Permalink
Cannot retrieve contributors at this time
162 lines (141 sloc)
6.02 KB
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
OrchardCore/src/OrchardCore.Modules/OrchardCore.Users/Controllers/ResetPasswordController.cs /
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| using Microsoft.AspNetCore.Authorization; | |
| using Microsoft.AspNetCore.Identity; | |
| using Microsoft.AspNetCore.Mvc; | |
| using Microsoft.Extensions.Localization; | |
| using Microsoft.Extensions.Logging; | |
| using OrchardCore.Entities; | |
| using OrchardCore.Modules; | |
| using OrchardCore.Settings; | |
| using OrchardCore.Users.Events; | |
| using OrchardCore.Users.Models; | |
| using OrchardCore.Users.Services; | |
| using OrchardCore.Users.ViewModels; | |
| namespace OrchardCore.Users.Controllers | |
| { | |
| [Feature("OrchardCore.Users.ResetPassword")] | |
| public class ResetPasswordController : Controller | |
| { | |
| private readonly IUserService _userService; | |
| private readonly UserManager<IUser> _userManager; | |
| private readonly ISiteService _siteService; | |
| private readonly IEnumerable<IPasswordRecoveryFormEvents> _passwordRecoveryFormEvents; | |
| private readonly ILogger _logger; | |
| private readonly IStringLocalizer S; | |
| public ResetPasswordController( | |
| IUserService userService, | |
| UserManager<IUser> userManager, | |
| ISiteService siteService, | |
| IStringLocalizer<ResetPasswordController> stringLocalizer, | |
| ILogger<ResetPasswordController> logger, | |
| IEnumerable<IPasswordRecoveryFormEvents> passwordRecoveryFormEvents) | |
| { | |
| _userService = userService; | |
| _userManager = userManager; | |
| _siteService = siteService; | |
| S = stringLocalizer; | |
| _logger = logger; | |
| _passwordRecoveryFormEvents = passwordRecoveryFormEvents; | |
| } | |
| [HttpGet] | |
| [AllowAnonymous] | |
| public async Task<IActionResult> ForgotPassword() | |
| { | |
| if (!(await _siteService.GetSiteSettingsAsync()).As<ResetPasswordSettings>().AllowResetPassword) | |
| { | |
| return NotFound(); | |
| } | |
| return View(); | |
| } | |
| [HttpPost] | |
| [AllowAnonymous] | |
| public async Task<IActionResult> ForgotPassword(ForgotPasswordViewModel model) | |
| { | |
| if (!(await _siteService.GetSiteSettingsAsync()).As<ResetPasswordSettings>().AllowResetPassword) | |
| { | |
| return NotFound(); | |
| } | |
| await _passwordRecoveryFormEvents.InvokeAsync((e, modelState) => e.RecoveringPasswordAsync((key, message) => modelState.AddModelError(key, message)), ModelState, _logger); | |
| if (TryValidateModel(model) && ModelState.IsValid) | |
| { | |
| var user = await _userService.GetForgotPasswordUserAsync(model.Email) as User; | |
| if (user == null || ( | |
| (await _siteService.GetSiteSettingsAsync()).As<RegistrationSettings>().UsersMustValidateEmail | |
| && !await _userManager.IsEmailConfirmedAsync(user)) | |
| ) | |
| { | |
| // returns to confirmation page anyway: we don't want to let scrapers know if a username or an email exist | |
| return RedirectToLocal(Url.Action("ForgotPasswordConfirmation", "ResetPassword")); | |
| } | |
| user.ResetToken = Convert.ToBase64String(Encoding.UTF8.GetBytes(user.ResetToken)); | |
| var resetPasswordUrl = Url.Action("ResetPassword", "ResetPassword", new { code = user.ResetToken }, HttpContext.Request.Scheme); | |
| // send email with callback link | |
| await this.SendEmailAsync(user.Email, S["Reset your password"], new LostPasswordViewModel() { User = user, LostPasswordUrl = resetPasswordUrl }); | |
| var context = new PasswordRecoveryContext(user); | |
| await _passwordRecoveryFormEvents.InvokeAsync((handler, context) => handler.PasswordRecoveredAsync(context), context, _logger); | |
| return RedirectToLocal(Url.Action("ForgotPasswordConfirmation", "ResetPassword")); | |
| } | |
| // If we got this far, something failed, redisplay form | |
| return View(model); | |
| } | |
| [HttpGet] | |
| [AllowAnonymous] | |
| public IActionResult ForgotPasswordConfirmation() | |
| { | |
| return View(); | |
| } | |
| [HttpGet] | |
| [AllowAnonymous] | |
| public async Task<IActionResult> ResetPassword(string code = null) | |
| { | |
| if (!(await _siteService.GetSiteSettingsAsync()).As<ResetPasswordSettings>().AllowResetPassword) | |
| { | |
| return NotFound(); | |
| } | |
| if (code == null) | |
| { | |
| //"A code must be supplied for password reset."; | |
| } | |
| return View(new ResetPasswordViewModel { ResetToken = code }); | |
| } | |
| [HttpPost] | |
| [AllowAnonymous] | |
| [ValidateAntiForgeryToken] | |
| public async Task<IActionResult> ResetPassword(ResetPasswordViewModel model) | |
| { | |
| if (!(await _siteService.GetSiteSettingsAsync()).As<ResetPasswordSettings>().AllowResetPassword) | |
| { | |
| return NotFound(); | |
| } | |
| await _passwordRecoveryFormEvents.InvokeAsync((e, modelState) => e.ResettingPasswordAsync((key, message) => modelState.AddModelError(key, message)), ModelState, _logger); | |
| if (TryValidateModel(model) && ModelState.IsValid) | |
| { | |
| if (await _userService.ResetPasswordAsync(model.Email, Encoding.UTF8.GetString(Convert.FromBase64String(model.ResetToken)), model.NewPassword, (key, message) => ModelState.AddModelError(key, message))) | |
| { | |
| return RedirectToLocal(Url.Action("ResetPasswordConfirmation", "ResetPassword")); | |
| } | |
| } | |
| return View(model); | |
| } | |
| [HttpGet] | |
| [AllowAnonymous] | |
| public IActionResult ResetPasswordConfirmation() | |
| { | |
| return View(); | |
| } | |
| private IActionResult RedirectToLocal(string returnUrl) | |
| { | |
| if (Url.IsLocalUrl(returnUrl)) | |
| { | |
| return Redirect(returnUrl); | |
| } | |
| else | |
| { | |
| return Redirect("~/"); | |
| } | |
| } | |
| } | |
| } |