public virtual async Task <ActionResult> ChangeEmail(AccountViewModel model) { if (!ModelState.IsValidField("ChangeEmail.NewEmail")) { return(AccountView(model)); } var user = GetCurrentUser(); if (user.HasPassword()) { if (!ModelState.IsValidField("ChangeEmail.Password")) { return(AccountView(model)); } var authUser = await AuthService.Authenticate(User.Identity.Name, model.ChangeEmail.Password); if (authUser == null) { ModelState.AddModelError("ChangeEmail.Password", Strings.CurrentPasswordIncorrect); return(AccountView(model)); } } // No password? We can't do any additional verification... if (String.Equals(model.ChangeEmail.NewEmail, user.LastSavedEmailAddress, StringComparison.OrdinalIgnoreCase)) { // email address unchanged - accept return(RedirectToAction(actionName: "Account", controllerName: "Users")); } try { await UserService.ChangeEmailAddress(user, model.ChangeEmail.NewEmail); } catch (EntityException e) { ModelState.AddModelError("ChangeEmail.NewEmail", e.Message); return(AccountView(model)); } if (user.Confirmed) { var confirmationUrl = Url.ConfirmationUrl( "Confirm", "Users", user.Username, user.EmailConfirmationToken); MessageService.SendEmailChangeConfirmationNotice(new MailAddress(user.UnconfirmedEmailAddress, user.Username), confirmationUrl); TempData["Message"] = Strings.EmailUpdated_ConfirmationRequired; } else { TempData["Message"] = Strings.EmailUpdated; } return(RedirectToAction(actionName: "Account", controllerName: "Users")); }
public virtual async Task <ActionResult> ChangeEmail(TAccountViewModel model) { var account = GetAccount(model.AccountName); if (account == null || ActionsRequiringPermissions.ManageAccount.CheckPermissions(GetCurrentUser(), account) != PermissionsCheckResult.Allowed) { return(new HttpStatusCodeResult(HttpStatusCode.Forbidden, Strings.Unauthorized)); } if (!ModelState.IsValidField("ChangeEmail.NewEmail")) { return(AccountView(account, model)); } if (account.HasPasswordCredential()) { if (!ModelState.IsValidField("ChangeEmail.Password")) { return(AccountView(account, model)); } if (!AuthenticationService.ValidatePasswordCredential(account.Credentials, model.ChangeEmail.Password, out var _)) { ModelState.AddModelError("ChangeEmail.Password", Strings.CurrentPasswordIncorrect); return(AccountView(account, model)); } } // No password? We can't do any additional verification... if (string.Equals(model.ChangeEmail.NewEmail, account.LastSavedEmailAddress, StringComparison.OrdinalIgnoreCase)) { // email address unchanged - accept return(RedirectToAction(AccountAction)); } try { await UserService.ChangeEmailAddress(account, model.ChangeEmail.NewEmail); } catch (EntityException e) { ModelState.AddModelError("ChangeEmail.NewEmail", e.Message); return(AccountView(account, model)); } if (account.Confirmed && !string.IsNullOrEmpty(account.UnconfirmedEmailAddress)) { await SendEmailChangedConfirmationNoticeAsync(account); } return(RedirectToAction(AccountAction)); }
public virtual ActionResult ChangeEmail(ChangeEmailRequestModel model) { if (!ModelState.IsValid) { return(View(model)); } User user = UserService.FindByUsernameAndPassword(Identity.Name, model.Password); if (user == null) { ModelState.AddModelError("Password", Strings.CurrentPasswordIncorrect); return(View(model)); } if (String.Equals(model.NewEmail, user.LastSavedEmailAddress, StringComparison.OrdinalIgnoreCase)) { // email address unchanged - accept return(RedirectToAction(MVC.Users.Edit())); } try { UserService.ChangeEmailAddress(user, model.NewEmail); } catch (EntityException e) { ModelState.AddModelError("NewEmail", e.Message); return(View(model)); } if (user.Confirmed) { var confirmationUrl = Url.ConfirmationUrl( MVC.Users.Confirm(), user.Username, user.EmailConfirmationToken, protocol: Request.Url.Scheme); MessageService.SendEmailChangeConfirmationNotice(new MailAddress(user.UnconfirmedEmailAddress, user.Username), confirmationUrl); TempData["Message"] = "Your email address has been changed! We sent a confirmation email to verify your new email. When you confirm the new email address, it will take effect and we will forget the old one."; } else { TempData["Message"] = "Your new email address was saved!"; } return(RedirectToAction(MVC.Users.Edit())); }