Fixed forgot password process

server/Controllers/AuthController.cs

@@ -1,3 +1,4 @@
+using System.Net;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
@@ -17,13 +18,15 @@ namespace PodNoms.Api.Controllers {
         private readonly UserManager<ApplicationUser> _userManager;
         private readonly IJwtFactory _jwtFactory;
         private readonly IEmailSender _emailSender;
+        private readonly AppSettings _appSettings;
         private readonly JwtIssuerOptions _jwtOptions;
 
         public AuthController(UserManager<ApplicationUser> userManager, IJwtFactory jwtFactory, IOptions<JwtIssuerOptions> jwtOptions,
-        IEmailSender emailSender) {
+                    IOptions<AppSettings> appSettings, IEmailSender emailSender) {
             _userManager = userManager;
             _jwtFactory = jwtFactory;
             _emailSender = emailSender;
+            _appSettings = appSettings.Value;
             _jwtOptions = jwtOptions.Value;
         }
 
@@ -63,32 +66,26 @@ namespace PodNoms.Api.Controllers {
             // Credentials are invalid, or account doesn't exist
             return await Task.FromResult<ClaimsIdentity>(null);
         }
-        [HttpPost("reset")]
+        [HttpPost("forgot")]
         [AllowAnonymous]
         public async Task<IActionResult> ForgotPassword([FromBody]ForgotPasswordViewModel model) {
             if (ModelState.IsValid) {
                 var user = await _userManager.FindByNameAsync(model.Email);
                 if (user == null) {
-                    // Don't reveal that the user does not exist or is not confirmed
                     return BadRequest(model);
                 }
-
-                // For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=532713
-                // Send an email with this link
                 var code = await _userManager.GeneratePasswordResetTokenAsync(user);
-                var callbackUrl = Url.Action("ResetPassword", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme);
+                var callbackUrl = $"{_appSettings.SiteUrl}/reset?token={WebUtility.UrlEncode(code)}&email={WebUtility.UrlEncode(user.Email)}";
                 await _emailSender.SendEmailAsync(model.Email, "Reset Password",
                    "Please reset your password by clicking here: <a href=\"" + callbackUrl + "\">link</a>");
                 return Ok(model);
             }
-
-            // If we got this far, something failed, redisplay form
             return BadRequest(model);
         }
 
-        [HttpPost("/reset")]
+        [HttpPost("reset")]
         [AllowAnonymous]
-        public async Task<ActionResult> ResetPassword(ResetPasswordViewModel model) {
+        public async Task<ActionResult> ResetPassword([FromBody]ResetPasswordViewModel model) {
             if (!ModelState.IsValid) {
                 return BadRequest("Unable to reset your password at this time");
             }
@@ -98,9 +95,9 @@ namespace PodNoms.Api.Controllers {
             }
             var result = await _userManager.ResetPasswordAsync(user, model.Code, model.Password);
             if (result.Succeeded) {
-                return BadRequest();
+                return Ok(model);
             }
-            return Ok();
+            return BadRequest();
         }
     }
 }