public async Task <ActionResult> ResetPassword(string code, string userId) { if (string.IsNullOrEmpty(code) && string.IsNullOrEmpty(userId)) { WorkContext.ErrorMessage = "Error in URL format"; return(View("error", WorkContext)); } var user = await _commerceCoreApi.StorefrontSecurityGetUserByIdAsync(userId); if (user == null) { WorkContext.ErrorMessage = "User was not found."; return(View("error", WorkContext)); } var tokenCookie = new HttpCookie(StorefrontConstants.PasswordResetTokenCookie, code); tokenCookie.Expires = DateTime.UtcNow.AddDays(1); HttpContext.Response.Cookies.Add(tokenCookie); var customerIdCookie = new HttpCookie(StorefrontConstants.CustomerIdCookie, userId); customerIdCookie.Expires = DateTime.UtcNow.AddDays(1); HttpContext.Response.Cookies.Add(customerIdCookie); return(View("customers/reset_password", WorkContext)); }
public async Task <ActionResult> Login(Login formModel, string returnUrl) { var loginResult = await _commerceCoreApi.StorefrontSecurityPasswordSignInAsync(formModel.Email, formModel.Password); if (string.Equals(loginResult.Status, "success", StringComparison.InvariantCultureIgnoreCase)) { var user = await _commerceCoreApi.StorefrontSecurityGetUserByNameAsync(formModel.Email); var customer = await GetStorefrontCustomerByUserAsync(user); //Check that it's login on behalf request var onBehalfUserId = GetUserIdForLoginOnBehalf(Request); if (!string.IsNullOrEmpty(onBehalfUserId) && !string.Equals(onBehalfUserId, customer.UserId) && await _customerService.CanLoginOnBehalfAsync(WorkContext.CurrentStore.Id, customer.UserId)) { var userOnBehalf = await _commerceCoreApi.StorefrontSecurityGetUserByIdAsync(onBehalfUserId); if (userOnBehalf != null) { var customerOnBehalf = await GetStorefrontCustomerByUserAsync(userOnBehalf); customerOnBehalf.OperatorUserId = customer.UserId; customerOnBehalf.OperatorUserName = customer.UserName; //change the operator login on the customer login customer = customerOnBehalf; //Clear LoginOnBehalf cookies SetUserIdForLoginOnBehalf(Response, null); } // TODO: Configure the reduced login expiration } //Check that current user can sing in to current store if (customer.AllowedStores.IsNullOrEmpty() || customer.AllowedStores.Any(x => string.Equals(x, WorkContext.CurrentStore.Id, StringComparison.InvariantCultureIgnoreCase))) { var identity = CreateClaimsIdentity(customer); _authenticationManager.SignIn(identity); //Publish user login event await _userLoginEventPublisher.PublishAsync(new UserLoginEvent(WorkContext, WorkContext.CurrentCustomer, customer)); return(StoreFrontRedirect(returnUrl)); } else { ModelState.AddModelError("form", "User cannot login to current store."); } } if (string.Equals(loginResult.Status, "lockedOut", StringComparison.InvariantCultureIgnoreCase)) { return(View("lockedout", WorkContext)); } if (string.Equals(loginResult.Status, "requiresVerification", StringComparison.InvariantCultureIgnoreCase)) { return(StoreFrontRedirect("~/account/sendcode")); } ModelState.AddModelError("form", "Login attempt failed."); return(View("customers/login", WorkContext)); }