public async Task ForgotPassword(ForgotPasswordRequest request)
{
request.ValidateAndThrow();
var user = await _userManager.FindByEmailAsync(request.Email);
// if user doesn´t exist we just do a silent fail to prevent hackers to get info
// about users in the database based on forgot password responses
if (user != null)
{
var resetToken = await _userManager.GeneratePasswordResetTokenAsync(user);
if (_settings.SmtpEnabled)
{
await _emailSender.Send(new EmailMessage
{
ToAddresses = new List <EmailAddress> {
new EmailAddress {
Name = user.UserName, Address = user.Email
}
},
FromAddresses = new List <EmailAddress> {
new EmailAddress {
Name = _settings.SmtpFromName, Address = _settings.SmtpFrom
}
},
Subject = string.IsNullOrEmpty(user.PasswordHash) ? "Welcome to Global Article Database!" : "Password reset on Global Article Database",
Content = string.IsNullOrEmpty(user.PasswordHash) ?
_emailTemplateRetriever.SetInitialPasswordTemplate(user.UserName, user.Email, resetToken) :
_emailTemplateRetriever.GetResetPasswordTemplate(user.UserName, user.Email, resetToken)
});
}
}
}
