public virtual async Task<ActionResult> ChangePassword(AccountViewModel model)
{
var user = GetCurrentUser();
var oldPassword = user.Credentials.FirstOrDefault(
c => c.Type.StartsWith(CredentialTypes.Password.Prefix, StringComparison.OrdinalIgnoreCase));
if (oldPassword == null)
{
// User is requesting a password set email
await AuthService.GeneratePasswordResetToken(user, Constants.DefaultPasswordResetTokenExpirationHours * 60);
return SendPasswordResetEmail(user, forgotPassword: false);
}
else
{
if (!ModelState.IsValidField("ChangePassword"))
{
return AccountView(model);
}
if (!(await AuthService.ChangePassword(user, model.ChangePassword.OldPassword, model.ChangePassword.NewPassword)))
{
ModelState.AddModelError("ChangePassword.OldPassword", Strings.CurrentPasswordIncorrect);
return AccountView(model);
}
TempData["Message"] = Strings.PasswordChanged;
return RedirectToAction("Account");
}
}
private ActionResult AccountView(AccountViewModel model)
{
// Load Credential info
var user = GetCurrentUser();
var creds = user.Credentials.Select(c => AuthService.DescribeCredential(c)).ToList();
model.Credentials = creds;
return View("Account", model);
}
public virtual async Task<ActionResult> ChangeEmail(AccountViewModel model)
{
if (!ModelState.IsValidField("ChangeEmail.NewEmail"))
{
return AccountView(model);
}
var user = GetCurrentUser();
if (user.HasPassword())
{
if (!ModelState.IsValidField("ChangeEmail.Password"))
{
return AccountView(model);
}
var authUser = await AuthService.Authenticate(User.Identity.Name, model.ChangeEmail.Password);
if (authUser == null)
{
ModelState.AddModelError("ChangeEmail.Password", Strings.CurrentPasswordIncorrect);
return AccountView(model);
}
}
// No password? We can't do any additional verification...
if (String.Equals(model.ChangeEmail.NewEmail, user.LastSavedEmailAddress, StringComparison.OrdinalIgnoreCase))
{
// email address unchanged - accept
return RedirectToAction("Account");
}
try
{
await UserService.ChangeEmailAddress(user, model.ChangeEmail.NewEmail);
}
catch (EntityException e)
{
ModelState.AddModelError("NewEmail", e.Message);
return AccountView(model);
}
if (user.Confirmed)
{
var confirmationUrl = Url.ConfirmationUrl(
"Confirm", "Users", user.Username, user.EmailConfirmationToken);
MessageService.SendEmailChangeConfirmationNotice(new MailAddress(user.UnconfirmedEmailAddress, user.Username), confirmationUrl);
TempData["Message"] = Strings.EmailUpdated_ConfirmationRequired;
}
else
{
TempData["Message"] = Strings.EmailUpdated;
}
return RedirectToAction("Account");
}
