// [AllowAnonymous] // [ValidateAntiForgeryToken] public async Task <IActionResult> ResetPassword([FromBody] ResetPasswordBindings bindings) { var id = bindings.Id; var resetFormURL = bindings.resetFormURL ?? ""; // TODO: validate model here or with a filter ? // TODO: do we really need the email confirmation ? var user = await _userManager.FindByIdAsync(id); if (user == null) // || !(await _userManager.IsEmailConfirmedAsync(user)) { _logger.LogWarning("Invalid forgot password attempt."); // Don't reveal that the user does not exist or is not confirmed return(Ok(ApiModel.AsError <string>(null, "user does not exist"))); } // For more information on how to enable account confirmation and password reset please // visit https://go.microsoft.com/fwlink/?LinkID=532713 var code = await _userManager.GeneratePasswordResetTokenAsync(user); var values = new { id = user.Id, code = code }; var callbackUrl = Url.Action( action: nameof(AccountController.ResetPassword), controller: nameof(AccountController).ToLowerInvariant().Replace("controller", ""), values: values, protocol: Request.Scheme, host: Request.Host.Value); var encodedCallback = WebUtility.UrlEncode(callbackUrl); var link = $"{resetFormURL}?action={encodedCallback}"; var result = new ResetPasswordResult { Id = id, Code = code, Link = link, Username = user.UserName }; result.sent = bindings.email && await _emailSender.SendEmailAsync(user.Email, "Reset Password", $"Please reset your password by clicking here: <a href='{link}'>link</a>"); return(Ok(ApiModel.AsSuccess <ResetPasswordResult>(result))); }
public Task <IActionResult> ResetPasswordPost( [FromBody] ResetPasswordBindings bindings ) { return(ResetPassword(bindings.id, bindings.code, bindings.password)); }