Last active
August 14, 2022 21:16
-
-
Save miketrebilcock/5195817 to your computer and use it in GitHub Desktop.
Password Resetting in Servicestack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using CORE.Kernel.ExtensionMethods; | |
using CORE.Models; | |
using ServiceStack.Common; | |
using ServiceStack.Common.Web; | |
using ServiceStack.FluentValidation; | |
using ServiceStack.ServiceHost; | |
using ServiceStack.ServiceInterface; | |
using ServiceStack.ServiceInterface.Auth; | |
using ServiceStack.ServiceInterface.ServiceModel; | |
using ServiceStack.ServiceInterface.Validation; | |
using ServiceStack.WebHost.Endpoints; | |
using System; | |
using System.Collections.Generic; | |
using System.Runtime.Serialization; | |
using Validation; | |
namespace CORE | |
{ | |
[Route("/passwordreset")] | |
[Route("/api/auth/passwordreset")] | |
public class PasswordResetRequest | |
{ | |
public string Email { get; set; } | |
public string Id { get; set; } | |
public string newpassword { get; set; } | |
} | |
public class passwordResetResponse | |
{ | |
public string id { get; set; } | |
public bool passwordChanged { get; set; } | |
public bool valid { get; set; } | |
} | |
[DefaultRequest(typeof(PasswordResetRequest))] | |
internal class PasswordResetService : AppServiceBase | |
{ | |
public IUserAuthRepository UserAuthRepo { get; set; } | |
//Called when a password reset link is clicked. | |
public object Get(PasswordResetRequest request) | |
{ | |
if (!ValidationLibrary.validate(request.Id, ValidationLibrary.GUID)) | |
return new passwordResetResponse() { valid = false }; | |
//Display Change Password Screen | |
var resetrequest = Cache.Get<PasswordResetRequest>(request.Id); | |
var response = new passwordResetResponse(); | |
response.valid = !(resetrequest == null); | |
response.id = request.Id; | |
return response; | |
} | |
//Called when the password request is initiated. | |
public string Post(PasswordResetRequest request) | |
{ | |
if (request.Email == null) | |
{ | |
this.Response.StatusCode = 400; | |
return "You must provide an email address."; | |
} | |
if (UserAuthRepo.GetUserAuthByUserName(request.Email) == null) | |
{ | |
this.Response.StatusCode = 400; | |
return "Email Address not registered."; | |
} | |
request.Id = Guid.NewGuid().ToString(); | |
Cache.Add<PasswordResetRequest>(request.Id, request, new TimeSpan(1, 0, 0)); | |
var email = new Email(); | |
email.to = new List<EmailAddress>(); | |
email.to.Add(new EmailAddress() { email = request.Email }); | |
email.from = new EmailAddress() { email = "[email protected]" }; | |
email.subject = "Password Reset"; | |
email.body = "<p>Uh Oh! Have you forgotten your password?</p><p>Somebody asked for a password reminder, if it was you click this link to reset it now.</p><p><a href=\""+AppConfig.getAppConfig().appURL+"/passwordreset?id=" + request.Id + "\">"+AppConfig.getAppConfig().appURL+"/passwordreset?id=" + request.Id + "</a></p><p>This link is valid for 1 hour</p><p>If you've remember your password, or you didn't request a reset, you can ignore this email</p><p>Regards</p><p>Cornwall College</p>"; | |
email.TrackingId = request.Id; | |
PublishMessage<Email>(email); | |
return "An email has been sent with a link to reset your password."; | |
} | |
public passwordResetResponse Put(PasswordResetRequest request) | |
{ | |
if (!ValidationLibrary.validate(request.Id, ValidationLibrary.GUID)) | |
return new passwordResetResponse() { valid = false }; | |
if (!ValidationLibrary.validate(request.newpassword, ValidationLibrary.UserPassword)) | |
return new passwordResetResponse() { valid = false }; | |
//Changes the password | |
var resetrequest = Cache.Get<PasswordResetRequest>(request.Id); | |
var response = new passwordResetResponse(); | |
if (resetrequest == null) | |
{ | |
response.valid = false; | |
return response; | |
} | |
else | |
{ | |
response.valid = true; | |
} | |
var existingUser = UserAuthRepo.GetUserAuthByUserName(resetrequest.Email); | |
if (existingUser == null) | |
{ | |
return new passwordResetResponse() { valid = false }; | |
} | |
UserAuthRepo.UpdateUserAuth(existingUser, existingUser, request.newpassword); | |
response.passwordChanged = true; | |
Cache.Remove(resetrequest.Id); | |
return response; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for idea of using cache to store reset request