailVerificationRepository.Find(null, p => p.PersonId == Guid.Parse(personId)).Items?.FirstOrDefault(); //update application user's email appUser.Email = request.Email; appUser.NormalizedEmail = request.Email.ToUpper(); appUser.UserName = request.Email; appUser.NormalizedUserName = request.Email.ToUpper(); //update additional email tables personEmailToUpdate.Address = request.Email; emailVerificationToUpdate.Address = request.Email; _personEmailRepository.Update(personEmailToUpdate); _emailVerificationRepository.Update(emailVerificationToUpdate); } } //update name if one was provided if (!string.IsNullOrEmpty(request.Name)) { appUser.Name = request.Name; personToUpdate.Name = request.Name; _personRepo.Update(personToUpdate); } //update password if (!string.IsNullOrEmpty(request.Password)) { appUser.ForcedPasswordChange = false; var token = await _userManager.GeneratePasswordResetTokenAsync(appUser); IdentityResult result = await _userManager.ResetPasswordAsync(appUser, token, request.Password); if (!result.Succeeded) { throw new Exception("Failed to set new password"); } } //update application user if (!string.IsNullOrEmpty(request.Password) || !string.IsNullOrEmpty(request.Email)) { _userManager.UpdateAsync(appUser); } return(new OkObjectResult(appUser)); }