public List <PotentialQuestions> GetPotentialQuestions() { try { UserAccountSecurityManager resetter = new UserAccountSecurityManager(); return(resetter.GetSecurityQuestionList()); } catch (Exception e) { CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current); } return(new List <PotentialQuestions>()); }
public async Task <HttpResponseMessage> PostRegisterUser([FromBody] CreateUser user) { try { if (!ModelState.IsValid) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Model State")); } if (String.IsNullOrWhiteSpace(user.PrimaryEmail)) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail")); } if (!emailvalidator.IsMatch(user.PrimaryEmail)) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail")); } if (!emailvalidator.IsMatch(user.ConfirmEmail.Trim())) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail")); } if (user.PrimaryEmail != user.ConfirmEmail) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail")); } if (new UserManager().GetUserDetail(user.PrimaryEmail) != null) { return(Request.CreateResponse(HttpStatusCode.Conflict, "An account already exists for that email address")); } UserAccountSecurityManager resetter = new UserAccountSecurityManager(); bool rval = resetter.CreateUserSendEmail(user); if (rval) { return(Request.CreateResponse(HttpStatusCode.OK, "Created Successfully")); } else { return(Request.CreateResponse(HttpStatusCode.InternalServerError, "Unknown error")); } } catch (CSETApplicationException ce) { return(Request.CreateResponse(HttpStatusCode.Conflict, ce.Message)); } catch (Exception e) { return(CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current)); } }
public async Task <HttpResponseMessage> PostChangePassword([FromBody] ChangePassword changePass) { try { if (!ModelState.IsValid) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Model State")); } if (!emailvalidator.IsMatch(changePass.PrimaryEmail.Trim())) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail")); } Login login = new Login() { Email = changePass.PrimaryEmail, Password = changePass.CurrentPassword }; LoginResponse resp = UserAuthentication.Authenticate(login); if (resp == null) { return(Request.CreateResponse(HttpStatusCode.Conflict, "Current password is invalid. Try again or request a new temporary password.")); } UserAccountSecurityManager resetter = new UserAccountSecurityManager(); bool rval = await resetter.ChangePassword(changePass); if (rval) { resp.PasswordResetRequired = false; await db.SaveChangesAsync(); return(Request.CreateResponse(HttpStatusCode.OK, "Created Successfully")); } else { return(Request.CreateResponse(HttpStatusCode.InternalServerError, "Unknown error")); } } catch (CSETApplicationException ce) { return(Request.CreateResponse(HttpStatusCode.Conflict, ce.Message)); } catch (Exception e) { return(CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current)); } }
public async Task <IHttpActionResult> GetSecurityQuestions([FromUri] string email, [FromUri] string appCode) { try { if (db.USERS.Where(x => String.Equals(x.PrimaryEmail, email)).FirstOrDefault() == null) { return(Conflict()); } var q = from b in db.USER_SECURITY_QUESTIONS join c in db.USERS on b.UserId equals c.UserId where c.PrimaryEmail == email select new SecurityQuestions() { SecurityQuestion1 = b.SecurityQuestion1, SecurityQuestion2 = b.SecurityQuestion2 }; List <SecurityQuestions> questions = q.ToList(); //note that you don't have to provide a security question //it will just reset if you don't if (questions.Count == 0 || (questions[0].SecurityQuestion1 == null && questions[0].SecurityQuestion2 == null)) { UserAccountSecurityManager resetter = new UserAccountSecurityManager(); bool rval = await resetter.ResetPassword(email, "Password Reset", appCode); return(Ok(new List <SecurityQuestions>())); } return(Ok(questions)); } catch (Exception e) { CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current); return(Content(HttpStatusCode.InternalServerError, e.Message)); } }
public async Task <IHttpActionResult> ResetPassword([FromBody] SecurityQuestionAnswer answer) { try { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } if (!emailvalidator.IsMatch(answer.PrimaryEmail.Trim())) { return(BadRequest()); } if (IsSecurityAnswerCorrect(answer)) { UserAccountSecurityManager resetter = new UserAccountSecurityManager(); bool rval = await resetter.ResetPassword(answer.PrimaryEmail, "Password Reset", answer.AppCode); if (rval) { return(StatusCode(HttpStatusCode.OK)); } else { return(StatusCode(HttpStatusCode.InternalServerError)); } } // return Unauthorized(); // returning a 401 (Unauthorized) gets caught by the JWT interceptor and dumps the user out, which we don't want. return(Conflict()); } catch (Exception e) { return((IHttpActionResult)CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current)); } }