private void SendMemberAlreadyExistsEmail(RegisterModel model)
{
// Send the 'member already exists' email
var(subject, body) = _emailFormatter.FormatEmailContent(CurrentPage.Value <string>("memberExistsSubject"),
CurrentPage.Value <string>("memberExistsBody"),
new Dictionary <string, string>
{
{ "name", model.Name },
{ "email", model.Email },
{ "domain", GetRequestUrlAuthority() }
});
_emailSender.SendEmail(model.Email, subject, body);
}
private void SendEmailIfNotActivatedOrLockedOut(IMember member)
{
string tokenField = string.Empty, tokenExpiryField = string.Empty, emailSubjectField = string.Empty, emailBodyField = string.Empty;
var loginPage = Umbraco.ContentSingleAtXPath("//loginMember");
if (loginPage == null)
{
// We can't send emails if we don't have the content, so just return.
return;
}
if (!member.IsApproved)
{
// The member has not yet activated their account and is trying to login.
tokenField = "approvalToken";
tokenExpiryField = "approvalTokenExpires";
emailSubjectField = "approveMemberSubject";
emailBodyField = "approveMemberBody";
}
else if (member.IsLockedOut)
{
// Approved member, OK to reset their password.
tokenField = "passwordResetToken";
tokenExpiryField = "passwordResetTokenExpires";
emailSubjectField = "resetPasswordSubject";
emailBodyField = "resetPasswordBody";
}
// Create a password reset / approval token including the id so we can find the member
var(token, expires) = _verificationToken.TokenFor(member.Id);
member.SetValue(tokenField, token);
member.SetValue(tokenExpiryField, expires);
Services.MemberService.Save(member);
// Send the password reset / member approval email
var(sender, body) = _emailFormatter.FormatEmailContent(loginPage.Value <string>(emailSubjectField),
loginPage.Value <string>(emailBodyField),
new Dictionary <string, string>
{
{ "name", member.Name },
{ "email", member.Email },
{ "token", token },
{ "domain", GetRequestUrlAuthority() }
});
_emailSender.SendEmail(member.Email, sender, body);
}
public ActionResult RequestPasswordReset([Bind(Prefix = "resetPasswordRequest")] ResetPasswordRequestFormData model)
{
var contentModel = new ResetPassword(CurrentPage);
contentModel.Metadata = new ViewMetadata
{
PageTitle = contentModel.Name,
Description = contentModel.Description
};
contentModel.Email = model?.Email;
if (!ModelState.IsValid || model == null)
{
ModelState.AddModelError("Email", "Please enter a valid email address.");
return(View("ResetPasswordRequest", contentModel));
}
// Get the matching member, if there is one
var memberService = Services.MemberService;
var member = memberService.GetByEmail(model.Email);
if (member != null)
{
string tokenField, tokenExpiryField, emailSubjectField, emailBodyField;
if (member.IsApproved)
{
// Approved member, OK to reset their password.
tokenField = "passwordResetToken";
tokenExpiryField = "passwordResetTokenExpires";
emailSubjectField = "resetPasswordSubject";
emailBodyField = "resetPasswordBody";
}
else
{
// The member has not yet activated their account and is trying to reset the password.
tokenField = "approvalToken";
tokenExpiryField = "approvalTokenExpires";
emailSubjectField = "approveMemberSubject";
emailBodyField = "approveMemberBody";
}
// Create a password reset / approval token including the id so we can find the member
var(token, expires) = _verificationToken.TokenFor(member.Id);
member.SetValue(tokenField, token);
member.SetValue(tokenExpiryField, expires);
memberService.Save(member);
// Send the password reset / member approval email
var(subject, body) = _emailFormatter.FormatEmailContent(CurrentPage.Value <string>(emailSubjectField),
CurrentPage.Value <string>(emailBodyField),
new Dictionary <string, string>
{
{ "name", member.Name },
{ "email", model.Email },
{ "token", token },
{ "domain", GetRequestUrlAuthority() }
});
_emailSender.SendEmail(model.Email, subject, body);
Logger.Info(typeof(ResetPasswordRequestSurfaceController), LoggingTemplates.MemberPasswordResetRequested, member.Username, member.Key, typeof(ResetPasswordRequestSurfaceController), nameof(RequestPasswordReset));
contentModel.ShowPasswordResetRequested = true;
return(View("ResetPasswordRequest", contentModel));
}
else
{
// Same result as if a member was found, since password reset should not reveal a valid email address
// However we can prompt them to create an account. Since it sends an email either way this also guards
// against detecting the result by timing the response.
var(sender, body) = _emailFormatter.FormatEmailContent(CurrentPage.Value <string>("createMemberSubject"),
CurrentPage.Value <string>("createMemberBody"),
new Dictionary <string, string>
{
{ "email", model.Email },
{ "domain", GetRequestUrlAuthority() }
});
_emailSender.SendEmail(model.Email, sender, body);
contentModel.ShowPasswordResetRequested = true;
return(View("ResetPasswordRequest", contentModel));
}
}
public ActionResult UpdateEmailAddress([Bind(Prefix = "formData")] EmailAddressFormData model)
{
if (!_membershipProvider.ValidateUser(Members.CurrentUserName, model?.Password?.Trim()))
{
ModelState.AddModelError("formData." + nameof(model.Password), "Your password is incorrect or your account is locked.");
}
if (ModelState.IsValid && model != null)
{
var member = Members.GetCurrentMember();
// Create an requested email token including the id so we can find the member.
// Do this even if the email is already in use, to avoid an enumeration risk where the
// result of the request is displayed in the UI differently depending on whether a member exists.
// It's OK to save the token for an invalid situation as the token will not be sent to the requester,
// and in any case the check for an existing member would happen again at confirmation time.
var token = SaveConfirmationTokenForMember(model.Requested, member.Id);
// Check whether the requested email already belongs to another account
var alreadyTaken = Members.GetByEmail(model.Requested?.Trim());
if (alreadyTaken != null && alreadyTaken.Key != member.Key)
{
// Send the address already in use email
var(subject, body) = _emailFormatter.FormatEmailContent(CurrentPage.Value <string>("emailTakenSubject"),
CurrentPage.Value <string>("emailTakenBody"),
new Dictionary <string, string>
{
{ "name", alreadyTaken.Name },
{ "email", model.Requested },
{ "domain", GetRequestUrlAuthority() }
});
_emailSender.SendEmail(model.Requested?.Trim(), subject, body);
Logger.Info(typeof(EmailAddressSurfaceController), LoggingTemplates.MemberRequestedEmailAddressAlreadyInUse, member.Name, member.Key, typeof(EmailAddressSurfaceController), nameof(UpdateEmailAddress));
}
else
{
// Send the token by email
var(subject, body) = _emailFormatter.FormatEmailContent(CurrentPage.Value <string>("confirmEmailSubject"),
CurrentPage.Value <string>("confirmEmailBody"),
new Dictionary <string, string>
{
{ "name", member.Name },
{ "email", model.Requested },
{ "domain", GetRequestUrlAuthority() },
{ "token", token }
});
_emailSender.SendEmail(model.Requested?.Trim(), subject, body);
Logger.Info(typeof(EmailAddressSurfaceController), LoggingTemplates.MemberRequestedEmailAddress, member.Name, member.Key, typeof(EmailAddressSurfaceController), nameof(UpdateEmailAddress));
}
TempData["Success"] = true;
return(RedirectToCurrentUmbracoPage());
}
else
{
return(View("EmailAddress", new EmailAddress(CurrentPage)
{
FormData = model
}));
}
}