public IActionResult ForceResetPassword(string userId, string code = null, string origin = null)
{
ViewData["Origin"] = origin;
var model = new ForceResetPasswordViewModel
{
UserId = userId,
Code = code
};
return(code == null?View("Error") : View(model));
}
public async Task <IActionResult> ForceResetPassword(ForceResetPasswordViewModel model, string origin)
{
ViewData["Origin"] = origin;
if (!ModelState.IsValid)
{
return(View(model));
}
var user = await _userManager.FindByIdAsync(model.UserId);
if (user == null)
{
// Don't reveal that the user does not exist
return(View("ResetPasswordDone"));
}
IdentityResult result = new IdentityResult();
var checkResult = await _signInManager.CheckPasswordSignInAsync(user, model.Password, lockoutOnFailure : false);
if (checkResult.Succeeded)
{
//check hashed token then change password
var passwordResetToken = sha256_hash(user.Id + CustomTokenSalt);
if (passwordResetToken == model.Code)
{
result = await _userManager.ChangePasswordAsync(user, model.Password, model.NewPassword);
if (result.Succeeded)
{
user.MustChangePassword = false;
await _userManager.UpdateAsync(user);
}
}
}
if (result.Succeeded)
{
return(View("ResetPasswordDone"));
}
if (!checkResult.Succeeded)
{
ModelState.AddModelError(string.Empty, "Current Password is not correct.");
}
AddErrors(result);
return(View());
}
