public async Task <IActionResult> ResetPassword([FromBody] ResetPasswordDataModel model)
{
if (ModelState.IsValid)
{
var user = await _userManager.FindByEmailAsync(model.Email);
if (user != null)
{
var result = await _userManager.ResetPasswordAsync(user, model.Token, model.Password);
if (!result.Succeeded)
{
foreach (var error in result.Errors)
{
ModelState.AddModelError("", error.Description);
}
return(View());
}
if (await _userManager.IsLockedOutAsync(user))
{
await _userManager.SetLockoutEndDateAsync(user, DateTimeOffset.UtcNow);
}
return(new OkResult());
}
}
return(new BadRequestObjectResult("Invalid Request"));
}
public IActionResult PasswordReset(string token, [FromBody] ResetPasswordDataModel model)
{
//http://stackoverflow.com/questions/25372035/not-able-to-validate-json-web-token-with-net-key-to-short
if (ModelState.IsValid)
{
if (model.NewPassword == null || model.NewPassword == "")
{
return(BadRequest("Password is required"));
}
if (model.NewPassword != model.ConfirmPassword)
{
return(BadRequest("Passwords do not match"));
}
if (!UserHelper.IsValidPassword(model.NewPassword))
{
return(BadRequest("Password is not complex enough."));
}
PasswordRecoveryToken recoveryToken = TokenHelper.DecodeStandardJwtToken <PasswordRecoveryToken>(token);
User user = UserHelper.GetUserById(recoveryToken.UserId);
string newSalt = UserHelper.CreatUserSalt();
string newPasswordHash = HasherHelper.GetHash(model.NewPassword + newSalt);
var updatePasswordAndSalt = Builders <User> .Update
.Set(u => u.Salt, newSalt)
.Set(u => u.Password, newPasswordHash);
user.Salt = newSalt;
user.Password = newPasswordHash;
db.Users.Update(user);
return(Ok());
}
else
{
return(BadRequest(ModelState));
}
}
