public async Task <IActionResult> EditPasswordPost(EditPasswordViewModel model)
{
// Ensure we have permission
if (!await _authorizationService.AuthorizeAsync(User,
Permissions.ResetUserPasswords))
{
return(Unauthorized());
}
if (ModelState.IsValid)
{
var user = await _userManager.FindByIdAsync(model.Id);
if (user != null)
{
var result = await _platoUserManager.ResetPasswordAsync(
model.Email,
model.ResetToken,
model.NewPassword);
if (result.Succeeded)
{
_alerter.Success(T["Password Updated Successfully!"]);
// Redirect back to edit user
return(RedirectToAction(nameof(Edit), new RouteValueDictionary()
{
["id"] = user.Id.ToString()
}));
}
else
{
foreach (var error in result.Errors)
{
ViewData.ModelState.AddModelError(string.Empty, error.Description);
}
}
}
}
// If we reach this point the found user's reset token does not match the supplied reset token
return(await EditPassword(model.Id));
}
public async Task <IActionResult> ResetPassword(ResetPasswordViewModel model)
{
if (ModelState.IsValid)
{
var user = await _userManager.FindByEmailAsync(model.Email);
if (user != null)
{
// Ensure the user account matches the reset token
var resetToken = Encoding.UTF8.GetString(Convert.FromBase64String(model.ResetToken));
if (user.ResetToken == resetToken)
{
var result = await _platoUserManager.ResetPasswordAsync(
model.Email,
resetToken,
model.NewPassword);
if (result.Succeeded)
{
return(RedirectToLocal(Url.Action("ResetPasswordConfirmation")));
}
else
{
foreach (var error in result.Errors)
{
ViewData.ModelState.AddModelError(string.Empty, error.Description);
}
}
}
}
}
// If we reach this point the found user's reset token does not match the supplied reset token
ViewData.ModelState.AddModelError(string.Empty, "The email address does not match the reset token");
return(await ResetPassword(model.ResetToken));
}