public async Task <IHttpActionResult> ChangePassword(ChangePasswordBinding changedPassword)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var requestingUserId = User.Identity.GetUserId();
var result = await JWTUserManager.ChangePasswordAsync(
User.Identity.GetUserId(), changedPassword.OldPassword, changedPassword.NewPassword);
if (!result.Succeeded)
{
return(GetErrorResult(result));
}
var changingUser = JWTUserManager.FindById(requestingUserId);
var client = JWTClientManager.FindById(changingUser.ClientId);
JWTMailer.Send(changingUser.Email, JWTAuthServerConstants.PasswordChangeMailSubject,
string.Format(JWTAuthServerConstants.PasswordChangeMailBody, client.Name));
return(Ok());
}
public async Task <IHttpActionResult> ConfirmEmail(string userId = "", string code = "")
{
if (string.IsNullOrWhiteSpace(userId) || string.IsNullOrWhiteSpace(code))
{
ModelState.AddModelError("", JWTAuthServerConstants.UserIdAndCode);
return(BadRequest(ModelState));
}
var result = await JWTUserManager.ConfirmEmailAsync(userId, code);
if (result.Succeeded)
{
// Assigning the default user role when successfully confirming the email
// so the user will have the default rights to access the API.
await JWTUserManager.AddToRoleAsync(userId,
ConfigurationManager.AppSettings["JWTServer.InitialUserRole"]);
var confirmedUser = JWTUserManager.FindById(userId);
var client = JWTClientManager.FindById(confirmedUser.ClientId);
JWTMailer.Send(confirmedUser.Email, JWTAuthServerConstants.ConfirmResponseMailSubject,
string.Format(JWTAuthServerConstants.ConfirmResponseMailBody, client.Name));
return(Ok());
}
else
{
return(GetErrorResult(result));
}
}
