예제 #1
0
        public async Task <IActionResult> ChangeForgotenPasswordAsync([FromBody] ChangeForgotenPasswordBindingModel collection)
        {
            Log.Debug($"ChangeForgotenPassword => {JsonConvert.SerializeObject(collection)}");

            try {
                if (string.IsNullOrEmpty(collection?.Username))
                {
                    return(BadRequest(_localizer[DataTransferer.DefectiveEmailOrCellPhone().Message]));
                }
                collection.Username = collection.Username.Trim();

                if (string.IsNullOrEmpty(collection.NewPassword) && string.IsNullOrEmpty(collection.ConfirmPassword))
                {
                    return(BadRequest(_localizer[DataTransferer.DefectivePassword().Message]));
                }

                if (collection.NewPassword != collection.ConfirmPassword)
                {
                    return(BadRequest(_localizer[DataTransferer.PasswordsMissmatch().Message]));
                }

                if (string.IsNullOrWhiteSpace(collection.Token))
                {
                    return(BadRequest(_localizer[DataTransferer.UnofficialRequest().Message]));
                }

                var query = new AccountProfileGetFirstSchema {
                    LinkedId = collection.Username
                };
                if (collection.Username.IsPhoneNumber())
                {
                    query.TypeId = AccountProfileType.Phone.ToInt();
                }
                else if (new EmailAddressAttribute().IsValid(collection.Username))
                {
                    query.TypeId = AccountProfileType.Email.ToInt();
                }
                else
                {
                    return(BadRequest(_localizer[DataTransferer.InvalidEmailOrCellPhone().Message]));
                }

                var accountProfile = await _accountProfileService.FirstAsync(query).ConfigureAwait(true);

                if (accountProfile == null)
                {
                    if (query.TypeId == AccountProfileType.Phone.ToInt())
                    {
                        return(BadRequest(_localizer[DataTransferer.PhoneNotFound().Message]));
                    }

                    if (query.TypeId == AccountProfileType.Email.ToInt())
                    {
                        return(BadRequest(_localizer[DataTransferer.EmailNotFound().Message]));
                    }
                }

                var cachedToken = _memoryCache.Get(collection.Username);
                if (cachedToken == null)
                {
                    return(BadRequest(_localizer[DataTransferer.ChangingPasswordWithoutToken().Message]));
                }

                var account = await _accountService.FirstAsync(new AccountGetFirstSchema {
                    Id = accountProfile.AccountId.Value
                }).ConfigureAwait(true);

                if (account == null)
                {
                    return(BadRequest(_localizer[DataTransferer.UserNotFound().Message]));
                }

                if (collection.Token != cachedToken.ToString())
                {
                    Log.Warning($"Account => {account}, AccountProfile => {accountProfile}, It tried to change its password with a wrong 'ForgotPasswordToken'");
                    return(BadRequest(_localizer[DataTransferer.ChangingPasswordWithWrongToken().Message]));
                }

                _memoryCache.Remove(collection.Username);

                await _accountService.UpdateAsync(new AccountUpdateSchema {
                    Id       = account.Id.Value,
                    Password = _cryptograph.RNG(collection.NewPassword)
                }).ConfigureAwait(false);

                return(Ok(_localizer[DataTransferer.PasswordChanged().Message]));
            }
            catch (Exception ex) {
                Log.Error(ex, ex.Source);
                return(Problem(_localizer[DataTransferer.SomethingWentWrong().Message]));
            }
        }