示例#1
0
        public async Task <Response> ResetAccount(string emailOrUsername)
        {
            var resp = new Response
            {
                Type = ResponseType.Fail
            };

            var user = await _userManager.FindByEmailAsync(emailOrUsername);

            if (user == null)
            {
                user = await _userManager.FindByNameAsync(emailOrUsername);
            }

            if (user == null)
            {
                resp.ErrorCode = ErrorCode.UserNotFound;
                return(resp);
            }

            var now           = DateTime.UtcNow;
            var unixTimestamp = Utility.GetUnixTimeStamp(now);

            var resetLink = Utility.Base64Encode($"{user.Id:N}::{user.SecurityStamp}::{unixTimestamp}");

            var mailSent = SendResetPasswordEmail(resetLink, user.Email);

            if (!mailSent)
            {
                resp.ErrorCode = ErrorCode.ApplicationException;
                return(resp);
            }

            user.LockoutEnd = now;

            await _userManager.UpdateAsync(user);

            _logger.LogInformation(string.Format(LoggingOperationPhrase.PasswordReset, user.Id));

            resp.Type = ResponseType.Success;

            return(resp);
        }
示例#2
0
        public async Task <DataResponse <Guid> > ConfirmPasswordReset(string password, string securityCode)
        {
            var resp = new DataResponse <Guid>
            {
                Type = ResponseType.Fail,
                Data = Guid.Empty
            };

            string decodedLink;

            try
            {
                decodedLink = Utility.Base64Decode(securityCode);
            }
            catch (Exception e)
            {
                _logger.LogError($"{securityCode} decode error", e);
                resp.ErrorCode = ErrorCode.ApplicationException;
                return(resp);
            }

            var linkParams = decodedLink.Split("::");

            if (linkParams.Length != 3)
            {
                _logger.LogError($"{securityCode} params cannot be found");

                resp.ErrorCode = ErrorCode.ApplicationException;
                return(resp);
            }

            var userId        = Guid.Parse(linkParams[0]);
            var securityStamp = linkParams[1];
            var unixTimestamp = int.Parse(linkParams[2]);

            var user = await _userManager.FindByIdAsync(userId.ToString());

            if (user == null || user.SecurityStamp != securityStamp)
            {
                resp.ErrorCode = ErrorCode.SecurityError;
                return(resp);
            }

            var lockoutEndDate = user.LockoutEnd.Value.UtcDateTime;

            if (unixTimestamp != Utility.GetUnixTimeStamp(lockoutEndDate))
            {
                resp.ErrorCode = ErrorCode.SecurityCodeExpired;
                return(resp);
            }

            if (lockoutEndDate.AddMinutes(10) < DateTime.UtcNow)
            {
                resp.ErrorCode = ErrorCode.SecurityCodeExpired;
                return(resp);
            }

            resp.Data = userId;
            resp.Type = ResponseType.Success;

            return(resp);
        }