//[ValidateAntiForgeryToken] public async Task <IActionResult> ChangeOrResetPassword([FromBody] UserEditViewModel model) { if (ModelState.IsValid) { var user = await _userManager.FindByEmailAsync(model.Email); if (user == null || !await _userManager.IsEmailConfirmedAsync(user)) { return(BadRequest("Error - Your account is not confirmed!")); } if (!string.Equals(user.UserName, model.UserName, StringComparison.CurrentCultureIgnoreCase)) { return(BadRequest("Error - The account credentials you provided are incorrect!")); } var _emailSender = new EmailSendGrid(_config); if (model.CurrentPassword == "resetme") //this means Reset Passowrd is requested { //var code = await _userManager.GeneratePasswordResetTokenAsync(user); //var callbackUrl = new Uri(Url.Link("ConfirmResetRoute", // new {userId = user.Id, token = code, newPass = model.NewPassword})); //await _emailSender.SendEmailAsync(model.Email, "Reset Password", // $"Please reset your password by clicking here: <a href='{callbackUrl}'>link</a>"); var code = await _userManager.GeneratePasswordResetTokenAsync(user); var callbackUrl = new Uri(Url.Link("ConfirmResetRoute", new { userId = user.Id, token = code, newPass = model.NewPassword })); var strUser = user.FullName; var strMessage = EmailTemplates.GetResetConfirmationEmail(strUser, callbackUrl.ToString()); await _emailSender.SendEmailAsync(user.Email, "Confirm Password Reset", strMessage); } else { await _userManager.ChangePasswordAsync(user, model.CurrentPassword, model.NewPassword); } return(Ok()); //???? } var message = string.Join(" | ", ModelState.Values .SelectMany(v => v.Errors) .Select(e => e.ErrorMessage)); var s = message; return(BadRequest(ModelState)); }