feat: add member password reset (#100)

* chore: add usync content for new template

* chore: regenerate models

* feat: add forgot password flow

* feat: add reset password flow

Author: glitchedmob

SgfDevs/Controllers/AccountController.cs

@@ -1,31 +1,44 @@
 using System;
+using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using J2N.Collections.Generic;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using SGFDevs.Models;
 using SGFDevs.ViewModels;
+using Umbraco.Cms.Core.Configuration.Models;
 using Umbraco.Cms.Core;
 using Umbraco.Cms.Core.Cache;
 using Umbraco.Cms.Core.Logging;
+using Umbraco.Cms.Core.Mail;
+using Umbraco.Cms.Core.Models.Email;
+using Umbraco.Cms.Core.Models.PublishedContent;
 using Umbraco.Cms.Core.Routing;
 using Umbraco.Cms.Core.Security;
 using Umbraco.Cms.Core.Services;
 using Umbraco.Cms.Core.Web;
 using Umbraco.Cms.Infrastructure.Persistence;
+using Umbraco.Cms.Web.Common;
 using Umbraco.Cms.Web.Common.Models;
 using Umbraco.Cms.Web.Common.Filters;
 using Umbraco.Cms.Web.Common.Security;
 using Umbraco.Cms.Web.Website.Controllers;
+using Umbraco.Extensions;
 
 namespace SGFDevs.Controllers;
 
 [AutoValidateAntiforgeryToken]
 public class AccountController : SurfaceController
 {
-    private IMemberSignInManager _memberSignInManager;
-    private IMemberManager _memberManager;
-    private IMemberService _memberService;
+    private readonly IMemberSignInManager _memberSignInManager;
+    private readonly IMemberManager _memberManager;
+    private readonly IMemberService _memberService;
+    private readonly UmbracoHelper _umbracoHelper;
+    private readonly IEmailSender _emailSender;
+    private readonly IOptions<GlobalSettings> _globalSettings;
+    private readonly ILogger<AccountController> _logger;
 
     public AccountController(
         IUmbracoContextAccessor umbracoContextAccessor,
@@ -36,12 +49,20 @@ public AccountController(
         IPublishedUrlProvider publishedUrlProvider,
         IMemberSignInManager memberSignInManager,
         IMemberManager memberManager,
-        IMemberService memberService
+        IMemberService memberService,
+        UmbracoHelper umbracoHelper,
+        IEmailSender emailSender,
+        IOptions<GlobalSettings> globalSettings,
+        ILogger<AccountController> logger
         ) : base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider)
     {
         _memberSignInManager = memberSignInManager;
         _memberManager = memberManager;
         _memberService = memberService;
+        _umbracoHelper = umbracoHelper;
+        _emailSender = emailSender;
+        _globalSettings = globalSettings;
+        _logger = logger;
     }
 
     [HttpPost]
@@ -136,6 +157,101 @@ public async Task<IActionResult> Register(RegisterModel model)
         return CurrentUmbracoPage();
     }
 
