public ActionResult SendResetPasswordEmail(VendrPortalResetPasswordRequestDto model)
{
if (!ModelState.IsValid)
{
return(CurrentUmbracoPage());
}
var username = Membership.GetUserNameByEmail(model.Email) ?? model.Email;
var member = Membership.GetUser(username, false);
if (member == null)
{
// Even if it's an invalid member, just pretent it was successful as otherwise
// it gives away that the email is valid which could then be used to brute force
// the account
TempData["VendrPortalStatus"] = "EmailSent";
return(RedirectToCurrentUmbracoPage());
}
// Create a simple time based code
var key = $"VendrPortal.ResetPassword+{model.Email.ToLower().Trim().GenerateHash()}";
var code = TimeBasedCodeHelper.GenerateCode();
// Store the code in the key value store
KeyValueStoreHelper.AddOrUpdate(key, code);
// TODO: Create a reset password email template setting and get the value from there instead of the hard coded value below
var emailModel = new ResetPasswordEmailModel {
Email = model.Email,
Code = code,
ResetPasswordUrl = Url.SurfaceAction <VendrPortalAuthSurfaceController>("ResetPassword", new
{
email = model.Email,
code
})
};
//var emailTemplate = _vendrApi.GetEmailTemplate(CurrentPage.GetPortalStore().Id, "resetPassword");
//try
//{
// _vendrApi.SendEmail(emailTemplate, emailModel, model.Email, Thread.CurrentThread.CurrentCulture.Name);
//}
//catch (Exception ex)
//{
// _vendrApi.Log.Error<VendrPortalMembershipSurfaceController>(ex, "Error sending email {EmailAlias} to {EmailAddress}", emailTemplate.Alias, model.Email);
//}
TempData["VendrPortalResetPasswordUrl"] = emailModel.ResetPasswordUrl;
TempData["VendrPortalStatus"] = "EmailSent";
return(RedirectToCurrentUmbracoPage());
}
public ActionResult ResetPasswordPost(VendrPortalResetPasswordDto model)
{
if (!ModelState.IsValid)
{
return(CurrentUmbracoPage());
}
var username = Membership.GetUserNameByEmail(model.Email) ?? model.Email;
var member = Membership.GetUser(username, false);
if (member == null)
{
TempData["VendrPortalErrorMessage"] = "Unable to reset password";
return(RedirectToUmbracoPage(CurrentPage.GetPortalResetPasswordPage()));
}
var key = $"VendrPortal.ResetPassword+{model.Email.ToLower().Trim().GenerateHash()}";
var code = KeyValueStoreHelper.GetAndDelete(key);
if (code == null || !TimeBasedCodeHelper.ValidateCode(model.Code))
{
TempData["VendrPortalErrorMessage"] = "Unable to reset password";
return(RedirectToUmbracoPage(CurrentPage.GetPortalResetPasswordPage()));
}
// Change the members password
var tmpPassword = member.ResetPassword();
member.ChangePassword(tmpPassword, model.Password);
// Set auth cookie
FormsAuthentication.SetAuthCookie(username, false);
// Redirect to protected portal root
var protectedRoot = CurrentPage.GetPortalProtectedRoot();
return(protectedRoot != null
? RedirectToUmbracoPage(protectedRoot.FirstChild())
: RedirectToCurrentUmbracoPage());
}
