public HttpResponseMessage ChangeRequest(ChangeRequest_RequestSM data) { // 1. Check does user with mobilePhone exist? AppUser user = _appUserDal.GetByMobile(data.Mobile); if (user != null) { // 2. If yes - create new entry in collection "ChangePasswordRequest". var changePasswordRequest = new ChangePasswordRequest { Mobile = data.Mobile, Created = DateTime.Now, Code = CodeGenerator.Generate4DigitCode(), Approved = false, Hash = StringHasher.GenerateHash() }; _changePasswordRequestDal.Insert(changePasswordRequest); // 3. Send SMS with code to user. _omm.SendPasswordToUserWhoForgotPassword(user, changePasswordRequest.Code.ToString()); // 4. Response user with hash. With this hash user will send code back and change password then. var changeRequest_ResponseSM = new ChangeRequest_ResponseSM { Hash = changePasswordRequest.Hash }; return Request.CreateResponse(HttpStatusCode.OK, changeRequest_ResponseSM); } else { // TODO: maybe return OK anyway to not let malefactors spam website to know all available mobilephone numbers? return Request.CreateResponse(HttpStatusCode.BadRequest, "User with such mobile phone doesn't exists."); } }
public void Update(ChangePasswordRequest changePasswordRequest) { MongoCnn.GetChangePasswordRequestCollection().Save(changePasswordRequest); }