+    [HttpPost]
+    public async Task<IActionResult> ForgotPassword(ForgotPasswordModel model)
+    {
+        if (!ModelState.IsValid)
+            return CurrentUmbracoPage();
+
+        if (_emailSender.CanSendRequiredEmail() == false)
+        {
+            ModelState.AddModelError(string.Empty, "Password reset is unavailable right now.");
+            return CurrentUmbracoPage();
+        }
+
+        var fromAddress = _globalSettings.Value.Smtp?.From;
+        if (string.IsNullOrWhiteSpace(fromAddress))
+        {
+            ModelState.AddModelError(string.Empty, "Password reset is unavailable right now.");
+            return CurrentUmbracoPage();
+        }
+
+        var resetPage = _umbracoHelper
+            .ContentAtRoot()
+            .SelectMany(root => root.DescendantsOrSelf())
+            .FirstOrDefault(content => content.ContentType.Alias == "resetPassword");
+
+        if (resetPage == null)
+        {
+            _logger.LogError("Unable to locate the reset password page in content.");
+            ModelState.AddModelError(string.Empty, "Password reset is unavailable right now.");
+            return CurrentUmbracoPage();
+        }
+
+        var resetPageUrl = resetPage.Url(mode: UrlMode.Absolute);
+        if (Uri.TryCreate(resetPageUrl, UriKind.Absolute, out _) == false)
+        {
+            _logger.LogError("Unable to build an absolute URL for the reset password page.");
+            ModelState.AddModelError(string.Empty, "Password reset is unavailable right now.");
+            return CurrentUmbracoPage();
+        }
+
+        var member = await _memberManager.FindByEmailAsync(model.Email);
+        if (member != null)
+        {
+            try
+            {
+                var token = await _memberManager.GeneratePasswordResetTokenAsync(member);
+                var resetLink = QueryHelpers.AddQueryString(resetPageUrl, new Dictionary<string, string>
+                {
+                    ["memberId"] = member.Id,
+                    ["token"] = token,
+                });
+
+                var subject = "Reset your Springfield Devs password";
+                var body = $"<p>Hi {member.Name},</p><p>Someone requested a password reset for your Springfield Devs account.</p><p>If that was you, use the link below to choose a new password:</p><p><a href=\"{resetLink}\">Reset your password</a></p><p>If you did not request this, you can ignore this email.</p>";
+                var emailMessage = new EmailMessage(fromAddress, member.Email, subject, body, true);
+
+                await _emailSender.SendAsync(emailMessage, "PasswordReset", true, _globalSettings.Value.Smtp?.EmailExpiration);
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError(ex, "Failed to send a password reset email for member {MemberId}.", member.Id);
+            }
+        }
+
+        TempData["ForgotPasswordMessage"] = "If an account exists for that email, we sent a reset link.";
+        return Redirect("/forgotten-password");
+    }
+
+    [HttpPost]
+    public async Task<IActionResult> ResetPassword(ResetPasswordModel model)
+    {
+        if (!ModelState.IsValid)
+            return CurrentUmbracoPage();
+
+        var member = await _memberManager.FindByIdAsync(model.MemberId);
+        if (member == null)
+        {
+            ModelState.AddModelError(string.Empty, "This reset link is invalid or has expired.");
+            return CurrentUmbracoPage();
+        }
+
+        var result = await _memberManager.ResetPasswordAsync(member, model.Token, model.Password);
+        if (!result.Succeeded)
+        {
+            foreach (var error in result.Errors)
+            {
+                ModelState.AddModelError(string.Empty, error.Description);
+            }
+
+            return CurrentUmbracoPage();
+        }
+
+        TempData["LoginMessage"] = "Your password has been updated. Please log in.";
+        return Redirect("/login");
+    }
+
     [HttpPost]
     [UmbracoMemberAuthorize]
     public async Task<IActionResult> ProfileUpdate(MemberProfile profile)

SgfDevs/Models/ForgotPasswordModel.cs

@@ -0,0 +1,10 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace SGFDevs.Models;
+
+public class ForgotPasswordModel
+{
+    [Required]
+    [EmailAddress]
+    public string Email { get; set; }
+}

SgfDevs/Models/PasswordValidationRules.cs

@@ -0,0 +1,7 @@
+namespace SGFDevs.Models;
+
+public static class PasswordValidationRules
+{
+    public const string Pattern = "^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,}$";
+    public const string ErrorMessage = "You know the drill.. Password must contain at least one upper and lowercase letter, a numeric digit, a special character, and be at least 8 characters long.";
+}

SgfDevs/Models/RegisterModel.cs

@@ -22,11 +22,11 @@ public class RegisterModel
 
     [Required]
     [DataType(DataType.Password)]
-    [RegularExpression("^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,}$", ErrorMessage ="You know the drill.. Password must contain at least one upper and lowercase letter, a numeric digit, a special character, and be at least 8 characters long.")]
+    [RegularExpression(PasswordValidationRules.Pattern, ErrorMessage = PasswordValidationRules.ErrorMessage)]
     public string Password { get; set; }
 
     [Required]
     [Display(Name = "Null Check")]
     [RegularExpression("SGF|sgf", ErrorMessage = "Better luck next time.")]
     public string ChallengeQuestion { get; set; }
-}
+}

SgfDevs/Models/ResetPasswordModel.cs

@@ -0,0 +1,23 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace SGFDevs.Models;
+
+public class ResetPasswordModel
+{
+    [Required]
+    public string MemberId { get; set; }
+
+    [Required]
+    public string Token { get; set; }
+
+    [Required]
+    [DataType(DataType.Password)]
+    [RegularExpression(PasswordValidationRules.Pattern, ErrorMessage = PasswordValidationRules.ErrorMessage)]
+    public string Password { get; set; }
+
+    [Required]
+    [DataType(DataType.Password)]
+    [Compare(nameof(Password), ErrorMessage = "Passwords do not match.")]
+    [Display(Name = "Confirm Password")]
+    public string ConfirmPassword { get; set; }
+}

