/// <summary>
/// Insert the password reset request
/// </summary>
/// <param name="emailId">Email id</param>
/// <returns>The Password reset request</returns>
public PasswordResetRequest PasswordResetRequest(string emailId)
{
if (string.IsNullOrEmpty(emailId))
{
throw new ArgumentNullException("Please provide a valid email");
}
var familyMember = Repository.Table <FamilyMember>().SingleOrDefault(p => p.User.Email.Equals(emailId) && !p.IsDeleted);
if (familyMember == null)
{
throw new ObjectNotFoundException("We couldn't find your account with that information.");
}
var passwordResetRequest = new PasswordResetRequest
{
FamilyMemberID = familyMember.Id,
Token = Guid.NewGuid(),
Status = PasswordResetStatus.PendingReset,
CreationDate = DateTime.UtcNow
};
Repository.Insert(passwordResetRequest);
// Email password reset url to parent
var emailTemplate = _emailTemplateService.GetByType(EmailTemplateType.PasswordReset);
var bodyContent = emailTemplate?.Content ?? "Password Reseted";
var resetLink = HttpContext.Current != null ? HttpContext.Current.Request.UrlReferrer.AbsoluteUri + "#/reset/" + passwordResetRequest.Token : string.Empty;
bodyContent = PrepareTemplateValues(bodyContent, familyMember.Firstname, familyMember.Lastname, resetLink);
_emailService.Send(emailId, emailTemplate.Subject, bodyContent);
return(passwordResetRequest);
}
public async Task <PasswordResetErrorResponse> PasswordResetAsync([FromBody] PasswordResetRequest request)
{
var result = await _passwordResetService.PasswordResetAsync(request.CustomerEmail, request.ResetIdentifier,
request.Password);
return(_mapper.Map <PasswordResetErrorResponse>(result));
}
public ServiceResult ResetPassword(string password, string token)
{
PasswordResetRequest request = _membersDataService.GetPasswordResetRequest(token);
if (request == null)
{
return(new ServiceResult(false, "Request not found"));
}
IMember member = _umbracoMemberService.GetById(request.MemberId);
string message = null;
if (request.Expires < DateTime.Now)
{
message = "Request expired";
}
else if (member == null)
{
message = "User not found";
}
if (message == null)
{
_umbracoMemberService.SavePassword(member, password);
}
_membersDataService.DeletePasswordResetRequest(request.PasswordResetRequestId);
return(new ServiceResult(message == null, message));
}
public async Task <ActionResult> ResetPasswordRequest(ResetPasswordRequestViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
using (var client = apiClient())
{
ResetPasswordRoute route = externalRouteService.InternalUserResetPasswordRoute;
PasswordResetRequest apiModel = new PasswordResetRequest(model.Email, route);
var token = await apiClientCredential().GetClientCredentialsAsync();
var result = await client.User.ResetPasswordRequestAsync(apiModel, token.AccessToken);
if (!result.ValidEmail)
{
ModelState.AddModelError("Email", "Email address not recognised.");
return(View(model));
}
ViewBag.Email = model.Email;
return(View("ResetPasswordInstruction"));
}
}
public HttpResponseMessage Put(PasswordResetRequest model)
{
if (model == null) //if model request is null or invalid, it will return a bad request.
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Error is null"));
}
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
Token resetNow = TokenService.GetByToken(model.TokenString); //To update new password for the user who requested the pw change.
bool result = UserService.ChangePassWord(resetNow.UserId, model.Password);
if (result == true) //If password update successful, mark the GUID as used.
