Пример #1
0
        public IHttpActionResult ForgotPassword(ActivationRequest request)
        {
            try
            {
                var user = DbUtilities.GetUserByEmail(request.Email);
                if (user != null)
                {
                    string validStatus = ValidationUtilities.ValidateForActivation(request, user, true);
                    if (validStatus == Constants.SUCCESS_MSG)
                    {
                        User account = _context.Users.Where(a => a.Email == request.Email).SingleOrDefault();
                        //if (IsPasswordCorrect(request.Password, account))
                        //    return BadRequest(ErrorCodes.PASSWORD_ALREADY_USED.ToString());
                        byte[] pwdhash = AuthorizationUtilities.hash(request.Password, account.Salt);

                        //  account.UpdatedAt = DateTime.UtcNow;
                        account.ModifiedBy  = request.Email;
                        account.IsActivated = true;
                        account.OTPCode     = "";

                        //add the new password to the database
                        account.Password     = pwdhash;
                        account.PwdStartDate = DateTimeOffset.UtcNow;
                        account.IsLocked     = false;
                        _context.SaveChanges();
                        return(Ok(HttpUtilities.CustomResp(ErrorCodes.PWD_UPDATED.ToString())));
                    }
                    else
                    {
                        return(BadRequest(validStatus));
                    }
                }
                else
                {
                    //user doesn't exists
                    return(BadRequest(ErrorCodes.INVALID_USER.ToString()));
                }
            }
            catch (Exception ex)
            {
                LGSELogger.Error(ex);
                return(InternalServerError(ex));
            }
        }