public async Task <IActionResult> SendForgotPasswordMail([FromBody] ForgotPasswordModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var validationResult = await _captchaValidator.Validate(model.CaptchaToken, Request.HttpContext.Connection.RemoteIpAddress); if (!validationResult.Success) { return(BadRequest("Could not verify captcha.")); } var user = await _userManager.FindByEmailAsync(model.Email); if (user == null || !user.EmailConfirmed) { //don't reveal if the user does not exist or the email is not yet confirmed return(Ok()); } var resetPasswordToken = await _userManager.GeneratePasswordResetTokenAsync(user); await _mailSender.SendForgotPasswordMessageAsync(user, resetPasswordToken); return(Ok()); }