{
TokenService.MarkedIsUsed(resetNow);
return(Request.CreateResponse(HttpStatusCode.OK, model));
}
else
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Password is not strong enough."));
}
}
public IHttpActionResult ResetPassword(PasswordResetRequest request)
{
BaseViewModel viewmodel = new BaseViewModel();
UserDataController dataCtrl = new UserDataController();
try
{
User user = dataCtrl.GetItems().SingleOrDefault(x => x.Email == request.Email);
if (user == null)
{
return(Warning(viewmodel, "Eingegebene Email ist nicht registriert."));
}
else
{
user = dataCtrl.SetPasswordReset(user.ID);
EmailHelper.SendResetMail(user);
}
}
catch (Exception ex)
{
return(Error(viewmodel, ex));
}
return(Ok(viewmodel, "Dir wurde ein Link zugesendet."));
}
//MAKE TEXTBOXES AND LABELS INVISIBLE IF THERE HAS NOT BEEN A REQUEST ENTERED RECENTLY
protected void Page_Load()
{
try
{
accountType = Convert.ToInt32(Request.QueryString["AccountType"]);
accountID = Convert.ToInt32(Request.QueryString["AccountID"]);
lastRequested = PasswordResetRequest.GetLastRequestedTime(accountType, accountID);
if (lastRequested != null)
{
userName = Request.QueryString["UserName"];
userNameTxt.Text = userName;
var script = "document.getElementById('pageForm').hidden = 'false';";
ClientScript.RegisterStartupScript(typeof(string), "textvaluesetter", script, true);
}
else
{
ErrorMessage.Text = "This request is out of date, please make another password reset request and try again";
}
}
catch (Exception ex)
{
ErrorMessage.Text = "An error has occured saying: " + ex.Message + " Please contact your system administrator.";
}
}
protected void InitializeForRequest(string szResetID)
{
if (!String.IsNullOrEmpty(szResetID))
{
try
{
PasswordResetRequest prr = CurrentRequest = new PasswordResetRequest(szResetID);
CheckStatus(prr); // verify that it's an OK request.
Profile pf = Profile.GetUser(prr.UserName);
if (pf.PreferenceExists(MFBConstants.keyTFASettings))
{
tfaReset.AuthCode = pf.GetPreferenceForKey(MFBConstants.keyTFASettings) as string;
mvResetPass.SetActiveView(vwVerifyTFAPass);
}
else
{
mvResetPass.SetActiveView(vwVerify);
}
lblQuestion.Text = HttpUtility.HtmlEncode(Membership.GetUser(prr.UserName).PasswordQuestion);
}
catch (Exception ex) when(ex is ArgumentOutOfRangeException)
{
lblErr.Text = Resources.LocalizedText.ResetPasswordInvalidRequest;
}
catch (Exception ex) when(ex is InvalidOperationException)
{
lblErr.Text = ex.Message;
}
}
}
public async Task <ResponseBase> ResetPassword([FromBody] PasswordResetRequest model)
{
return(await ExecuteRequestAsync(async() =>
{
await _userService.ResetPassword(model);
}));
}
public PasswordResetResponse PasswordReset(
PasswordResetRequest request)
{
Logger.Debug("Password Reset Request Received: {0}",
JsonConvert.SerializeObject(request, Formatting.Indented));
PasswordResetResponse response;
//use in built data annotations to ensure model has binded correctly
if (!ModelState.IsValid)
{
var errors = ModelState.Keys.SelectMany(key =>
ModelState[key].Errors.Select(x => x.ErrorMessage));
response = new PasswordResetResponse
{
Success = false,
Message = "Form has validation errors",
Errors = errors.ToArray()
};
}
else
{
//send request to the user service and return
//the response (success or fail)
response = UserService.ResetPassword(request);
}
Logger.Debug("Sent Password Reset Response: {0}",
JsonConvert.SerializeObject(response, Formatting.Indented));
return(response);
}
public async Task <IActionResult> ResetPasswordAsync([FromBody] PasswordResetRequest request)
{
var resetToken = await _userService.GetPasswordResetTokenByIdAsync(request.TokenId);
