public async Task <bool> ResetPasswordAsync(string emailAddress, string resetToken, string newPassword, Action <string, string> reportError) { var result = true; if (string.IsNullOrWhiteSpace(emailAddress)) { reportError("UserName", S["A email address is required."]); result = false; } if (string.IsNullOrWhiteSpace(newPassword)) { reportError("Password", S["A password is required."]); result = false; } if (string.IsNullOrWhiteSpace(resetToken)) { reportError("Token", S["A token is required."]); result = false; } if (!result) { return(result); } var user = await _userManager.FindByEmailAsync(emailAddress) as User; if (user == null) { return(false); } var identityResult = await _userManager.ResetPasswordAsync(user, resetToken, newPassword); if (!identityResult.Succeeded) { ProcessValidationErrors(identityResult.Errors, user, reportError); } if (identityResult.Succeeded) { var context = new PasswordRecoveryContext(user); await _passwordRecoveryFormEvents.InvokeAsync((handler, context) => handler.PasswordResetAsync(context), context, _logger); } return(identityResult.Succeeded); }
public async Task <IActionResult> ForgotPassword(ForgotPasswordViewModel model) { if (!(await _siteService.GetSiteSettingsAsync()).As <ResetPasswordSettings>().AllowResetPassword) { return(NotFound()); } await _passwordRecoveryFormEvents.InvokeAsync((e, modelState) => e.RecoveringPasswordAsync((key, message) => modelState.AddModelError(key, message)), ModelState, _logger); if (TryValidateModel(model) && ModelState.IsValid) { var user = await _userService.GetForgotPasswordUserAsync(model.Email) as User; if (user == null || ( (await _siteService.GetSiteSettingsAsync()).As <RegistrationSettings>().UsersMustValidateEmail && !await _userManager.IsEmailConfirmedAsync(user)) ) { // returns to confirmation page anyway: we don't want to let scrapers know if a username or an email exist return(RedirectToLocal(Url.Action("ForgotPasswordConfirmation", "ResetPassword"))); } user.ResetToken = Convert.ToBase64String(Encoding.UTF8.GetBytes(user.ResetToken)); var resetPasswordUrl = Url.Action("ResetPassword", "ResetPassword", new { code = user.ResetToken }, HttpContext.Request.Scheme); // send email with callback link await this.SendEmailAsync(user.Email, S["Reset your password"], new LostPasswordViewModel() { User = user, LostPasswordUrl = resetPasswordUrl }); var context = new PasswordRecoveryContext(user); await _passwordRecoveryFormEvents.InvokeAsync((handler, context) => handler.PasswordRecoveredAsync(context), context, _logger); return(RedirectToLocal(Url.Action("ForgotPasswordConfirmation", "ResetPassword"))); } // If we got this far, something failed, redisplay form return(View(model)); }
public Task PasswordResetAsync(PasswordRecoveryContext context) => RecordAuditTrailEventAsync(UserResetPasswordAuditTrailEventConfiguration.PasswordReset, context.User);
public Task PasswordRecoveredAsync(PasswordRecoveryContext context) { return(Task.CompletedTask); }