public async Task <IActionResult> EditPasswordPost(EditPasswordViewModel model) { // Ensure we have permission if (!await _authorizationService.AuthorizeAsync(User, Permissions.ResetUserPasswords)) { return(Unauthorized()); } if (ModelState.IsValid) { var user = await _userManager.FindByIdAsync(model.Id); if (user != null) { var result = await _platoUserManager.ResetPasswordAsync( model.Email, model.ResetToken, model.NewPassword); if (result.Succeeded) { _alerter.Success(T["Password Updated Successfully!"]); // Redirect back to edit user return(RedirectToAction(nameof(Edit), new RouteValueDictionary() { ["id"] = user.Id.ToString() })); } else { foreach (var error in result.Errors) { ViewData.ModelState.AddModelError(string.Empty, error.Description); } } } } // If we reach this point the found user's reset token does not match the supplied reset token return(await EditPassword(model.Id)); }
public async Task <IActionResult> ResetPassword(ResetPasswordViewModel model) { if (ModelState.IsValid) { var user = await _userManager.FindByEmailAsync(model.Email); if (user != null) { // Ensure the user account matches the reset token var resetToken = Encoding.UTF8.GetString(Convert.FromBase64String(model.ResetToken)); if (user.ResetToken == resetToken) { var result = await _platoUserManager.ResetPasswordAsync( model.Email, resetToken, model.NewPassword); if (result.Succeeded) { return(RedirectToLocal(Url.Action("ResetPasswordConfirmation"))); } else { foreach (var error in result.Errors) { ViewData.ModelState.AddModelError(string.Empty, error.Description); } } } } } // If we reach this point the found user's reset token does not match the supplied reset token ViewData.ModelState.AddModelError(string.Empty, "The email address does not match the reset token"); return(await ResetPassword(model.ResetToken)); }