blob: 3e086f6515e5dfc0f4e80dfd573f5be46680da85 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
namespace IOL.GreatOffice.Api.Endpoints.Internal.PasswordResetRequests;
/// <inheritdoc />
public class CreateResetRequestRoute : RouteBaseAsync.WithRequest<string>.WithActionResult
{
private readonly ILogger<CreateResetRequestRoute> _logger;
private readonly ForgotPasswordService _forgotPasswordService;
private readonly AppDbContext _context;
/// <inheritdoc />
public CreateResetRequestRoute(ILogger<CreateResetRequestRoute> logger, ForgotPasswordService forgotPasswordService, AppDbContext context) {
_logger = logger;
_forgotPasswordService = forgotPasswordService;
_context = context;
}
/// <summary>
/// Create a new password reset request.
/// </summary>
/// <param name="username"></param>
/// <param name="cancellationToken"></param>
/// <returns></returns>
[AllowAnonymous]
[HttpGet("~/_/forgot-password-requests/create")]
public override async Task<ActionResult> HandleAsync(string username, CancellationToken cancellationToken = default) {
if (!username.IsValidEmailAddress()) {
_logger.LogInformation("Username is invalid, not doing request for password change");
return BadRequest(new ErrorResult("Invalid email address", username + " looks like an invalid email address"));
}
Request.Headers.TryGetValue(AppHeaders.BROWSER_TIME_ZONE, out var timeZoneHeader);
var tz = TimeZoneInfo.FindSystemTimeZoneById(timeZoneHeader.ToString().HasValue() ? timeZoneHeader.ToString() : "UTC");
var offset = tz.BaseUtcOffset.Hours;
// this is fine as long as the client is not connecting from Australia: Lord Howe Island
// according to https://en.wikipedia.org/wiki/Daylight_saving_time_by_country
if (tz.IsDaylightSavingTime(DateTime.UtcNow)) {
offset++;
}
_logger.LogInformation("Request time zone (" + tz.Id + ") offset is: " + offset + " hours");
var requestDateTime = TimeZoneInfo.ConvertTimeFromUtc(DateTime.UtcNow, tz);
_logger.LogInformation("Creating forgot password request with date time: " + requestDateTime.ToString("u"));
try {
var user = _context.Users.SingleOrDefault(c => c.Username.Equals(username));
if (user != default) {
await _forgotPasswordService.AddRequestAsync(user, tz, cancellationToken);
return Ok();
}
_logger.LogInformation("User was not found, not doing request for password change");
return Ok();
} catch (Exception e) {
_logger.LogError(e, "ForgotAction failed badly");
return Ok();
}
}
}
|
