Пример #1
0
        public async Task <ResponseMessage> StartPasswordRecoveryProcedure(string email)
        {
            //Find user for email.
            var user = await userRepository.FindUserByEmail(email);

            if (user == null)
            {
                ////error 100: This means the specified email was not in the system. But by definition this information should not be available... To prevent scrapping with rainbow tables.
                return(new ResponseMessage(false, null, null, "100"));                //TODO : Vil vi faktisk gøre det sådan?
            }

            //Invalidate all tokens related to this user...
            await passwordRecoveryRepository.InvalidateAllRecoveriesForUser(user.Id);

            //Start password recovery procedure by generating a unique token id.
            var token      = Guid.NewGuid();
            var recoveryId = Guid.NewGuid();

            var encryptedToken = Cryptography.Hash_sha256(token.ToString());

            //store passwordRecovery state...
            await passwordRecoveryRepository.Insert(new PasswordRecoveryModel
            {
                Id                  = recoveryId,
                UserId              = user.Id,
                Email               = email,
                RecoveryToken       = encryptedToken,
                RecoveryRequestedAt = DateTime.UtcNow,
                IsActive            = true
            });

            //Configure email personalization
            var personalization = new Personalization <PasswordResetTemplateData>();

            personalization.to = new List <To> {
                new To {
                    email = email
                }
            };
            personalization.dynamic_template_data = new PasswordResetTemplateData
            {
                passwordRecoveryLink = $"{_identityServerUrlConfig.Value.IdentityServerUrl}/identity-api/resetpassword/changepassword/token/{token.ToString()}/"
            };

            //Send password recovery email
            await SendConfirmationEmail(email, _sendgridConfigs.Value.ResetPasswordTemplateId, personalization);

            return(new ResponseMessage(true));
        }