/// <summary> /// validate security code before moving to next step /// </summary> /// <param name="appUser"></param> /// <param name="code"></param> /// <returns></returns> public async Task <ForgotPasswordModel> VerifyCodeAsync(UserApplicationSession appUser, string code) { var model = new ForgotPasswordModel { ForgotPasswordStep = ForgotPasswordStep.VerifySecurityCode }; // check for empty security code if (string.IsNullOrWhiteSpace(code)) { throw new PasswordRecoverException(model.ForgotPasswordStep, "Security code is a required field."); } if (await _phoneService.IsValidSecurityCodeAsync(appUser.UserId, code)) { await _phoneService.ClearUserPhoneSecurityCodeAsync(appUser.UserId); // set next step to verify answers // TODO bypass security questions/answers for now // model.ForgotPasswordStep = ForgotPasswordStep.VerifySecurityAnswers; model.ForgotPasswordStep = ForgotPasswordStep.ResetPassword; } else { throw new PasswordRecoverException(model.ForgotPasswordStep, "Provided code is invalid."); } return(model); }