public async Task <ActionResult> SendMobileValidateCode(string mobile) { //验证传入的是否是有效的手机号。 Regex reg = new Regex(@"^[1]+[3,4,5,7,8]+\d{9}$"); if (!reg.IsMatch(mobile)) { return(Json(new { code = 401, msg = "无效的手机号码。" }, "text/plain")); } using (var client = new TalentGo.ValidationCodeSvc.VerificationCodeClient()) { try { var result = await client.SendAsync(mobile); if (result.StatusCode == 0) { return(Json(true)); } return(Json(new { code = result.StatusCode, msg = result.Message }, "text/plain")); } catch (Exception ex) { return(Json(new { code = 500, msg = ex.Message }, "text/plain")); } } }
public async Task <ActionResult> ResetPasswordViaMobile(ResetPasswordViaMobileViewModel model) { if (!ModelState.IsValid) { return(View(model)); } WebUser user; try { user = await this.personManager.FindByMobileAsync(model.Mobile) as WebUser; } catch (Exception ex) { throw ex; } if (user == null) { //不要显示找不到用户。 return(View("ResetPasswordConfirmation")); } DateTime now = DateTime.Now; using (var client = new TalentGo.ValidationCodeSvc.VerificationCodeClient()) { try { var validationResult = await client.VerifyAsync(model.Mobile, model.ValidateCode); if (!validationResult) { return(RedirectToAction("ResetPasswordConfirmation", "Account")); } } catch { return(RedirectToAction("ResetPasswordConfirmation", "Account")); } } //if (!await this.phoneNumberValidationService.ValidateAsync(model.Mobile, model.ValidateCode)) // return View("ResetPasswordConfirmation"); //重置密码 var result = await this.UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password); if (result.Succeeded) { return(RedirectToAction("ResetPasswordConfirmation", "Account")); } AddErrors(result); return(View()); }
public async Task <ActionResult> FindPasswordViaMobile(FindPasswordViaMobileViewModel model) { if (!ModelState.IsValid) { return(View(model)); } //为了隐藏,构造一个假的token string token = "EbzHFOl%2BLSZ%2B3NjS1tgZyL10hmrXA78SfDgKmU%2Fxl5sAXPsfyrsEflP3k%2FBFRL%2BUXNBNtI2XuEQLJi7GiFlMEuUtp%2FCuvgyysDuN6Us3EaVf1kyKNHdyJpx8VkwKc0BwuJ0b1pjfJKITt5UExXTidehh0%2BlyK2NuAFwouA0lVwQ%55"; var user = await this.personManager.FindByMobileAsync(model.Mobile) as WebUser; if (user == null) { //不要提示用户找不到用户对象,以免被自动程序测试。 return(RedirectToAction("ResetPasswordViaMobile", "Account", new { code = token })); } //创建真实的token token = this.UserManager.GeneratePasswordResetToken(user.Id); //如果手机号码没有被验证,则不发送短信 if (!user.MobileValid) { //不要显示任何提示,以免自动程序猜测 return(RedirectToAction("ResetPasswordViaMobile", "Account", new { code = token })); } //发送验证码 //await this.phoneNumberValidationService.SendValidationCodeAsync(model.Mobile); using (var client = new TalentGo.ValidationCodeSvc.VerificationCodeClient()) { try { var result = await client.SendAsync(model.Mobile); } catch { } } return(RedirectToAction("ResetPasswordViaMobile", "Account", new { code = token })); }
public async Task <ActionResult> Register(RegisterViewModel model) { if (!Properties.Settings.Default.AllowUserRegisteration) { return(View("_OutOfService")); } if (!ModelState.IsValid) { return(View(model)); } //先测试验证码 //再进行其他合规测试,这样可以充分利用验证码测试的复杂性,延缓自动程序利用验证错误条件进行猜测和攻击。 using (var client = new TalentGo.ValidationCodeSvc.VerificationCodeClient()) { try { if (!await client.VerifyAsync(model.Mobile, model.ValidateCode)) { this.ModelState.AddModelError(nameof(model.ValidateCode), "手机验证码错误或已失效。"); return(View(model)); } } catch (Exception ex) { this.ModelState.AddModelError(nameof(model.ValidateCode), "验证手机号码遇到异常:" + ex.Message); return(View(model)); } } List <KeyValuePair <string, string> > Errors = new List <KeyValuePair <string, string> >(); ///为了防止利用自动程序测试条件导致隐私泄露,我们首先进行验证码测试。只有验证码合格后,才进行唯一性判别 if (!ChineseIDCardNumber.TryParse(model.IDCardNumber, out ChineseIDCardNumber cardNumber)) { Errors.Add(new KeyValuePair <string, string>("IDCardNumber", "不是一个有效的身份证号码。")); } if (await this.UserManager.FindByNameAsync(model.IDCardNumber) != null) { Errors.Add(new KeyValuePair <string, string>("IDCardNumber", "此身份证号码已被注册。")); } if (await this.UserManager.FindByEmailAsync(model.Email) != null) { Errors.Add(new KeyValuePair <string, string>("Email", "此电子邮件地址已被注册。")); } if (await this.personManager.FindByMobileAsync(model.Mobile) != null) { Errors.Add(new KeyValuePair <string, string>("Mobile", "此手机号码已被注册。")); } //唯一性判别结束后,若有错误,抛出之。 if (Errors.Count != 0) { foreach (var item in Errors) { this.ModelState.AddModelError(item.Key, item.Value); } Errors.Clear(); return(View(model)); } var user = new WebUser(model.IDCardNumber, model.Surname, model.GivenName, model.Mobile, model.Email) { MobileValid = true, }; var result = await UserManager.CreateAsync(user, model.Password); // if (result.Succeeded) { await SignInManager.SignInAsync(user, isPersistent : false, rememberBrowser : false); // 有关如何启用帐户确认和密码重置的详细信息,请访问 http://go.microsoft.com/fwlink/?LinkID=320771 // 发送包含此链接的电子邮件 //string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id); //var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme); //await UserManager.SendEmailAsync(user.Id, "确认你的帐户", "请通过单击 <a href=\"" + callbackUrl + "\">这里</a>来确认你的帐户"); return(RedirectToAction("EditRealId")); } AddErrors(result); return(View(model)); // 如果我们进行到这一步时某个地方出错,则重新显示表单 }