if (resetToken == null || resetToken.ExpirationDate <= DateTime.Now || resetToken.TokenUsed || !BC.Verify(request.Token, resetToken.TokenHash))
{
return(BadRequest());
}
else
{
var user = await _userService.GetUserByIdAsync(resetToken.UserId);
user.Password = BC.HashPassword(request.NewPassword);
resetToken.TokenUsed = true;
var claims = _userService.GetUserClaims(user);
var accessToken = _tokenService.GenerateAccessToken(claims);
var refreshToken = _tokenService.GenerateRefreshToken();
user.RefreshToken = refreshToken;
user.RefreshTokenExpiryTime = DateTime.Now.AddDays(7);
await _userService.UpdateUserAsync(user);
await _userService.UpdatePasswordResetTokenAsync(resetToken);
return(Ok(new TokenApiModel(accessToken, refreshToken)));
}
}
public void IssuePasswordResetRequest_Returns_New_PasswordResetRequest()
{
string email = "*****@*****.**";
PasswordResetRequest request = _securityService.IssuePasswordResetRequest(email);
Assert.AreEqual(request, _users.First(item => item.Id == request.UserId).PasswordResetRequest);
}
public PasswordResetRequest IssuePasswordResetRequest(string email)
{
User user = _userRepository.First(item => item.Email == email);
if (user == null)
{
throw new InvalidOperationException(string.Format("No user was found with email {0}", email));
}
if (user.PasswordResetRequest != null)
{
return(user.PasswordResetRequest);
}
PasswordResetRequest passwordResetRequest = new PasswordResetRequest()
{
Code = Guid.NewGuid(),
DateCreated = DateTime.UtcNow,
UserId = user.Id
};
user.PasswordResetRequest = passwordResetRequest;
_unitOfWOrk.Commit();
return(user.PasswordResetRequest);
}
public async Task <bool> Handle(PasswordResetRequest request, IOutputPort <PasswordResetResponse> outputPort)
{
if (!string.IsNullOrWhiteSpace(request.Email))
{
// confirm we have a user with the given name
var user = await _userRepository.FindByEmail(request.Email);
if (user != null)
{
// Send password link through email
var subjectLine = "Password Reset Link";
var resetLink = @"https://somedomainlink.com/password-reset/?" + user.Id;
var emailBodyText = $"Hey {user.FirstName} {user.LastName}! <a href='{resetLink}' target='_blank'>click here to reset password</a>";
await _emailService.SendEmailAsync(user.Email, subjectLine, emailBodyText);
outputPort.Handle(new PasswordResetResponse("Please check your email address for password reset link", true));
return(true);
}
}
outputPort.Handle(new PasswordResetResponse(new[] { new Error("password_reset_failure", "Email address not found in our database.") }));
return(false);
}
public void SetUp()
{
userWithEmail = new User("already_exists", "123", "*****@*****.**", PasswordHashAlgorithms.Default)
{
Id = 123
};
userWithoutEmail = new User("no_email", "222", string.Empty, PasswordHashAlgorithms.Default)
{
Id = 321
};
repository = new FakeUserRepository(userWithEmail, userWithoutEmail);
repository.Add(userWithEmail.Options);
permissionContext = new FakePermissionContext(new UserWithPermissionsContract(userWithEmail, ContentLanguagePreference.Default));
stopForumSpamClient = new FakeStopForumSpamClient();
mailer = new FakeUserMessageMailer();
data = new UserQueries(repository, permissionContext, new FakeEntryLinkFactory(), stopForumSpamClient, mailer,
new FakeUserIconFactory(), null, new InMemoryImagePersister(), new FakeObjectCache(), new Model.Service.BrandableStrings.BrandableStringsManager(), new EnumTranslations());
softBannedIPs = new HostCollection();
request = new PasswordResetRequest(userWithEmail)
{
Id = Guid.NewGuid()
};
repository.Add(request);
}
public void SetUp()
{
var hashedPass = LoginManager.GetHashedPass("already_exists", "123", 0);
