public User FindByPasswordResetToken(string token) { string hashed = PasswordRecoveryToken.GetHashedFor(token); FilterDefinition <User> filter = Builders <User> .Filter.Eq("passwordRecoveryToken.tokenHashed", hashed) & Builders <User> .Filter.Gte("passwordRecoveryToken.expiry", DateTime.UtcNow); return(userCollection.Find(filter).FirstOrDefault()); }
public IActionResult PasswordRecovery([FromBody] ForgotPasswordDataModel model) { /// /// User submits, system checks for username, if the username exists, it emails the user the reset key/email. /// If the username does not exist, the user will still see the same message, this is to ensure that somebody /// doesn't just attempt to guess the username/email. /// Password Recovery emails are sent via the UPQ. /// if (ModelState.IsValid) { if (model.Email == null || model.Email == "") { return(BadRequest("Email is required")); } User user = UserHelper.GetUserByEmail(model.Email); if (user != null) { PasswordRecoveryToken items = new PasswordRecoveryToken() { Expiration = DateTime.Now + new TimeSpan(2, 0, 0, 0), UserId = user.Id }; var jwt = TokenHelper.EncodeStandardJwtToken(items); try { //Send recovery email containing token } catch { } return(Ok()); //Do not return the recoveryToken in the service. Send a recovery email to validate the users ownership of the account. } else { return(NotFound()); } } else { return(BadRequest()); } }
public IActionResult PasswordReset(string token, [FromBody] ResetPasswordDataModel model) { //http://stackoverflow.com/questions/25372035/not-able-to-validate-json-web-token-with-net-key-to-short if (ModelState.IsValid) { if (model.NewPassword == null || model.NewPassword == "") { return(BadRequest("Password is required")); } if (model.NewPassword != model.ConfirmPassword) { return(BadRequest("Passwords do not match")); } if (!UserHelper.IsValidPassword(model.NewPassword)) { return(BadRequest("Password is not complex enough.")); } PasswordRecoveryToken recoveryToken = TokenHelper.DecodeStandardJwtToken <PasswordRecoveryToken>(token); User user = UserHelper.GetUserById(recoveryToken.UserId); string newSalt = UserHelper.CreatUserSalt(); string newPasswordHash = HasherHelper.GetHash(model.NewPassword + newSalt); var updatePasswordAndSalt = Builders <User> .Update .Set(u => u.Salt, newSalt) .Set(u => u.Password, newPasswordHash); user.Salt = newSalt; user.Password = newPasswordHash; db.Users.Update(user); return(Ok()); } else { return(BadRequest(ModelState)); } }
public IActionResult SendPasswordReset(string email) { if (!validator.IsValidEmail(email)) { return(View("NoResetLinkSent")); } User user = userRepository.FindByEmail(email); if (user == null) { return(View("NoResetLinkSent")); } PasswordRecoveryToken token = new PasswordRecoveryToken(); user.PasswordRecoveryToken = token; userRepository.Update(user); emailSender.Send(user.Email, user.Username, "Chess Variants Training: Password Reset", string.Format("A password reset for your account was requested. Copy this link and paste it in your browser window to reset your password: {0}", Url.Action("ResetPassword", "User", new { token = token.TokenUnhashed }, Request.Scheme))); return(View("ResetLinkSent")); }