/**
* Receives a password reset token sent from email in order to redirect to
* the proper password reset page.
*
* @receives - request link from email with embedded one time password
*/
public ActionResult Reset()
{
try {
var userOtp = DatabaseOtpService.GetByCode(RouteData.Values["otp"].ToString());
var user = DatabaseUserService.GetById(userOtp.UserId);
if (userOtp.IsActive())
{
if (user.Enabled)
{
return(View("../Login/Reset", new LoginController.ResetData {
Email = user.Email, OTP = userOtp.Code
}));
}
else
{
return(ResetFailure());
}
}
else
{
return(ExpiredOtp());
}
} catch (Exception) {
return(BadLink());
}
}
public ActionResult Code(string userId, string loginCode)
{
if (userId == null || loginCode == null)
{
return(RedirectToAction("Index", "Login"));
}
long userIdLong;
if (!long.TryParse(userId, out userIdLong))
{
return(RedirectToAction("Index", "Login"));
}
var otp = DatabaseOtpService.GetByCode(loginCode);
if (otp.Time.AddMinutes(10) < DateTime.Now || otp.UserId != userIdLong)
{
return(RedirectToAction("Index", "Login"));
}
DatabaseOtpService.Disable(otp.Id);
Session[Models.Login.UserIdSession] = otp.UserId;
return(RedirectToAction("Index", "Patient"));
}
public ActionResult Reset(string email, string password, string confirm_password, string otpCode)
{
var otp = DatabaseOtpService.GetByCode(otpCode);
if (otp == null || !otp.IsActive())
{
return(Index());
}
DatabaseOtpService.Disable(otp.Id);
var user = Login.GetLogin(email);
if (user == null)
{
return(Index());
}
if (string.IsNullOrEmpty(password) || string.IsNullOrEmpty(confirm_password))
{
return(ResetResult(ResetResults.PasswordNotSet));
}
if (password != confirm_password)
{
return(ResetResult(ResetResults.PasswordsDontMatch));
}
user.SetPassword(password);
return(ResetResult(null));
}
public ActionResult Login(string phonenumber)
{
// just a bit of input cleanup
phonenumber = new Regex("[\\(\\)\\s+\\-]").Replace(phonenumber, "");
if (!phonenumber.StartsWith("+"))
{
if (phonenumber.Length == 10)
{
phonenumber = "+1" + phonenumber;
}
else
{
phonenumber = "+" + phonenumber;
}
}
else
{
if (phonenumber.Length == 11)
{
phonenumber = "+1" + phonenumber.Substring(1);
}
}
// TODO Tyler - skip this step and get patient directly from phone number?
var user = DatabaseUserService.GetByPhoneActive(phonenumber);
if (user == null)
{
return(Code(null));
}
var patient = DatabasePatientService.GetByUserIdActive(user.UserId);
if (patient == null)
{
return(Code(null));
}
var otp = new OTP()
{
UserId = patient.UserId,
Time = DateTime.Now,
Code = new Random().Next(0, 1000000).ToString("000000")
};
DatabaseOtpService.Insert(otp);
NotificationSender.SendNotification(patient, "Your one-time patient login code is " + otp.Code);
return(Code(patient.UserId));
}
public bool IsActive()
{
if (!object_active)
{
return(false);
}
if ((Time - DateTime.Now).TotalDays < 1)
{
return(true);
}
else
{
DatabaseOtpService.Disable(Id);
}
return(false);
}