userWithEmail = new User("already_exists", hashedPass, "*****@*****.**", 0)
{
Id = 123
};
userWithoutEmail = new User("no_email", "222", string.Empty, 321)
{
Id = 321
};
repository = new FakeUserRepository(userWithEmail, userWithoutEmail);
repository.Add(userWithEmail.Options);
permissionContext = new FakePermissionContext(new UserWithPermissionsContract(userWithEmail, ContentLanguagePreference.Default));
stopForumSpamClient = new FakeStopForumSpamClient();
mailer = new FakeUserMessageMailer();
data = new UserQueries(repository, permissionContext, new FakeEntryLinkFactory(), stopForumSpamClient, mailer, new FakeUserIconFactory(), new FakeObjectCache());
softBannedIPs = new HostCollection();
request = new PasswordResetRequest(userWithEmail)
{
Id = Guid.NewGuid()
};
repository.Add(request);
}
private async Task SendEmailNotificaionForResetPassword(PasswordResetRequest passwordResetRequest)
{
try
{
var emailTemplate = await emailRepository.GetEmailTemplate("ResetPassword");
if (emailTemplate != null)
{
var emailSubject = emailTemplate.Subject;
var emailBody = emailTemplate.EmailBody;
var email = new Email();
email.ToAddress.Add(passwordResetRequest.User.EmailAddress);
var url = this._settings.SiteUrl.AddTrailingSlash() + "/Account/resetpassword/" + passwordResetRequest.ActivationCode;
var link = string.Format("<a href='{0}'>{0}</a>", url);
emailBody = emailBody.Replace("@resetLink", link);
email.Body = emailBody;
email.Subject = emailSubject;
await this.emailManager.Send(email);
}
}
catch (Exception)
{
// Silently fail. We will log this. But we do not want to show an error to user because of this
}
}
public IActionResult ResetPasswordRequest([FromBody] PasswordResetRequest model)
{
if (!ModelState.IsValid)
{
return(BadRequest("Valid email address is required"));
}
ActionResponse response = new ActionResponse();
var foundUser = userService.GetUserByEmail(model.Email);
if (foundUser != null)
{
string adminEmail = HttpContext.RequestServices.GetRequiredService <IConfiguration>()
.GetValue <String>("Email:Smtp:AdminEmail");
string resetPasswordUrl = configuration["ResetPasswordUrl"];
DateTime datedTime = DateTime.Now;
PasswordTokenModel tModel = new PasswordTokenModel()
{
Email = foundUser.Email,
TokenDate = datedTime
};
TokenUtility utility = new TokenUtility();
string token = utility.GeneratePasswordResetToken(tModel);
PasswordResetEmailModel resetModel = new PasswordResetEmailModel()
{
Email = foundUser.Email,
Token = token,
Url = resetPasswordUrl
};
response = userService.ResetPasswordRequest(resetModel, datedTime, adminEmail);
}
return(Ok(response));
}
public async Task <IActionResult> NewPasswordUser([FromBody] PasswordResetRequest prr)
{
try
{
if (prr.userId != null && prr.password != null)
{
User user = new User();
user.UserId = prr.userId;
user.IsActive = true;
string newPassword = prr.password;
var updateUser = await UserHandler.UpdateUser(user, newPassword);
if (updateUser != null)
{
return(Ok(true));
}
else
{
return(Ok(false));
}
}
return(StatusCode(505, "CS API Error: User or password Json data not received, unable to update password"));
}
catch (Exception ex)
{
string errorMessage = handleCatch(ex);
return(StatusCode(505, errorMessage));
}
}
public void Send(string resetUrl, PasswordResetRequest request)
{
ParamIs.NotNull(() => request);
MailAddress to;
try {
to = new MailAddress(request.User.Email);
} catch (FormatException x) {
log.WarnException("Unable to validate receiver email", x);
return;
}
var mailMessage = new MailMessage();
mailMessage.To.Add(to);
mailMessage.Subject = "Password reset requested.";
