public async Task <IHttpActionResult> GetSecurityQuestions([FromUri] string email, [FromUri] string appCode) { try { if (db.USERS.Where(x => String.Equals(x.PrimaryEmail, email)).FirstOrDefault() == null) { return(Conflict()); } var q = from b in db.USER_SECURITY_QUESTIONS join c in db.USERS on b.UserId equals c.UserId where c.PrimaryEmail == email select new SecurityQuestions() { SecurityQuestion1 = b.SecurityQuestion1, SecurityQuestion2 = b.SecurityQuestion2 }; List <SecurityQuestions> questions = q.ToList(); //note that you don't have to provide a security question //it will just reset if you don't if (questions.Count == 0 || (questions[0].SecurityQuestion1 == null && questions[0].SecurityQuestion2 == null)) { UserAccountSecurityManager resetter = new UserAccountSecurityManager(); bool rval = await resetter.ResetPassword(email, "Password Reset", appCode); return(Ok(new List <SecurityQuestions>())); } return(Ok(questions)); } catch (Exception e) { CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current); return(Content(HttpStatusCode.InternalServerError, e.Message)); } }
public async Task <IHttpActionResult> ResetPassword([FromBody] SecurityQuestionAnswer answer) { try { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } if (!emailvalidator.IsMatch(answer.PrimaryEmail.Trim())) { return(BadRequest()); } if (IsSecurityAnswerCorrect(answer)) { UserAccountSecurityManager resetter = new UserAccountSecurityManager(); bool rval = await resetter.ResetPassword(answer.PrimaryEmail, "Password Reset", answer.AppCode); if (rval) { return(StatusCode(HttpStatusCode.OK)); } else { return(StatusCode(HttpStatusCode.InternalServerError)); } } // return Unauthorized(); // returning a 401 (Unauthorized) gets caught by the JWT interceptor and dumps the user out, which we don't want. return(Conflict()); } catch (Exception e) { return((IHttpActionResult)CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current)); } }