public User FindByPasswordResetToken(string token)
{
string hashed = PasswordRecoveryToken.GetHashedFor(token);
FilterDefinition <User> filter = Builders <User> .Filter.Eq("passwordRecoveryToken.tokenHashed", hashed) & Builders <User> .Filter.Gte("passwordRecoveryToken.expiry", DateTime.UtcNow);
return(userCollection.Find(filter).FirstOrDefault());
}
public IActionResult PasswordRecovery([FromBody] ForgotPasswordDataModel model)
{
///
/// User submits, system checks for username, if the username exists, it emails the user the reset key/email.
/// If the username does not exist, the user will still see the same message, this is to ensure that somebody
/// doesn't just attempt to guess the username/email.
/// Password Recovery emails are sent via the UPQ.
///
if (ModelState.IsValid)
{
if (model.Email == null || model.Email == "")
{
return(BadRequest("Email is required"));
}
User user = UserHelper.GetUserByEmail(model.Email);
if (user != null)
{
PasswordRecoveryToken items = new PasswordRecoveryToken()
{
Expiration = DateTime.Now + new TimeSpan(2, 0, 0, 0),
UserId = user.Id
};
var jwt = TokenHelper.EncodeStandardJwtToken(items);
try
{
//Send recovery email containing token
}
catch
{
}
return(Ok()); //Do not return the recoveryToken in the service. Send a recovery email to validate the users ownership of the account.
}
else
{
return(NotFound());
}
}
else
{
return(BadRequest());
}
}
public IActionResult PasswordReset(string token, [FromBody] ResetPasswordDataModel model)
{
//http://stackoverflow.com/questions/25372035/not-able-to-validate-json-web-token-with-net-key-to-short
if (ModelState.IsValid)
{
if (model.NewPassword == null || model.NewPassword == "")
{
return(BadRequest("Password is required"));
}
if (model.NewPassword != model.ConfirmPassword)
{
return(BadRequest("Passwords do not match"));
}
if (!UserHelper.IsValidPassword(model.NewPassword))
{
return(BadRequest("Password is not complex enough."));
}
PasswordRecoveryToken recoveryToken = TokenHelper.DecodeStandardJwtToken <PasswordRecoveryToken>(token);
User user = UserHelper.GetUserById(recoveryToken.UserId);
string newSalt = UserHelper.CreatUserSalt();
string newPasswordHash = HasherHelper.GetHash(model.NewPassword + newSalt);
var updatePasswordAndSalt = Builders <User> .Update
.Set(u => u.Salt, newSalt)
.Set(u => u.Password, newPasswordHash);
user.Salt = newSalt;
user.Password = newPasswordHash;
db.Users.Update(user);
return(Ok());
}
else
{
return(BadRequest(ModelState));
}
}
public IActionResult SendPasswordReset(string email)
{
if (!validator.IsValidEmail(email))
{
return(View("NoResetLinkSent"));
}
User user = userRepository.FindByEmail(email);
if (user == null)
{
return(View("NoResetLinkSent"));
}
PasswordRecoveryToken token = new PasswordRecoveryToken();
user.PasswordRecoveryToken = token;
userRepository.Update(user);
emailSender.Send(user.Email, user.Username, "Chess Variants Training: Password Reset",
string.Format("A password reset for your account was requested. Copy this link and paste it in your browser window to reset your password: {0}",
Url.Action("ResetPassword", "User", new { token = token.TokenUnhashed }, Request.Scheme)));
return(View("ResetLinkSent"));
}