mailMessage.Body =
"Hi " + request.User.Name + ",\n\n" +
"You (or someone who knows your email address) has requested to reset your password on VocaDB.\n" +
"You can perform this action at " + resetUrl + "/" + request.Id + ". If you did not request this action, you can ignore this message.\n\n" +
"- VocaDB mailer";
var client = new SmtpClient();
try {
client.Send(mailMessage);
} catch (SmtpException x) {
log.ErrorException("Unable to send mail", x);
}
}
public async Task <PasswordResetRequestResult> ResetPasswordRequestAsync(PasswordResetRequest passwordResetRequest, string accessToken)
{
httpClient.SetBearerToken(accessToken);
var response = await httpClient.PostAsJsonAsync(Controller + "ResetPasswordRequest", passwordResetRequest);
return(await response.CreateResponseAsync <PasswordResetRequestResult>());
}
public async Task <IActionResult> ResetPassword(PasswordResetRequest model)
{
try
{
if (model == null || String.IsNullOrWhiteSpace(model.ResetToken) || String.IsNullOrWhiteSpace(model.Email) ||
String.IsNullOrWhiteSpace(model.Password))
{
return(BadRequest(new { message = "Incomplete password reset information" }));
}
var user = await databaseService.GetUserByEmailAsync(model.Email);
if (user == null)
{
return(StatusCode(StatusCodes.Status400BadRequest, "User not found"));
}
if (model.ResetToken != user.ResetToken.Token || user.ResetToken.Expiry < DateTime.UtcNow)
{
return(StatusCode(StatusCodes.Status400BadRequest, "Invalid or expired reset token"));
}
user.Password = Utilities.HashPassword(model.Password);
await databaseService.SaveUserAsync(user);
return(Ok());
}
catch (Exception ex)
{
logger.LogError(ex, ex.Message);
return(StatusCode(StatusCodes.Status500InternalServerError));
}
}
protected void btnSendEmail_Click(object sender, EventArgs e)
{
Page.Validate("resetPassEmail");
if (Page.IsValid)
{
lblEmailSent.Text = String.Format(CultureInfo.CurrentCulture, Resources.LocalizedText.ResetPassEmailSent, HttpUtility.HtmlEncode(txtEmail.Text));
mvResetPass.SetActiveView(vwEmailSent);
string szUser = Membership.GetUserNameByEmail(txtEmail.Text);
if (String.IsNullOrEmpty(szUser))
{
// fail silently - don't do anything to acknowledge the existence or lack thereof of an account
}
else
{
PasswordResetRequest prr = new PasswordResetRequest()
{
UserName = szUser
};
prr.FCommit();
string szURL = "https://" + Request.Url.Host + Request.RawUrl + (Request.RawUrl.Contains("?") ? "&" : "?") + "t=" + HttpUtility.UrlEncode(prr.ID);
string szEmailBody = Branding.ReBrand(String.Format(CultureInfo.CurrentCulture, Resources.LocalizedText.ResetPassEmail)).Replace("<% RESET_LINK %>", szURL);
MyFlightbook.Profile pf = MyFlightbook.Profile.GetUser(szUser);
util.NotifyUser(Branding.ReBrand(Resources.LocalizedText.ResetPasswordSubjectNew), szEmailBody, new System.Net.Mail.MailAddress(pf.Email, pf.UserFullName), false, false);
}
}
}
public IActionResult ResetUserPassword(PasswordResetRequest request)
{
if (ModelState.IsValid)
{
SingleResponse <bool> response = new SingleResponse <bool>();
var loginInfo = new LoginInfo();
loginInfo.UserName = request.UserName;
loginInfo.OTP = request.OTP;
loginInfo.IpAddress = Request.HttpContext.Connection.RemoteIpAddress.ToString();
response.Result = _xbSecurity.ResetUserPassword(loginInfo);
response.ResultCode = ResultCodes.normal;
return(ResponseExtensions.ToHttpResponse(response));
}
else
{
return(ValidationError.GetValidationErrorResponse(ModelState));
}
}
public IActionResult Post([FromBody] PasswordResetRequest passwordResetRequest)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var exitingUser = _context.Users.
