public ActionResult ForgotPassword(ForgotPasswordViewModel forgotPasswordViewModel) { if (!ModelState.IsValid) { return View(forgotPasswordViewModel); } MembershipUser user; using (var unitOfWork = UnitOfWorkManager.NewUnitOfWork()) { user = MembershipService.GetUserByEmail(forgotPasswordViewModel.EmailAddress); // If the email address is not registered then display the 'email sent' confirmation the same as if // the email address was registered. There is no harm in doing this and it avoids exposing registered // email addresses which could be a privacy issue if the forum is of a sensitive nature. */ if (user == null) { return RedirectToAction("PasswordResetSent", "Members"); } try { // If the user is registered then create a security token and a timestamp that will allow a change of password MembershipService.UpdatePasswordResetToken(user); unitOfWork.Commit(); } catch (Exception ex) { unitOfWork.Rollback(); LoggingService.Error(ex); ModelState.AddModelError("", LocalizationService.GetResourceString("Members.ResetPassword.Error")); return View(forgotPasswordViewModel); } } // At this point the email address is registered and a security token has been created // so send an email with instructions on how to change the password using (var unitOfWork = UnitOfWorkManager.NewUnitOfWork()) { var settings = SettingsService.GetSettings(); var url = new Uri(string.Concat(settings.ForumUrl.TrimEnd('/'), Url.Action("ResetPassword", "Members", new { user.Id, token = user.PasswordResetToken }))); var sb = new StringBuilder(); sb.AppendFormat("<p>{0}</p>", string.Format(LocalizationService.GetResourceString("Members.ResetPassword.EmailText"), settings.ForumName)); sb.AppendFormat("<p><a href=\"{0}\">{0}</a></p>", url); var email = new Email { EmailTo = user.Email, NameTo = user.UserName, Subject = LocalizationService.GetResourceString("Members.ForgotPassword.Subject") }; email.Body = _emailService.EmailTemplate(email.NameTo, sb.ToString()); _emailService.SendMail(email); try { unitOfWork.Commit(); } catch (Exception ex) { unitOfWork.Rollback(); LoggingService.Error(ex); ModelState.AddModelError("", LocalizationService.GetResourceString("Members.ResetPassword.Error")); return View(forgotPasswordViewModel); } } return RedirectToAction("PasswordResetSent", "Members"); }
public ActionResult ForgotPassword(ForgotPasswordViewModel forgotPasswordViewModel) { var changePasswordSucceeded = true; var currentUser = new MembershipUser(); var newPassword = StringUtils.RandomString(8); using (var unitOfWork = UnitOfWorkManager.NewUnitOfWork()) { if (ModelState.IsValid) { currentUser = MembershipService.GetUserByEmail(forgotPasswordViewModel.EmailAddress); if (currentUser != null) { changePasswordSucceeded = MembershipService.ResetPassword(currentUser, newPassword); try { unitOfWork.Commit(); } catch (Exception ex) { unitOfWork.Rollback(); LoggingService.Error(ex); changePasswordSucceeded = false; } } else { changePasswordSucceeded = false; } } } // Success send newpassword to the user telling them password has been changed using (UnitOfWorkManager.NewUnitOfWork()) { if (changePasswordSucceeded) { var sb = new StringBuilder(); sb.AppendFormat("<p>{0}</p>", string.Format(LocalizationService.GetResourceString("Members.ForgotPassword.Email"), SettingsService.GetSettings().ForumName)); sb.AppendFormat("<p><b>{0}</b></p>", newPassword); var email = new Email { EmailFrom = SettingsService.GetSettings().NotificationReplyEmail, EmailTo = currentUser.Email, NameTo = currentUser.UserName, Subject = LocalizationService.GetResourceString("Members.ForgotPassword.Subject") }; email.Body = _emailService.EmailTemplate(email.NameTo, sb.ToString()); _emailService.SendMail(email); // We use temp data because we are doing a redirect TempData[AppConstants.MessageViewBagName] = new GenericMessageViewModel { Message = LocalizationService.GetResourceString("Members.ForgotPassword.SuccessMessage"), MessageType = GenericMessages.success }; return View(); } ModelState.AddModelError("", LocalizationService.GetResourceString("Members.ForgotPassword.ErrorMessage")); return View(forgotPasswordViewModel); } }