/// <summary>
/// validate security code before moving to next step
/// </summary>
/// <param name="appUser"></param>
/// <param name="code"></param>
/// <returns></returns>
public async Task <ForgotPasswordModel> VerifyCodeAsync(UserApplicationSession appUser, string code)
{
var model = new ForgotPasswordModel {
ForgotPasswordStep = ForgotPasswordStep.VerifySecurityCode
};
// check for empty security code
if (string.IsNullOrWhiteSpace(code))
{
throw new PasswordRecoverException(model.ForgotPasswordStep, "Security code is a required field.");
}
if (await _phoneService.IsValidSecurityCodeAsync(appUser.UserId, code))
{
await _phoneService.ClearUserPhoneSecurityCodeAsync(appUser.UserId);
// set next step to verify answers
// TODO bypass security questions/answers for now
// model.ForgotPasswordStep = ForgotPasswordStep.VerifySecurityAnswers;
model.ForgotPasswordStep = ForgotPasswordStep.ResetPassword;
}
else
{
throw new PasswordRecoverException(model.ForgotPasswordStep, "Provided code is invalid.");
}
return(model);
}
