public async Task<IHttpActionResult> ChangeEmail(ChangeEmailModel model) { try { if (!ModelState.IsValid) { return BadRequest(ModelState); } using (AuthRepository repo = new AuthRepository()) { ApplicationUser user = await repo.FindAspUserByUserId(HttpContext.Current.User.Identity.Name); if (user != null) { IdentityResult updatedEmail = await repo.ChangeEmailAsync(user, model.Email, user.Email); if (!updatedEmail.Succeeded) { foreach (string error in updatedEmail.Errors) ModelState.AddModelError(ModelStateType.ErrorList, error); return BadRequest(ModelState); } return Ok(user); } else { // Don't reveal that the user does not exist ModelState.AddModelError(string.Empty, "Sorry, there was an error."); return BadRequest(ModelState); } } } catch (Exception ex) { Helper.ErrorLogging.LogError(ex); return InternalServerError(ex); } }
public async Task<HttpResponseMessage> ConfirmEmail(string aspUserId, string code) { AuthRepository repo = new AuthRepository(); try { if (aspUserId != null && code != null) { IdentityResult result = await repo.ConfirmEmail(aspUserId, code); if (result.Succeeded) { //If email confirmation succeeds, automatically give the a 2FA token ApplicationUser user = await repo.FindAspUserByUserId(aspUserId); var userIdentity = await user.GenerateUserIdentityAsync(UserManager); string pinCode = await repo.GetTwoFactorCode(aspUserId); await repo.VerifyTwoFactorToken(aspUserId, pinCode); var rememberBrowserIdentity = repo.authManager.CreateTwoFactorRememberBrowserIdentity(user.Id); repo.authManager.SignIn(new AuthenticationProperties { IsPersistent = true }, userIdentity, rememberBrowserIdentity); var response = Request.CreateResponse(HttpStatusCode.Moved); response.Headers.Location = new Uri(Config.BaseWWClientURL + "#/registerConfirm"); return response; } } var errorResponse = Request.CreateResponse(HttpStatusCode.Moved); errorResponse.Headers.Location = new Uri(Config.BaseWWClientURL + "/#/registerError?id=" + aspUserId); return errorResponse; } catch (Exception ex) { ErrorLogging.LogError(ex); var errorResponse = Request.CreateResponse(HttpStatusCode.Moved); errorResponse.Headers.Location = new Uri(Config.BaseWWClientURL + "/#/registerError?id=" + aspUserId); return errorResponse; } finally { repo.Dispose(); } }
public async Task<IHttpActionResult> ChangePassword(ChangePasswordModel model) { try { if (!ModelState.IsValid) { return BadRequest(ModelState); } using (AuthRepository repo = new AuthRepository()) { ApplicationUser appUser = await repo.FindAspUserByUserId(User.Identity.Name); var user = await repo.CheckCredentials(appUser.UserName, model.OldPassword); if (user == null) { // Don't reveal that the user does not exist ModelState.AddModelError(ModelStateType.ErrorList, "The current password is incorrect"); return BadRequest(ModelState); } IdentityResult result = await repo.ChangePasswordAsync(user, model.OldPassword, model.NewPassword); if (!result.Succeeded) { foreach (string error in result.Errors) ModelState.AddModelError(ModelStateType.ErrorList, error); return BadRequest(ModelState); } return Ok(); } } catch (Exception ex) { Helper.ErrorLogging.LogError(ex); return InternalServerError(ex); } }