public async Task <IActionResult> ChangeForgotenPasswordAsync([FromBody] ChangeForgotenPasswordBindingModel collection)
{
Log.Debug($"ChangeForgotenPassword => {JsonConvert.SerializeObject(collection)}");
try {
if (string.IsNullOrEmpty(collection?.Username))
{
return(BadRequest(_localizer[DataTransferer.DefectiveEmailOrCellPhone().Message]));
}
collection.Username = collection.Username.Trim();
if (string.IsNullOrEmpty(collection.NewPassword) && string.IsNullOrEmpty(collection.ConfirmPassword))
{
return(BadRequest(_localizer[DataTransferer.DefectivePassword().Message]));
}
if (collection.NewPassword != collection.ConfirmPassword)
{
return(BadRequest(_localizer[DataTransferer.PasswordsMissmatch().Message]));
}
if (string.IsNullOrWhiteSpace(collection.Token))
{
return(BadRequest(_localizer[DataTransferer.UnofficialRequest().Message]));
}
var query = new AccountProfileGetFirstSchema {
LinkedId = collection.Username
};
if (collection.Username.IsPhoneNumber())
{
query.TypeId = AccountProfileType.Phone.ToInt();
}
else if (new EmailAddressAttribute().IsValid(collection.Username))
{
query.TypeId = AccountProfileType.Email.ToInt();
}
else
{
return(BadRequest(_localizer[DataTransferer.InvalidEmailOrCellPhone().Message]));
}
var accountProfile = await _accountProfileService.FirstAsync(query).ConfigureAwait(true);
if (accountProfile == null)
{
if (query.TypeId == AccountProfileType.Phone.ToInt())
{
return(BadRequest(_localizer[DataTransferer.PhoneNotFound().Message]));
}
if (query.TypeId == AccountProfileType.Email.ToInt())
{
return(BadRequest(_localizer[DataTransferer.EmailNotFound().Message]));
}
}
var cachedToken = _memoryCache.Get(collection.Username);
if (cachedToken == null)
{
return(BadRequest(_localizer[DataTransferer.ChangingPasswordWithoutToken().Message]));
}
var account = await _accountService.FirstAsync(new AccountGetFirstSchema {
Id = accountProfile.AccountId.Value
}).ConfigureAwait(true);
if (account == null)
{
return(BadRequest(_localizer[DataTransferer.UserNotFound().Message]));
}
if (collection.Token != cachedToken.ToString())
{
Log.Warning($"Account => {account}, AccountProfile => {accountProfile}, It tried to change its password with a wrong 'ForgotPasswordToken'");
return(BadRequest(_localizer[DataTransferer.ChangingPasswordWithWrongToken().Message]));
}
_memoryCache.Remove(collection.Username);
await _accountService.UpdateAsync(new AccountUpdateSchema {
Id = account.Id.Value,
Password = _cryptograph.RNG(collection.NewPassword)
}).ConfigureAwait(false);
return(Ok(_localizer[DataTransferer.PasswordChanged().Message]));
}
catch (Exception ex) {
Log.Error(ex, ex.Source);
return(Problem(_localizer[DataTransferer.SomethingWentWrong().Message]));
}
}
