public async Task <IHttpActionResult> ChangePassword(ChangePasswordBinding changedPassword)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            var requestingUserId = User.Identity.GetUserId();

            var result = await JWTUserManager.ChangePasswordAsync(
                User.Identity.GetUserId(), changedPassword.OldPassword, changedPassword.NewPassword);

            if (!result.Succeeded)
            {
                return(GetErrorResult(result));
            }

            var changingUser = JWTUserManager.FindById(requestingUserId);
            var client       = JWTClientManager.FindById(changingUser.ClientId);

            JWTMailer.Send(changingUser.Email, JWTAuthServerConstants.PasswordChangeMailSubject,
                           string.Format(JWTAuthServerConstants.PasswordChangeMailBody, client.Name));

            return(Ok());
        }
        public async Task <IHttpActionResult> ConfirmEmail(string userId = "", string code = "")
        {
            if (string.IsNullOrWhiteSpace(userId) || string.IsNullOrWhiteSpace(code))
            {
                ModelState.AddModelError("", JWTAuthServerConstants.UserIdAndCode);
                return(BadRequest(ModelState));
            }

            var result = await JWTUserManager.ConfirmEmailAsync(userId, code);

            if (result.Succeeded)
            {
                // Assigning the default user role when successfully confirming the email
                // so the user will have the default rights to access the API.
                await JWTUserManager.AddToRoleAsync(userId,
                                                    ConfigurationManager.AppSettings["JWTServer.InitialUserRole"]);

                var confirmedUser = JWTUserManager.FindById(userId);
                var client        = JWTClientManager.FindById(confirmedUser.ClientId);

                JWTMailer.Send(confirmedUser.Email, JWTAuthServerConstants.ConfirmResponseMailSubject,
                               string.Format(JWTAuthServerConstants.ConfirmResponseMailBody, client.Name));

                return(Ok());
            }
            else
            {
                return(GetErrorResult(result));
            }
        }
        // ----- External Auth Logic ------------------------------------------

        private string ValidateClientAndRedirectUri(ref string redirectUriOutput)
        {
            Uri redirectUri;

            var redirectUriString = GetQueryString(Request, "redirect_uri");

            if (string.IsNullOrWhiteSpace(redirectUriString))
            {
                return("redirect_uri is required");
            }

            var validUri = Uri.TryCreate(redirectUriString, UriKind.Absolute, out redirectUri);

            if (!validUri)
            {
                return("redirect_uri is invalid");
            }

            var clientId = GetQueryString(Request, "client_id");

            if (string.IsNullOrWhiteSpace(clientId))
            {
                return("client_Id is required");
            }

            var client = JWTClientManager.FindById(clientId);

            if (client == null)
            {
                return(string.Format("Client_id '{0}' is not registered in the system.", clientId));
            }

            if (!string.Equals(client.AllowedOrigin, redirectUri.GetLeftPart(UriPartial.Authority), StringComparison.OrdinalIgnoreCase))
            {
                return(string.Format("The given URL is not allowed by Client_id '{0}' configuration.", clientId));
            }

            redirectUriOutput = redirectUri.AbsoluteUri;

            return(string.Empty);
        }