public IActionResult ForceResetPassword(string userId, string code = null, string origin = null) { ViewData["Origin"] = origin; var model = new ForceResetPasswordViewModel { UserId = userId, Code = code }; return(code == null?View("Error") : View(model)); }
public async Task <IActionResult> ForceResetPassword(ForceResetPasswordViewModel model, string origin) { ViewData["Origin"] = origin; if (!ModelState.IsValid) { return(View(model)); } var user = await _userManager.FindByIdAsync(model.UserId); if (user == null) { // Don't reveal that the user does not exist return(View("ResetPasswordDone")); } IdentityResult result = new IdentityResult(); var checkResult = await _signInManager.CheckPasswordSignInAsync(user, model.Password, lockoutOnFailure : false); if (checkResult.Succeeded) { //check hashed token then change password var passwordResetToken = sha256_hash(user.Id + CustomTokenSalt); if (passwordResetToken == model.Code) { result = await _userManager.ChangePasswordAsync(user, model.Password, model.NewPassword); if (result.Succeeded) { user.MustChangePassword = false; await _userManager.UpdateAsync(user); } } } if (result.Succeeded) { return(View("ResetPasswordDone")); } if (!checkResult.Succeeded) { ModelState.AddModelError(string.Empty, "Current Password is not correct."); } AddErrors(result); return(View()); }