public PasswordRecoveryResponse PasswordRecovery([FromBody]
PasswordRecoveryRequest passwordRecoveryRequest)
{
try
{
var user = _userService.GetByEmail(passwordRecoveryRequest.EmailAddress);
var tokenValue = (user.Id + StringHelper.RandomString(10, "$*#+%") + DateTime.Now.ToString("O")).Sha1();
var token = _tokenService.Create
(TokenTypes.PasswordRecovery, tokenValue, user.Id, passwordRecoveryRequest.TtlSeconds);
var validateRecoveryUrl = _baseApplicationPath +
passwordRecoveryRequest.ValidateRecoveryUrl.Replace("{{token}}", token.Value);
_mailer.SendMailUsingTemplateAsync
(
new Dictionary <string, string>
{
{ passwordRecoveryRequest.EmailAddress, passwordRecoveryRequest.EmailAddress }
},
"Password Recovery",
"PasswordRecovery",
new Dictionary <string, string> {
{ "validateRecoveryUrl", validateRecoveryUrl }
});
return(new PasswordRecoveryResponse());
}
catch (Exception ex)
{
return(new PasswordRecoveryResponse
{
Success = false,
Message = ex.Message
});
}
}
public async Task <dynamic> Post([FromBody] PasswordRecoveryRequest requestBody)
{
this.EnsureModelValidation();
var collection = MongoWrapper.Database.GetCollection <Models.User>(nameof(User));
var projectionBuilder = new ProjectionDefinitionBuilder <Models.User>();
var projection = projectionBuilder
.Include(u => u._id)
.Include(u => u.Email)
.Include(u => u.FullName)
.Include("_t");
var filterBuilder = new FilterDefinitionBuilder <Models.User>();
var filter = filterBuilder.And(
filterBuilder.Eq(u => u.Email, requestBody.Email),
GeneralUtils.NotDeactivated(filterBuilder)
);
var user = (await collection.FindAsync(filter, new FindOptions <Models.User>
{
Limit = 1,
Projection = projection,
})).SingleOrDefault();
await EmailUtils.SendPasswordRecoveryEmail(MongoWrapper, SmtpConfiguration, user);
return(new ResponseBody
{
Code = ResponseCode.GenericSuccess,
Data = null,
Message = "Um código foi enviado para o e-mail! Este código permite a redefinição para uma senha gerada automaticamente.",
Success = true,
});
}
public static IList <string> GetErrorList(this PasswordRecoveryRequest request)
{
var errorList = new List <string>();
if (request.Email.GetEmailError() is String emailError)
{
errorList.Add(emailError);
}
return(errorList.Any() ? errorList : null);
}
public async Task <Response> PasswordRecovery(
string _urlBase,
string _servicePrefix,
string _urlController,
string _emailRecovery)
{
try
{
var passwordRecoveryRequest =
new PasswordRecoveryRequest {
Email = _emailRecovery,
};
var request =
JsonConvert.SerializeObject(passwordRecoveryRequest);
var content = new StringContent(
request,
Encoding.UTF8,
"application/json");
var client = new HttpClient();
client.BaseAddress = new Uri(_urlBase);
var url = string.Format(
"{0}{1}",
_servicePrefix,
_urlController);
var response = await client.PostAsync(url, content);
var result = await response.Content.ReadAsStringAsync();
if (!response.IsSuccessStatusCode)
{
var responseResult =
JsonConvert.DeserializeObject <Response>(result);
return(new Response
{
IsSuccess = false,
// Message = response.StatusCode.ToString(),
Message = responseResult.Message,
});
}
return(new Response
{
IsSuccess = true,
});
}
catch (Exception ex)
{
return(new Response
{
IsSuccess = false,
Message = ex.Message,
});
}
}
public async Task <Result> ForgotPasswordAsync(PasswordRecoveryRequest request, CancellationToken cancellationToken = default)
{
AppUser user = await _userManager.FindByEmailAsync(request.Email);
if (user == null || !await _userManager.IsEmailConfirmedAsync(user))
{
return(await Task.FromResult(Result.Fail(ExceptionConstants.USER_WAS_NOT_FOUND)));
}
return(await _emailBuilder.SendPasswordResetMessageAsync(user, request.CallBackUrl, cancellationToken));
}
public async Task <IActionResult> PasswordRecovery([FromBody] PasswordRecoveryRequest recoveryRequest)
{
try
{
await userService.PasswordRecovery(recoveryRequest.Username);
return(Ok());
}
catch (NotFoundException)
{
return(NotFound());
}
}
private static async Task RecoverPassword(HttpContext ctx, ValourDB db, [FromBody] PasswordRecoveryRequest request)
{
if (request == null)
{
await BadRequest("Include request data in body", ctx); return;
}
PasswordRecovery recovery = await db.PasswordRecoveries.FindAsync(request.Code);
if (recovery == null)
{
await NotFound("Recovery request not found", ctx); return;
}
TaskResult passwordValid = User.TestPasswordComplexity(request.Password);
if (!passwordValid.Success)
{
await BadRequest(passwordValid.Message, ctx); return;
}
// Get user's old credentials
Credential credential = await db.Credentials.FirstOrDefaultAsync(x => x.User_Id == recovery.User_Id && x.Credential_Type == CredentialType.PASSWORD);
if (credential == null)
{
await NotFound("No password-type credentials found. Do you log in via third party service?", ctx); return;
}
// Remove recovery code
db.PasswordRecoveries.Remove(recovery);
// Modify old credentials
// Generate salt
byte[] salt = new byte[32];
PasswordManager.GenerateSalt(salt);
// Generate password hash
byte[] hash = PasswordManager.GetHashForPassword(request.Password, salt);
credential.Salt = salt;
credential.Secret = hash;
db.Credentials.Update(credential);
await db.SaveChangesAsync();
ctx.Response.StatusCode = 200;
await ctx.Response.WriteAsync("Success");
}
public async Task <PasswordRecoveryResponse> PasswordRecovery(string emailAddress,
int ttlSeconds,
string validateRecoveryUrl)
{
var passwordRecoveryRequest = new PasswordRecoveryRequest
{
EmailAddress = emailAddress,
TtlSeconds = ttlSeconds,
ValidateRecoveryUrl = validateRecoveryUrl
};
var baseApiResult =
await PostRequest <PasswordRecoveryResponse>("PasswordRecovery", passwordRecoveryRequest);
if (!baseApiResult.Success)
{
throw new Exception(baseApiResult.Message);
}
return(baseApiResult.Response);
}
public async Task <IActionResult> ForgotPasswordAsync([FromBody] PasswordRecoveryRequest request, CancellationToken cancellationToken = default)
{
if (request is null || !ModelState.IsValid)
{
return(BadRequest());
}
try
{
var result = await _userService.ForgotPasswordAsync(request, cancellationToken);
return(result.IsError ? throw new InvalidOperationException(result.Message)
: result.IsSuccess ? StatusCode(StatusCodes.Status206PartialContent, result.Message.CollectProblemDetailsPartialContent(HttpContext))
: StatusCode(StatusCodes.Status206PartialContent, result.Message.CollectProblemDetailsPartialContent(HttpContext)));
}
catch (InvalidOperationException ex)
{
Log.Error(ex, ex.Message);
return(StatusCode(StatusCodes.Status500InternalServerError, new CustumResult()
{
Status = StatusCodes.Status500InternalServerError, Message = ex.Message
}));
}
}