public ActionResult InitiateRequest()
{
if (!Emailer.Enabled)
{
return(ApiError("This server does not have email configured. Therefore, this function is not usable."));
}
if (requestLimiterByIP.Get(Context.httpProcessor.RemoteIPAddressStr))
{
return(ApiError("A password reset request was recently initiated from " + Context.httpProcessor.RemoteIPAddressStr + ". Rate-limiting is in effect. Please wait " + TimeSpan.FromMinutes(minutesBetweenRequestsByIp).TotalSeconds + " seconds between requests."));
}
requestLimiterByIP.Add(Context.httpProcessor.RemoteIPAddressStr, true);
ForgotPasswordRequest request = ApiRequestBase.ParseRequest <ForgotPasswordRequest>(this);
ErrorTrackerPasswordReset resetter = new ErrorTrackerPasswordReset();
PasswordResetRequest req = resetter.GetResetRequest(request.accountIdentifier);
if (req != null)
{
if (requestLimiterByUsername.Get(req.accountIdentifier))
{
return(ApiError("A password reset request was recently received for this user. Rate-limiting is in effect. Please wait " + TimeSpan.FromMinutes(minutesBetweenRequestsByName).TotalMinutes + " minutes between requests."));
}
requestLimiterByUsername.Add(req.accountIdentifier, true);
StringBuilder sb = new StringBuilder();
sb.Append("Hello ");
sb.Append(req.displayName);
sb.Append(",\r\n\r\n");
sb.Append("Someone at the address \"" + Context.httpProcessor.RemoteIPAddressStr
+ "\" has requested a reset of your password at \"" + Settings.data.systemName
+ "\". If you did not make this request, you can ignore this message and your password will not be changed.\r\n\r\n");
sb.Append("Here is your Security Code:\r\n\r\n");
sb.Append("-----------------------------\r\n");
sb.Append(req.secureToken);
sb.Append("\r\n-----------------------------");
sb.Append("\r\n\r\nCopy it to the \"Password Recovery\" page and a new password will be emailed to you. This code expires in ");
sb.Append((int)req.tokenExpiration.TotalMinutes);
sb.Append(" minutes.\r\n\r\n(This email is automated. Please do not reply.)");
Emailer.SendEmail(req.email, Settings.data.systemName + " Password Recovery", sb.ToString(), false);
}
return(Json(new ApiResponseBase(true)));
}
public ActionResult Reset()
{
if (!Emailer.Enabled)
{
return(ApiError("This server does not have email configured. Therefore, this function is not usable."));
}
if (resetLimiterByIP.Get(Context.httpProcessor.RemoteIPAddressStr))
{
return(ApiError("A password reset request was recently attempted from " + Context.httpProcessor.RemoteIPAddressStr + ". Rate-limiting is in effect. Please wait " + TimeSpan.FromMinutes(minutesBetweenRequestsByIp).TotalSeconds + " seconds between requests."));
}
resetLimiterByIP.Add(Context.httpProcessor.RemoteIPAddressStr, true);
ForgotPasswordRequest request = ApiRequestBase.ParseRequest <ForgotPasswordRequest>(this);
ErrorTrackerPasswordReset resetter = new ErrorTrackerPasswordReset();
string newPassword = resetter.CompletePasswordReset(resetter.accountType, request.accountIdentifier, request.token.Trim(), out PasswordResetRequest req);
if (newPassword == null)
{
return(ApiError("Unable to reset password. Your Security Code may be invalid or expired."));
}
StringBuilder sb = new StringBuilder();
sb.Append("Hello ");
sb.Append(req.displayName);
sb.Append(",\r\n\r\n");
sb.Append("Your password at \"" + Settings.data.systemName + "\" has been set to:\r\n\r\n");
sb.Append("-----------------------------\r\n");
sb.Append(newPassword);
sb.Append("\r\n-----------------------------");
sb.Append("\r\n\r\n(This email is automated. Please do not reply.)");
Emailer.SendEmail(req.email, Settings.data.systemName + " New Password", sb.ToString(), false);
return(Json(new ApiResponseBase(true)));
}
