public async Task <IHttpActionResult> GetSecurityQuestions([FromUri] string email, [FromUri] string appCode)
{
try
{
if (db.USERS.Where(x => String.Equals(x.PrimaryEmail, email)).FirstOrDefault() == null)
{
return(Conflict());
}
var q = from b in db.USER_SECURITY_QUESTIONS
join c in db.USERS on b.UserId equals c.UserId
where c.PrimaryEmail == email
select new SecurityQuestions()
{
SecurityQuestion1 = b.SecurityQuestion1,
SecurityQuestion2 = b.SecurityQuestion2
};
List <SecurityQuestions> questions = q.ToList();
//note that you don't have to provide a security question
//it will just reset if you don't
if (questions.Count == 0 ||
(questions[0].SecurityQuestion1 == null && questions[0].SecurityQuestion2 == null))
{
UserAccountSecurityManager resetter = new UserAccountSecurityManager();
bool rval = await resetter.ResetPassword(email, "Password Reset", appCode);
return(Ok(new List <SecurityQuestions>()));
}
return(Ok(questions));
}
catch (Exception e)
{
CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current);
return(Content(HttpStatusCode.InternalServerError, e.Message));
}
}
public async Task <IHttpActionResult> ResetPassword([FromBody] SecurityQuestionAnswer answer)
{
try
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!emailvalidator.IsMatch(answer.PrimaryEmail.Trim()))
{
return(BadRequest());
}
if (IsSecurityAnswerCorrect(answer))
{
UserAccountSecurityManager resetter = new UserAccountSecurityManager();
bool rval = await resetter.ResetPassword(answer.PrimaryEmail, "Password Reset", answer.AppCode);
if (rval)
{
return(StatusCode(HttpStatusCode.OK));
}
else
{
return(StatusCode(HttpStatusCode.InternalServerError));
}
}
// return Unauthorized();
// returning a 401 (Unauthorized) gets caught by the JWT interceptor and dumps the user out, which we don't want.
return(Conflict());
}
catch (Exception e)
{
return((IHttpActionResult)CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current));
}
}
