public async Task<ActionResult> ForgotPassword(ForgotPasswordModel model) { if (!ModelState.IsValid) return View(model); // GetUserAsync the user, check that his email is confirmed AuthUser user = await UserManager.FindByEmailAsync(model.Email); if (user == null || !await UserManager.IsEmailConfirmedAsync(user.Id)) // Don't reveal that the user does not exist or is not confirmed return View("ForgotPassword"); await SendConfirmPasswordAsync(user.Id); return RedirectToAction("ForgotPasswordConfirmation"); }
public async Task<IHttpActionResult> ForgotPasswordAsync(ForgotPasswordModel model) { if (!ModelState.IsValid) return BadRequest(ModelState); // GetUserAsync the user, check that his email is confirmed AuthUser user = await _userManager.FindByEmailAsync(model.Email); if (user == null || !await _userManager.IsEmailConfirmedAsync(user.Id)) { // Don't reveal that the user does not exist or is not confirmed return Ok(); } await SendResetPasswordEmailAsync(user.Id); return Ok(); }