Exemplo n.º 1
0
        private bool AnotherMemberHasRequestedThisEmailAddress(string email)
        {
#pragma warning disable CA1308 // Normalize strings to uppercase
            var membersRequestingThisEmail = Services.MemberService.GetMembersByPropertyValue("requestedEmail", email?.Trim().ToLowerInvariant(), StringPropertyMatchType.Exact);
#pragma warning restore CA1308 // Normalize strings to uppercase
            return(membersRequestingThisEmail.Any(x => !_verificationToken.HasExpired(x.GetValue <DateTime>("requestedEmailTokenExpires"))));
        }
Exemplo n.º 2
0
        public override ActionResult Index(ContentModel contentModel)
        {
            var model = new ResetPassword(contentModel?.Content);

            model.Metadata = new ViewMetadata
            {
                PageTitle   = model.Name,
                Description = model.Description
            };

            try
            {
                model.PasswordResetToken = Request.QueryString["token"];

                // If there's no token, show the form to request a password reset
                if (string.IsNullOrEmpty(model.PasswordResetToken))
                {
                    return(View("ResetPasswordRequest", model));
                }

                // Show a message saying the reset was successful
                if (Request.QueryString["successful"] == "yes")
                {
                    model.ShowPasswordResetSuccessful = true;
                    return(View("ResetPasswordComplete", model));
                }

                var memberId = _verificationToken.ExtractId(model.PasswordResetToken);

                var member = Services.MemberService.GetById(memberId);

                if (member.GetValue("passwordResetToken").ToString() == model.PasswordResetToken && !_verificationToken.HasExpired(member.GetValue <DateTime>("passwordResetTokenExpires")))
                {
                    // Show the set a new password form
                    model.PasswordResetTokenValid = true;
                }
                else
                {
                    // Show a message saying the token was not valid
                    Logger.Info(typeof(ResetPasswordController), LoggingTemplates.MemberPasswordResetTokenInvalid, model.PasswordResetToken, typeof(ResetPasswordController), nameof(ResetPasswordController.Index));
                    model.PasswordResetTokenValid = false;
                }
            }
            catch (FormatException)
            {
                // Show a message saying the token was not valid
                Logger.Info(typeof(ResetPasswordController), LoggingTemplates.MemberPasswordResetTokenInvalid, model.PasswordResetToken, typeof(ResetPasswordController), nameof(ResetPasswordController.Index));
                model.PasswordResetTokenValid = false;
            }
            return(View("ResetPassword", model));
        }
        public ActionResult UpdatePassword([Bind(Prefix = "resetPasswordUpdate")] ResetPasswordFormData model)
        {
            var contentModel = new ResetPassword(CurrentPage);

            contentModel.Metadata = new ViewMetadata
            {
                PageTitle   = contentModel.Name,
                Description = contentModel.Description
            };

            if (model == null)
            {
                contentModel.ShowPasswordResetSuccessful = false;
                return(View("ResetPasswordComplete", contentModel));
            }

            // Assume the token is valid and this will be checked later
            contentModel.PasswordResetToken = Request.QueryString["token"];

            if (!ModelState.IsValid)
            {
                contentModel.PasswordResetTokenValid = true;
                return(View("ResetPassword", contentModel));
            }

            try
            {
                var memberId = _verificationToken.ExtractId(contentModel.PasswordResetToken);

                var memberService = Services.MemberService;
                var member        = memberService.GetById(memberId);

                if (member != null)
                {
                    if (member.GetValue <string>("passwordResetToken") == contentModel.PasswordResetToken &&
                        !_verificationToken.HasExpired(member.GetValue <DateTime>("passwordResetTokenExpires")))
                    {
                        // If the user has tried repeatedly they might have locked their account
                        // Remove the lockout and expire the token
                        member.IsLockedOut = false;
                        member.SetValue("passwordResetTokenExpires", _verificationToken.ResetExpiryTo());
                        memberService.Save(member);

                        // Reset the password
                        memberService.SavePassword(member, model.NewPassword);

                        Logger.Info(typeof(ResetPasswordSurfaceController), LoggingTemplates.MemberPasswordReset, member.Username, member.Key, typeof(ResetPasswordSurfaceController), nameof(UpdatePassword));

                        // They obviously wanted to login, so be helpful and do it, unless they're blocked
                        if (!member.GetValue <bool>("blockLogin"))
                        {
                            _loginMemberWrapper.LoginMember(member.Username, model.NewPassword);
                        }

                        // Redirect because the login doesn't update the thread identity
                        return(RedirectToCurrentUmbracoPage($"token={contentModel.PasswordResetToken}&successful=yes"));
                    }
                    else
                    {
                        Logger.Info(typeof(ResetPasswordSurfaceController), LoggingTemplates.MemberPasswordResetTokenInvalid, contentModel.PasswordResetToken, typeof(ResetPasswordSurfaceController), nameof(UpdatePassword));
                        contentModel.ShowPasswordResetSuccessful = false;
                        return(View("ResetPasswordComplete", contentModel));
                    }
                }
                else
                {
                    Logger.Info(typeof(ResetPasswordSurfaceController), LoggingTemplates.MemberPasswordResetTokenInvalid, contentModel.PasswordResetToken, typeof(ResetPasswordSurfaceController), nameof(UpdatePassword));
                    contentModel.ShowPasswordResetSuccessful = false;
                    return(View("ResetPasswordComplete", contentModel));
                }
            }
            catch (FormatException)
            {
                Logger.Info(typeof(ResetPasswordSurfaceController), LoggingTemplates.MemberPasswordResetTokenInvalid, contentModel.PasswordResetToken, typeof(ResetPasswordSurfaceController), nameof(UpdatePassword));
                contentModel.ShowPasswordResetSuccessful = false;
                return(View("ResetPasswordComplete", contentModel));
            }
        }
Exemplo n.º 4
0
        public override ActionResult Index(ContentModel contentModel)
        {
            var model = new ApproveMember(contentModel?.Content);

            model.Metadata = new ViewMetadata
            {
                PageTitle   = model.Name,
                Description = model.Description
            };

            try
            {
                var approvalToken = Request.QueryString["token"];
                var memberId      = _verificationToken.ExtractId(approvalToken);

                var memberService = Services.MemberService;
                var member        = memberService.GetById(memberId);

                if (member != null && member.GetValue("approvalToken")?.ToString() == approvalToken && !_verificationToken.HasExpired(member.GetValue <DateTime>("approvalTokenExpires")))
                {
                    // Approve the member and expire the token
                    member.IsApproved = true;
                    member.SetValue("approvalTokenExpires", _verificationToken.ResetExpiryTo());
                    memberService.Save(member);

                    model.ApprovalTokenValid = true;
                    model.MemberName         = member.Name;

                    Logger.Info(typeof(ApproveMemberController), LoggingTemplates.ApproveMember, member.Username, member.Key, typeof(ApproveMemberController), nameof(Index));
                }
                else
                {
                    model.ApprovalTokenValid = false;
                }
            }
            catch (FormatException)
            {
                model.ApprovalTokenValid = false;
            }
            return(View("ApproveMember", model));
        }
Exemplo n.º 5
0
 private bool MemberHasValidEmailToken(IMember member, string token)
 {
     return(member != null && member.GetValue("requestedEmailToken")?.ToString() == token && !_verificationToken.HasExpired(member.GetValue <DateTime>("requestedEmailTokenExpires")));
 }