Where(b => b.email == passwordResetRequest.email).
FirstOrDefault();
if (exitingUser == null)
{
ModelState.AddModelError("email", "Email address does not exist");
return(BadRequest(ModelState));
}
var md5 = MD5.Create();
var hash = md5.ComputeHash(System.Text.Encoding.ASCII.GetBytes(passwordResetRequest.email));
passwordResetRequest.key = BitConverter.ToString(hash).Replace("-", "").ToLowerInvariant();
passwordResetRequest.createdAt = passwordResetRequest.updatedAt = DateTime.Now;
_context.PasswordResetRequests.Add(passwordResetRequest);
_context.SaveChanges();
return(Ok("An email with password reset link has been sent."));
}
/// <summary>
/// Inserts the request.
/// </summary>
/// <param name="oRequest">The o request.</param>
/// <returns></returns>
public static PasswordResetRequest InsertRequest(PasswordResetRequest oRequest)
{
var newId = int.Parse(DataProvider.Instance().ExecuteScalar <int>("ICG_SPR_RequestInsert", oRequest.PortalId, oRequest.UserId, oRequest.ExpirationDate, oRequest.RecoveryCode).ToString());
oRequest.RequestId = newId;
return(oRequest);
}
public async Task <PasswordResetResponse> PasswordReset(PasswordResetRequest request)
{
var response = new PasswordResetResponse();
var user = await _userRepository.Select(x => x.PasswordResetToken == request.Token && x.Email == request.Email);
if (user.IsExist() &&
user.IsActive &&
user.PasswordResetRequestedAt.HasValue &&
user.PasswordResetRequestedAt.Value.AddDays(1) > DateTime.UtcNow)
{
user.PasswordHash = _cryptoHelper.Hash(request.Password, user.ObfuscationSalt);
user.LoginTryCount = 0;
user.PasswordResetRequestedAt = null;
user.PasswordResetToken = null;
var result = await _userRepository.Update(user.Id, user);
if (result)
{
//todo:send email
response.Status = ResponseStatus.Success;
return(response);
}
}
response.SetFailed();
return(response);
}
public void RequestPasswordReset(string username, string email, string resetUrl)
{
ParamIs.NotNullOrEmpty(() => username);
ParamIs.NotNullOrEmpty(() => email);
var lc = username.ToLowerInvariant();
repository.HandleTransaction(ctx => {
var user = ctx.Query().FirstOrDefault(u => u.NameLC.Equals(lc) && email.Equals(u.Email));
if (user == null)
{
throw new UserNotFoundException();
}
var request = new PasswordResetRequest(user);
ctx.Save(request);
var subject = "Password reset requested.";
var body =
"You (or someone who knows your email address) has requested to reset your password on VocaDB.\n" +
"You can perform this action at " + resetUrl + "/" + request.Id + ". If you did not request this action, you can ignore this message.";
mailer.SendEmail(request.User.Email, request.User.Name, subject, body);
});
}
private static void SendMail(PasswordResetRequest request)
{
var message = new MailMessage("*****@*****.**", request.EmailAddress);
message.Subject = "Your password has been reset";
message.Body = "You will need to change it when you first log in";
var smtp = new SmtpClient();
smtp.SendAsync(message, null);
}
public void ShouldAcceptResetRequest()
{
var resetRequest = new PasswordResetRequest {
Email = "test_email"
};
var result = _fixture.RequestPasswordReset(resetRequest);
Assert.AreEqual(typeof(OkResult), result.GetType());
}
public void ShouldAcceptResetRequest()
{
PasswordResetRequest resetRequest = new PasswordResetRequest();
resetRequest.Email = "test_email";
var result = loginController.RequestPasswordReset(resetRequest);
Assert.AreEqual(typeof(OkResult), result.GetType());
}
