public async Task <Response> ResetAccount(string emailOrUsername) { var resp = new Response { Type = ResponseType.Fail }; var user = await _userManager.FindByEmailAsync(emailOrUsername); if (user == null) { user = await _userManager.FindByNameAsync(emailOrUsername); } if (user == null) { resp.ErrorCode = ErrorCode.UserNotFound; return(resp); } var now = DateTime.UtcNow; var unixTimestamp = Utility.GetUnixTimeStamp(now); var resetLink = Utility.Base64Encode($"{user.Id:N}::{user.SecurityStamp}::{unixTimestamp}"); var mailSent = SendResetPasswordEmail(resetLink, user.Email); if (!mailSent) { resp.ErrorCode = ErrorCode.ApplicationException; return(resp); } user.LockoutEnd = now; await _userManager.UpdateAsync(user); _logger.LogInformation(string.Format(LoggingOperationPhrase.PasswordReset, user.Id)); resp.Type = ResponseType.Success; return(resp); }
public async Task <DataResponse <Guid> > ConfirmPasswordReset(string password, string securityCode) { var resp = new DataResponse <Guid> { Type = ResponseType.Fail, Data = Guid.Empty }; string decodedLink; try { decodedLink = Utility.Base64Decode(securityCode); } catch (Exception e) { _logger.LogError($"{securityCode} decode error", e); resp.ErrorCode = ErrorCode.ApplicationException; return(resp); } var linkParams = decodedLink.Split("::"); if (linkParams.Length != 3) { _logger.LogError($"{securityCode} params cannot be found"); resp.ErrorCode = ErrorCode.ApplicationException; return(resp); } var userId = Guid.Parse(linkParams[0]); var securityStamp = linkParams[1]; var unixTimestamp = int.Parse(linkParams[2]); var user = await _userManager.FindByIdAsync(userId.ToString()); if (user == null || user.SecurityStamp != securityStamp) { resp.ErrorCode = ErrorCode.SecurityError; return(resp); } var lockoutEndDate = user.LockoutEnd.Value.UtcDateTime; if (unixTimestamp != Utility.GetUnixTimeStamp(lockoutEndDate)) { resp.ErrorCode = ErrorCode.SecurityCodeExpired; return(resp); } if (lockoutEndDate.AddMinutes(10) < DateTime.UtcNow) { resp.ErrorCode = ErrorCode.SecurityCodeExpired; return(resp); } resp.Data = userId; resp.Type = ResponseType.Success; return(resp); }