code/api/src/Endpoints/Internal/PasswordResetRequests/Create/Route.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

namespace IOL.GreatOffice.Api.Endpoints.Internal.PasswordResetRequests.Create;

public class Route : RouteBaseAsync.WithRequest<RequestModel>.WithActionResult
{
    private readonly ILogger<Route> _logger;
    private readonly PasswordResetService _passwordResetService;
    private readonly AppDbContext _context;
    
    public Route(ILogger<Route> logger, PasswordResetService passwordResetService, AppDbContext context) {
        _logger = logger;
        _passwordResetService = passwordResetService;
        _context = context;
    }

    /// <summary>
    /// Create a new password reset request.
    /// </summary>
    /// <param name="request"></param>
    /// <param name="cancellationToken"></param>
    /// <returns></returns>
    [AllowAnonymous]
    [HttpPost("~/_/password-reset-request/create")]
    public override async Task<ActionResult> HandleAsync(RequestModel request, CancellationToken cancellationToken = default) {
        if (!request.Username.IsValidEmailAddress()) {
            _logger.LogInformation("Username is invalid, not doing request for password change");
            return KnownProblem("Invalid email address", request.Username + " looks like an invalid email address");
        }

        Request.Headers.TryGetValue(AppHeaders.BROWSER_TIME_ZONE, out var timeZoneHeader);
        var tz = TimeZoneInfo.FindSystemTimeZoneById(timeZoneHeader.ToString().HasValue() ? timeZoneHeader.ToString() : "UTC");
        var offset = tz.BaseUtcOffset.Hours;

        // this is fine as long as the client is not connecting from Australia: Lord Howe Island
        // according to https://en.wikipedia.org/wiki/Daylight_saving_time_by_country
        if (tz.IsDaylightSavingTime(AppDateTime.UtcNow)) {
            offset++;
        }

        _logger.LogInformation("Request time zone (" + tz.Id + ") offset is: " + offset + " hours");
        var requestDateTime = TimeZoneInfo.ConvertTimeFromUtc(AppDateTime.UtcNow, tz);
        _logger.LogInformation("Creating forgot password request with date time: " + requestDateTime.ToString("u"));

        try {
            var user = _context.Users.SingleOrDefault(c => c.Username.Equals(request.Username));
            if (user != default) {
                await _passwordResetService.AddRequestAsync(user, tz, cancellationToken);
                return Ok();
            }

            _logger.LogInformation("User was not found, not doing request for password change");
            return Ok();
        } catch (Exception e) {
            _logger.LogError(e, "_/password-reset-request/create threw an exception");
            return Ok();
        }
    }
}