public IHttpActionResult RequestPasswordReset(ResetPasswordRequest request)
 {
     if (UserSecurity.FindUser(request.UserName))
     {
         if (request.EmailAddress != string.Empty && EmailAddressValid(request.EmailAddress))
         {
             SendMailToAddress(request.EmailAddress, secretResetCode);
         }
         else
         {
             return(Content(HttpStatusCode.Unauthorized, "Email address invalid."));
         }
         return(Ok());
     }
     return(Content(HttpStatusCode.Unauthorized, "User not found."));
 }