public ResetPasswordResponse ResetPassword(ResetPasswordRequest request) { Platform.CheckForNullReference(request, "request"); Platform.CheckMemberIsSet(request.UserName, "UserName"); var now = Platform.Time; var user = GetUser(request.UserName); // ensure user found, account is active and the current password is correct if (string.IsNullOrEmpty(user.EmailAddress)) { throw new RequestValidationException(SR.MessageEmailAddressNotConfigured); } // ensure user found, account is active and the current password is correct if (user == null || !user.IsActive(now)) { // no such user, account not active, or invalid password // the error message is deliberately vague throw new UserAccessDeniedException(); } // Just use the .NET routine var newPassword = Membership.GeneratePassword(8, 1); var expiryTime = Platform.Time; // change the password user.ChangePassword(newPassword, expiryTime); // send email var settings = new PasswordResetEmailSettings(); var mail = new OutgoingMailMessage( settings.FromAddress, user.EmailAddress, settings.SubjectTemplate.Replace("$USER", user.DisplayName), settings.BodyTemplate.Replace("$USER", user.DisplayName).Replace("$PASSWORD", newPassword), settings.BodyTemplate.ToLower().Contains("html")); mail.Enqueue(OutgoingMailClassification.Normal); return(new ResetPasswordResponse(user.EmailAddress)); }
public ResetPasswordResponse ResetPassword(ResetPasswordRequest request) { Platform.CheckForNullReference(request, "request"); Platform.CheckMemberIsSet(request.UserName, "UserName"); var now = Platform.Time; var user = GetUser(request.UserName); // ensure user found, account is active and the current password is correct if (string.IsNullOrEmpty(user.EmailAddress)) { throw new RequestValidationException(SR.MessageEmailAddressNotConfigured); } // ensure user found, account is active and the current password is correct if (user == null || !user.IsActive(now)) { // no such user, account not active, or invalid password // the error message is deliberately vague throw new UserAccessDeniedException(); } // Just use the .NET routine var newPassword = Membership.GeneratePassword(8, 1); var expiryTime = Platform.Time; // change the password user.ChangePassword(newPassword, expiryTime); // send email var settings = new PasswordResetEmailSettings(); var mail = new OutgoingMailMessage( settings.FromAddress, user.EmailAddress, settings.SubjectTemplate.Replace("$USER", user.DisplayName), settings.BodyTemplate.Replace("$USER", user.DisplayName).Replace("$PASSWORD", newPassword), settings.BodyTemplate.ToLower().Contains("html")); mail.Enqueue(OutgoingMailClassification.Normal); return new ResetPasswordResponse(user.EmailAddress); }