public async Task <ResponseMessage> StartPasswordRecoveryProcedure(string email)
{
//Find user for email.
var user = await userRepository.FindUserByEmail(email);
if (user == null)
{
////error 100: This means the specified email was not in the system. But by definition this information should not be available... To prevent scrapping with rainbow tables.
return(new ResponseMessage(false, null, null, "100")); //TODO : Vil vi faktisk gøre det sådan?
}
//Invalidate all tokens related to this user...
await passwordRecoveryRepository.InvalidateAllRecoveriesForUser(user.Id);
//Start password recovery procedure by generating a unique token id.
var token = Guid.NewGuid();
var recoveryId = Guid.NewGuid();
var encryptedToken = Cryptography.Hash_sha256(token.ToString());
//store passwordRecovery state...
await passwordRecoveryRepository.Insert(new PasswordRecoveryModel
{
Id = recoveryId,
UserId = user.Id,
Email = email,
RecoveryToken = encryptedToken,
RecoveryRequestedAt = DateTime.UtcNow,
IsActive = true
});
//Configure email personalization
var personalization = new Personalization <PasswordResetTemplateData>();
personalization.to = new List <To> {
new To {
email = email
}
};
personalization.dynamic_template_data = new PasswordResetTemplateData
{
passwordRecoveryLink = $"{_identityServerUrlConfig.Value.IdentityServerUrl}/identity-api/resetpassword/changepassword/token/{token.ToString()}/"
};
//Send password recovery email
await SendConfirmationEmail(email, _sendgridConfigs.Value.ResetPasswordTemplateId, personalization);
return(new ResponseMessage(true));
}