//[ValidateJsonAntiForgeryToken] public ActionResult Manage(ManageModel model) { ModelState state = ModelState["OldPassword"]; if (state != null) { state.Errors.Clear(); } state = ModelState["NewPassword"]; if (state != null) { state.Errors.Clear(); } state = ModelState["ConfirmPassword"]; if (state != null) { state.Errors.Clear(); } User user = GetUser(); if (ModelState.IsValid) { try { _userRepository.InvalidateCache(user); if (!String.Equals(user.EmailAddress, model.EmailAddress, StringComparison.OrdinalIgnoreCase)) { if (_userRepository.GetByEmailAddress(model.EmailAddress) != null) { throw new InvalidOperationException("A user with this email address already exists."); } user.IsEmailAddressVerified = user.OAuthAccounts.Count(oa => String.Equals(oa.EmailAddress(), model.EmailAddress, StringComparison.OrdinalIgnoreCase)) > 0; } user.EmailAddress = model.EmailAddress; user.EmailNotificationsEnabled = model.EmailNotificationsEnabled; user.FullName = model.FullName; _membershipProvider.UpdateAccount(user); // NOTE: If a user is updating their profile but hasn't verified the email address.. I think we should send them a notification every time.. if (!user.IsEmailAddressVerified) { user.VerifyEmailAddressToken = _membershipProvider.GenerateVerifyEmailToken(user.EmailAddress); _mailer.SendVerifyEmailAsync(user); } // TODO: Update the current user.. } catch (Exception e) { ModelState.AddModelError("", e.Message); } } if (!ModelState.IsValid) { Response.StatusCode = (int)HttpStatusCode.BadRequest; return(Json(ModelState.ToDictionary(kvp => kvp.Key, kvp => kvp.Value.Errors.Select(e => e.ErrorMessage).ToArray()))); } return(Json(new { IsVerified = user.IsEmailAddressVerified })); }