public async Task <bool> ResetPasswordAsync(string emailAddress, string resetToken, string newPassword, Action <string, string> reportError)
{
var result = true;
if (string.IsNullOrWhiteSpace(emailAddress))
{
reportError("UserName", S["A email address is required."]);
result = false;
}
if (string.IsNullOrWhiteSpace(newPassword))
{
reportError("Password", S["A password is required."]);
result = false;
}
if (string.IsNullOrWhiteSpace(resetToken))
{
reportError("Token", S["A token is required."]);
result = false;
}
if (!result)
{
return(result);
}
var user = await _userManager.FindByEmailAsync(emailAddress) as User;
if (user == null)
{
return(false);
}
var identityResult = await _userManager.ResetPasswordAsync(user, resetToken, newPassword);
if (!identityResult.Succeeded)
{
ProcessValidationErrors(identityResult.Errors, user, reportError);
}
if (identityResult.Succeeded)
{
var context = new PasswordRecoveryContext(user);
await _passwordRecoveryFormEvents.InvokeAsync((handler, context) => handler.PasswordResetAsync(context), context, _logger);
}
return(identityResult.Succeeded);
}
public async Task <IActionResult> ForgotPassword(ForgotPasswordViewModel model)
{
if (!(await _siteService.GetSiteSettingsAsync()).As <ResetPasswordSettings>().AllowResetPassword)
{
return(NotFound());
}
await _passwordRecoveryFormEvents.InvokeAsync((e, modelState) => e.RecoveringPasswordAsync((key, message) => modelState.AddModelError(key, message)), ModelState, _logger);
if (TryValidateModel(model) && ModelState.IsValid)
{
var user = await _userService.GetForgotPasswordUserAsync(model.Email) as User;
if (user == null || (
(await _siteService.GetSiteSettingsAsync()).As <RegistrationSettings>().UsersMustValidateEmail &&
!await _userManager.IsEmailConfirmedAsync(user))
)
{
// returns to confirmation page anyway: we don't want to let scrapers know if a username or an email exist
return(RedirectToLocal(Url.Action("ForgotPasswordConfirmation", "ResetPassword")));
}
user.ResetToken = Convert.ToBase64String(Encoding.UTF8.GetBytes(user.ResetToken));
var resetPasswordUrl = Url.Action("ResetPassword", "ResetPassword", new { code = user.ResetToken }, HttpContext.Request.Scheme);
// send email with callback link
await this.SendEmailAsync(user.Email, S["Reset your password"], new LostPasswordViewModel()
{
User = user, LostPasswordUrl = resetPasswordUrl
});
var context = new PasswordRecoveryContext(user);
await _passwordRecoveryFormEvents.InvokeAsync((handler, context) => handler.PasswordRecoveredAsync(context), context, _logger);
return(RedirectToLocal(Url.Action("ForgotPasswordConfirmation", "ResetPassword")));
}
// If we got this far, something failed, redisplay form
return(View(model));
}
public Task PasswordResetAsync(PasswordRecoveryContext context) => RecordAuditTrailEventAsync(UserResetPasswordAuditTrailEventConfiguration.PasswordReset, context.User);
public Task PasswordRecoveredAsync(PasswordRecoveryContext context)
{
return(Task.CompletedTask);
}