SgfDevs/Views/Components/ForgottenPassword/Default.cshtml

@@ -0,0 +1,40 @@
+@inherits Umbraco.Cms.Web.Common.Views.UmbracoViewPage<SGFDevs.Models.ForgotPasswordModel>
+
+<div class="container">
+    @if (TempData["ForgotPasswordMessage"] is string message)
+    {
+        <div class="form">
+            <header>
+                <h1>Check your email</h1>
+                <p>@message</p>
+                <p><a href="/login">Back to login</a></p>
+            </header>
+        </div>
+    }
+    else
+    {
+        @using (Html.BeginUmbracoForm("ForgotPassword", "Account", FormMethod.Post))
+        {
+            <div class="form">
+                <header>
+                    <h1>Forgot your password?</h1>
+                    <p>Enter the email address tied to your account and we will send you a reset link.</p>
+                    @Html.ValidationSummary(true)
+                </header>
+
+                <div class="field">
+                    <label asp-for="Email"></label>
+                    <input asp-for="Email" class="form-control" />
+                    <span asp-validation-for="Email" class="text-danger"></span>
+                </div>
+
+                <footer>
+                    <button class="button tall wide" type="submit">Send reset link</button>
+                    <p><a href="/login">Back to login</a></p>
+                </footer>
+            </div>
+        }
+    }
+</div>
+
+<div class="mt_75"></div>

SgfDevs/Views/Components/ForgottenPassword/ForgottenPasswordViewComponent.cs

@@ -0,0 +1,12 @@
+using Microsoft.AspNetCore.Mvc;
+using SGFDevs.Models;
+
+namespace SGFDevs.Views.Components.ForgottenPassword;
+
+public class ForgottenPasswordViewComponent : ViewComponent
+{
+    public IViewComponentResult Invoke()
+    {
+        return View(new ForgotPasswordModel());
+    }
+}

SgfDevs/Views/Components/Login/Default.cshtml

@@ -3,6 +3,10 @@
 
 
 <div class="container">
+    @if (TempData["LoginMessage"] is string loginMessage)
+    {
+        <p>@loginMessage</p>
+    }
     <p>@ViewData["Login"]</p>
     <p>@ViewData["invalid"]</p>
     <p>@ViewData["LoginInvalid"]</p>

SgfDevs/Views/Components/ResetPassword/Default.cshtml

@@ -0,0 +1,44 @@
+@inherits Umbraco.Cms.Web.Common.Views.UmbracoViewPage<SGFDevs.Models.ResetPasswordModel>
+
+<div class="container">
+    <div class="form">
+        <header>
+            <h1>Reset your password</h1>
+            <p>Choose a new password for your Springfield Devs account.</p>
+        </header>
+
+        @if (string.IsNullOrWhiteSpace(Model.MemberId) || string.IsNullOrWhiteSpace(Model.Token))
+        {
+            <p>This reset link is invalid or has expired.</p>
+            <p><a href="/forgotten-password">Request a new reset link</a></p>
+        }
+        else
+        {
+            @using (Html.BeginUmbracoForm("ResetPassword", "Account", FormMethod.Post))
+            {
+                @Html.ValidationSummary(true)
+                <input asp-for="MemberId" type="hidden" />
+                <input asp-for="Token" type="hidden" />
+
+                <div class="field">
+                    <label asp-for="Password"></label>
+                    <input asp-for="Password" class="form-control" />
+                    <span asp-validation-for="Password" class="text-danger"></span>
+                </div>
+
+                <div class="field">
+                    <label asp-for="ConfirmPassword"></label>
+                    <input asp-for="ConfirmPassword" class="form-control" />
+                    <span asp-validation-for="ConfirmPassword" class="text-danger"></span>
+                </div>
+
+                <footer>
+                    <button class="button tall wide" type="submit">Update password</button>
+                    <p><a href="/login">Back to login</a></p>
+                </footer>
+            }
+        }
+    </div>
+</div>
+
+<div class="mt_75"></div>

SgfDevs/Views/Components/ResetPassword/ResetPasswordViewComponent.cs

@@ -0,0 +1,16 @@
+using Microsoft.AspNetCore.Mvc;
+using SGFDevs.Models;
+
+namespace SGFDevs.Views.Components.ResetPassword;
+
+public class ResetPasswordViewComponent : ViewComponent
+{
+    public IViewComponentResult Invoke(string memberId, string token)
+    {
+        return View(new ResetPasswordModel
+        {
+            MemberId = memberId,
+            Token = token,
+        });
+    }
+}