/// <summary> /// Process the request for a forgotten password from the main forgot password screen. This will lookup the /// user and if found email them a link to reset their password. /// </summary> /// <param name="model"></param> public SendInstructionsToResetPasswordResponse SendInstructionsToResetPassword(SendInstructionsToResetPasswordRequest request) { // //Validate the parameters // if (request == null || String.IsNullOrWhiteSpace(request.UserNameOrEmail)) { return(new SendInstructionsToResetPasswordResponse() { IsSuccessful = false, Message = "An invalid user name or email address was specified." }); } SecurityUser securityUser = null; ADUser adUser = null; // //See if we can reset this users active directory account. We only need to do this //if active directory auth is enabled, if AD users are allowed to reset their password, //and we are not storing the users in the SecurityUser table. // if (ApplicationService.Instance.FormsAuthenticationADEnabled && ApplicationService.Instance.ForgotPasswordResetAllowedForADUser && adUser == null && securityUser == null ) { // //Try to find by username first // adUser = new ADUser(request.UserNameOrEmail); // //If not found, try to find by email address // if (!adUser.ValidUser) { var searchFilter = adUser.GetUserSearchFilterByEmailAddress(request.UserNameOrEmail); adUser.PopulateUserInformation(searchFilter); } //Ensure we clear the record if we dont have a valid AD user if (!adUser.ValidUser) { adUser = null; } // //Get the security user record if we have security user records for AD users // else { if (ApplicationService.Instance.FormsAuthenticationCreateSecurityUserRecordOnADAuth) { securityUser = _repository.GetAll <SecurityUser>() .FirstOrDefault(p => p.ActiveDirectoryGuid == adUser.ObjectGuid); } } } // //Then try to find the user by their SecurityUser table record // if (ApplicationService.Instance.FormsAuthenticationSecurityUserTableEnabled && adUser == null && securityUser == null) { // //First try lookup only by userid //Check the security user table first // var securityUsers = _repository.GetAll <SecurityUser>().Where(p => p.UserName.Equals(request.UserNameOrEmail)); //If no match found, try lookup by email address if (!securityUsers.Any()) { securityUsers = _repository.GetAll <SecurityUser>() .Where(p => p.EmailAddress.Equals(request.UserNameOrEmail)); } // //If there is more than one result, we cannot reset the password // if (securityUsers.Count() > 1) { return(new SendInstructionsToResetPasswordResponse() { IsSuccessful = false, Message = "Multiple records were found with the supplied username or email, your password cannot be reset. Please contact support to have your password reset." }); } securityUser = securityUsers.FirstOrDefault(); } // //Now ensure we can continue with the password reset // // var canUserPasswordBeChangedRequest = new CanUserPasswordBeChangedRequest() { SecurityUser = securityUser, ADUser = adUser }; var canUserPasswordBeChangedResponse = _passwordService.CanUserPasswordBeChanged(canUserPasswordBeChangedRequest); if (!canUserPasswordBeChangedResponse.IsSuccessful) { return(new SendInstructionsToResetPasswordResponse() { IsSuccessful = false, Message = "That username or email address cannot have it's password reset. Please contact support to have your password reset." }); } // //Ensure the user has an email address // if ((securityUser == null || String.IsNullOrWhiteSpace(securityUser.EmailAddress)) && (adUser == null || String.IsNullOrWhiteSpace(adUser.EmailAddress))) { return(new SendInstructionsToResetPasswordResponse() { IsSuccessful = false, Message = "That username or email address cannot have it's password reset as it has no email on file. Please contact support to have your password reset." }); } // //Create the password reset entry // var passwordResetRequest = CreateSecurityPasswordResetRequestEntry(request, securityUser, adUser); // //Send the password reset email // var sendForgotPasswordEmailRequest = new SendForgotPasswordEmailRequest() { SecurityUser = securityUser, ADUser = adUser, SecurityPasswordResetRequest = passwordResetRequest }; var sendForgotPasswordEmailResponse = SendForgotPasswordEmail(sendForgotPasswordEmailRequest); if (!sendForgotPasswordEmailResponse.IsSuccessful) { return(new SendInstructionsToResetPasswordResponse() { IsSuccessful = false, Message = sendForgotPasswordEmailResponse.Message }); } // //Request was successful // return(new SendInstructionsToResetPasswordResponse() { IsSuccessful = true, Message = null }); }