public void SavePasswordResetRequest(UserAccountDto userAccount, string activationLink)
{
try
{
var request = new PasswordResetRequest { ActivationCode = activationLink, UserID = userAccount.Id };
request.CreatedDate = DateTime.UtcNow;
db.PasswordResetRequests.Add(request);
db.SaveChanges();
}
catch (Exception)
{
throw;
}
}
public async Task SavePasswordResetRequest(UserAccountDto user)
{
var passwordResetRequest = new PasswordResetRequest
{
UserId = user.Id,
ActivationCode = string.Format("{0}{1}{2}", Guid.NewGuid().ToString().Split('-').First(), user.Id, Guid.NewGuid().ToString().Split('-').First())
};
await this.userRepository.SavePasswordResetRequest(passwordResetRequest);
passwordResetRequest.User = user;
//Email
await SendEmailNotificaionForResetPassword(passwordResetRequest);
}
public async Task<IHttpActionResult> ResetPasswordRequest(PasswordResetRequest model)
{
var result = new PasswordResetRequestResult();
var user = await userManager.FindByEmailAsync(model.EmailAddress);
if (user != null)
{
result.ValidEmail = true;
result.PasswordResetToken = await userManager.GeneratePasswordResetTokenAsync(user.Id);
model.Route.UserID = user.Id;
model.Route.Token = result.PasswordResetToken;
string passwordResetUrl = model.Route.GenerateUrl();
await emailService.SendPasswordResetRequest(model.EmailAddress, passwordResetUrl);
}
return Ok(result);
}
public async Task<ActionResult> ResetPasswordRequest(ResetPasswordRequestViewModel model)
{
if (!ModelState.IsValid)
{
return View(model);
}
using (var client = apiClient())
{
ResetPasswordRoute route = externalRouteService.InternalUserResetPasswordRoute;
PasswordResetRequest apiModel = new PasswordResetRequest(model.Email, route);
var result = await client.User.ResetPasswordRequestAsync(apiModel);
if (!result.ValidEmail)
{
ModelState.AddModelError("Email", "Email address not recognised.");
return View(model);
}
ViewBag.Email = model.Email;
return View("ResetPasswordInstruction");
}
}
private async Task SendEmailNotificaionForResetPassword(PasswordResetRequest passwordResetRequest)
{
try
{
var emailTemplate = await emailRepository.GetEmailTemplate("ResetPassword");
if (emailTemplate != null)
{
var emailSubject = emailTemplate.Subject;
var emailBody = emailTemplate.EmailBody;
var email = new Email();
email.ToAddress.Add(passwordResetRequest.User.EmailAddress);
var url = this._settings.SiteUrl + "/Account/resetpassword/" + passwordResetRequest.ActivationCode;
var link = string.Format("<a href='{0}'>{0}</a>", url);
emailBody = emailBody.Replace("@resetLink", link);
email.Body = emailBody;
email.Subject = emailSubject;
await this.emailManager.Send(email);
}
}
catch (Exception)
{
// Silently fail. We will log this. But we do not want to show an error to user because of this
}
}
public async Task<IHttpActionResult> ResetPasswordRequest(PasswordResetRequest model)
{
var user = await userManager.FindByEmailAsync(model.EmailAddress);
if (user != null)
{
var token = await userManager.GeneratePasswordResetTokenAsync(user.Id);
var emailModel = new { PasswordResetUrl = GetEmailVerificationUrl(model.Url, token, user.Id) };
await emailService.SendEmail("PasswordResetRequest", model.EmailAddress, "Reset your IWS password", emailModel);
return Ok(true);
}
return Ok(false);
}
public async Task<bool> ResetPasswordRequestAsync(PasswordResetRequest passwordResetRequest)
{
var response = await httpClient.PostAsJsonAsync(Controller + "ResetPasswordRequest", passwordResetRequest);
return await response.CreateResponseAsync<bool>();
}
