public virtual ActionResult Confirm(string username, string token)
{
// We don't want Login to have us as a return URL
// By having this value present in the dictionary BUT null, we don't put "returnUrl" on the Login link at all
ViewData[Constants.ReturnUrlViewDataKey] = null;
if (String.IsNullOrEmpty(token))
{
return(HttpNotFound());
}
var user = UserService.FindByUsername(username);
if (user == null)
{
return(HttpNotFound());
}
string existingEmail = user.EmailAddress;
var model = new EmailConfirmationModel
{
ConfirmingNewAccount = String.IsNullOrEmpty(existingEmail),
SuccessfulConfirmation = UserService.ConfirmEmailAddress(user, token)
};
if (model.SuccessfulConfirmation && Config.ConfirmationsViaAdminEmail)
{
MessageService.SendAdminApprovedAccountVerifiedEmail(new MailAddress(user.EmailAddress), user.Username);
}
// SuccessfulConfirmation is required so that the confirm Action isn't a way to spam people.
// Change notice not required for new accounts.
if (model.SuccessfulConfirmation && !model.ConfirmingNewAccount)
{
MessageService.SendEmailChangeNoticeToPreviousEmailAddress(user, existingEmail);
}
return(View(model));
}
