public async Task <ActionResult> ForgotPassword_Partial(EditModel model)
{
LoginConfigData config = await LoginConfigDataProvider.GetConfigAsync();
if (model.ShowCaptcha != config.CaptchaForgotPassword)
{
throw new InternalError("Hidden field tampering detected");
}
await model.UpdateAsync();
model.ShowCaptcha = config.CaptchaForgotPassword;
model.RegistrationType = config.RegistrationType;
if (!ModelState.IsValid)
{
return(PartialView(model));
}
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
UserDefinition userDef;
switch (model.RegistrationType)
{
case RegistrationTypeEnum.NameOnly:
userDef = await userDP.GetItemAsync(model.UserName);
if (userDef == null)
{
ModelState.AddModelError(nameof(model.UserName), this.__ResStr("badName", "According to our records there is no account associated with this name"));
return(PartialView(model));
}
break;
case RegistrationTypeEnum.NameAndEmail:
userDef = await userDP.GetItemAsync(model.UserNameOrEmail);
if (userDef == null)
{
userDef = await userDP.GetItemByEmailAsync(model.UserNameOrEmail);
if (userDef == null)
{
ModelState.AddModelError(nameof(model.UserNameOrEmail), this.__ResStr("badNameEmail", "According to our records there is no account associated with this name or email address"));
return(PartialView(model));
}
}
break;
default:
case RegistrationTypeEnum.EmailOnly:
userDef = await userDP.GetItemByEmailAsync(model.Email);
if (userDef == null)
{
ModelState.AddModelError(nameof(model.Email), this.__ResStr("badEmail", "According to our records there is no account associated with this email address"));
return(PartialView(model));
}
break;
}
using (UserLoginInfoDataProvider logInfoDP = new UserLoginInfoDataProvider()) {
if (await logInfoDP.IsExternalUserAsync(userDef.UserId))
{
ModelState.AddModelError(nameof(model.Email), this.__ResStr("extEmail", "According to our records there is no account associated with this email address"));
ModelState.AddModelError(nameof(model.UserName), this.__ResStr("extName", "According to our records there is no account associated with this name"));
ModelState.AddModelError(nameof(model.UserNameOrEmail), this.__ResStr("extUser", "According to our records there is no account associated with this name or email address"));
return(PartialView(model));
}
}
switch (userDef.UserStatus)
{
case UserStatusEnum.Approved:
Emails emails = new Emails();
if (config.SavePlainTextPassword)
{
await emails.SendForgottenEmailAsync(userDef, config.BccForgottenPassword?Manager.CurrentSite.AdminEmail : null);
string from = emails.GetSendingEmailAddress();
return(FormProcessed(model, this.__ResStr("okForgot", "We just sent an email to your email address with your password information - Please allow a few minutes for delivery and make sure your spam filters allow emails from {0}", from), OnClose: OnCloseEnum.Nothing, OnPopupClose: OnPopupCloseEnum.ReloadModule));
}
else
{
if (userDef.ResetKey != null && userDef.ResetValidUntil != null && userDef.ResetValidUntil > DateTime.UtcNow)
{
// preserve existing key in case user resends
}
else
{
userDef.ResetKey = Guid.NewGuid();
userDef.ResetValidUntil = DateTime.UtcNow.Add(config.ResetTimeSpan);
if (await userDP.UpdateItemAsync(userDef) != Core.DataProvider.UpdateStatusEnum.OK) // update reset key info
{
throw new Error(this.__ResStr("resetUpdate", "User information could not be updated"));
}
}
await emails.SendPasswordResetEmailAsync(userDef, config.BccForgottenPassword?Manager.CurrentSite.AdminEmail : null);
string from = emails.GetSendingEmailAddress();
return(FormProcessed(model, this.__ResStr("okReset", "We just sent an email to your email address to reset your password - Please allow a few minutes for delivery and make sure your spam filters allow emails from {0}", from), OnClose: OnCloseEnum.Nothing, OnPopupClose: OnPopupCloseEnum.ReloadModule));
}
case UserStatusEnum.NeedApproval:
throw new Error(this.__ResStr("needApproval", "This account has not yet been approved and is awaiting approval by the site administrator"));
case UserStatusEnum.NeedValidation:
throw new Error(this.__ResStr("needValidation", "This account has not yet been verified - Please check your emails for our verification email"));
case UserStatusEnum.Rejected:
throw new Error(this.__ResStr("rejected", "This account has been rejected and is not accessible"));
case UserStatusEnum.Suspended:
throw new Error(this.__ResStr("suspended", "This account has been suspended and is not accessible"));
default:
throw new Error(this.__ResStr("unknownState", "This account is in an undefined state and is not accessible"));
}
}
}
