public async Task<ActionResult> GetAnswerForRecoveryQuestion(PasswordRecoveryModel model) { var requestedUser = await UserManager.FindByNameAsync(model.UserName); if (requestedUser == null) return new EmptyResult(); return RedirectToAction("Manage", new { Username = model.UserName, Question = requestedUser.RecoveryQuestion }); }
public async Task<ActionResult> RecoverPassword(PasswordRecoveryModel model) { if (ModelState.IsValid) { if (string.IsNullOrEmpty(model.InputAnswer)) { // begin recaptcha helper setup var recaptchaHelper = this.GetRecaptchaVerificationHelper(); if (String.IsNullOrEmpty(recaptchaHelper.Response)) { ModelState.AddModelError("", "Captcha answer cannot be empty"); return View(model); } var recaptchaResult = recaptchaHelper.VerifyRecaptchaResponse(); if (recaptchaResult != RecaptchaVerificationResult.Success) { ModelState.AddModelError("", "Incorrect captcha answer"); return View(model); } // end recaptcha helper setup // Find username and pass it along var user = await UserManager.FindByNameAsync(model.UserName); if (user == null) return View(model); if (string.IsNullOrEmpty(user.RecoveryQuestion)) { ModelState.AddModelError("", string.Format("{0} does not have a question to answer therefore no password recovery can be attempted.", model.UserName)); return View(model); } ViewBag.HasUsername = true; model.UserName = user.UserName; ViewBag.Username = user.UserName; model.Question = user.RecoveryQuestion; } else { var username = model.UserName; if (username == null) username = ViewBag.Username; if (string.IsNullOrEmpty(model.InputAnswer) || string.IsNullOrEmpty(username) || string.IsNullOrEmpty(model.Question)) { ModelState.AddModelError("", "Something went wrong!"); return View(model); } var user = await UserManager.FindByNameAsync(username); if (user == null) { ModelState.AddModelError("", "Something went wrong!"); return View(model); } if (user.RecoveryQuestion != model.Question || user.Answer.ToLower() != model.InputAnswer.ToLower()) { ModelState.AddModelError("", "Invalid answer."); return View(model); } var newPassHash = UserManager.PasswordHasher.HashPassword(model.Password); ApplicationUser cUser = UserManager.FindById(user.Id); UserStore<ApplicationUser> store = new UserStore<ApplicationUser>(); await store.SetPasswordHashAsync(cUser, newPassHash); await store.UpdateAsync(cUser); } } // If we got this far, something failed, redisplay form return View(model); }