public object Any(PasswordResetConfirmRequest request) { object val = null; val = Process.PasswordReset(request); return val; }
public string PasswordReset(PasswordResetConfirmRequest request) { var record = RepoUsers.GetPasswordResetRecord(request.Key); if (record == null || record.SaltedHash != request.Hash) throw new InvalidPasswordResetException(); string hash, salt; Auth.GetHashAndSaltString(request.NewPassword, out hash, out salt); RepoUsers.UpdatePasswordByUserId(record.UserRef, hash, salt); // clearup RepoUsers.DeletePasswordResetRecord(record.UserRef); // if people forgot to activation their signup, // password reset can also act as signup activation RepoUsers.DeleteActivationRecord(record.UserRef); return request.Key; }