public async Task<IHttpActionResult> ForgotPassword(string email) { try { if (!ModelState.IsValid) { return BadRequest(ModelState); } using (AuthRepository _repo = new AuthRepository()) { ApplicationUser initialUser = await _repo.FindUserByName(email); if (initialUser == null) { // Don't reveal that the user does not exist ModelState.AddModelError(ModelStateType.ErrorList, "Sorry, there was an error."); return BadRequest(ModelState); } var confirmed = await _repo.VerifyEmailConfirmed(initialUser.Id); if (!confirmed) { ModelState.AddModelError(ModelStateType.ErrorList, "eMailNotConfirmed"); return BadRequest(ModelState); } await _repo.SendChangePasswordConfirmation(initialUser.Id, email); return Ok(); } } catch (Exception ex) { Helper.ErrorLogging.LogError(ex); return InternalServerError(ex); } }
public async Task<IHttpActionResult> ResetPassword(string email, string password, string code) { try { using (AuthRepository _repo = new AuthRepository()) { code = code.Replace(" ", "+"); ApplicationUser user = await _repo.FindUserByName(email); if (user == null) { // Don't reveal that the user does not exist ModelState.AddModelError(string.Empty, "Sorry, there was an error."); return BadRequest(ModelState); } IdentityResult result = await _repo.ResetPasswordAsync(user.Id, code, password); if (!result.Succeeded) { foreach (string error in result.Errors) ModelState.AddModelError(ModelStateType.ErrorList, error); return BadRequest(ModelState); } return Ok(); } } catch (Exception ex) { Helper.ErrorLogging.LogError(ex); return InternalServerError(ex); } }
public async Task<IHttpActionResult> Verify2FACode(string userName, string pinCode) { try { using (AuthRepository repo = new AuthRepository()) { ApplicationUser user = await repo.FindUserByName(userName); bool isCodeValid = await repo.VerifyTwoFactorToken(user.Id, pinCode); ClaimsIdentity userIdentity = await user.GenerateUserIdentityAsync(UserManager); if (isCodeValid) { var rememberBrowserIdentity = repo.authManager.CreateTwoFactorRememberBrowserIdentity(user.Id); repo.authManager.SignIn(new AuthenticationProperties { IsPersistent = true }, userIdentity, rememberBrowserIdentity); } else { return BadRequest("Sorry, that is not a valid code."); } } return Ok(); } catch (Exception ex) { Helper.ErrorLogging.LogError(ex); return InternalServerError(ex); } }