From 07fa58b180d43288617ae979a84586959e60013c Mon Sep 17 00:00:00 2001
From: Slendy <josh@slendy.pw>
Date: Sat, 1 Oct 2022 16:38:21 -0500
Subject: [PATCH] Make password reset request use email instead of username

---
 .../Pages/PasswordResetRequestForm.cshtml     |  2 +-
 .../Pages/PasswordResetRequestForm.cshtml.cs  | 23 +++++++++++++------
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml b/ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml
index 53318893..ace617a0 100644
--- a/ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml
+++ b/ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml
@@ -30,6 +30,6 @@
 <form class="ui form" method="post">
     @Html.AntiForgeryToken() 
 
-    <input type="text" autocomplete="no" id="username" placeholder="Username" name="username"/><br/><br/>
+    <input type="text" autocomplete="no" id="email" placeholder="@Model.Translate(GeneralStrings.Email)" name="email"/><br/><br/>
     <input type="submit" value="Request Password Reset" class="ui blue button"/>
 </form>
\ No newline at end of file
diff --git a/ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml.cs b/ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml.cs
index e77e26d9..6d96390f 100644
--- a/ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml.cs
+++ b/ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml.cs
@@ -1,3 +1,4 @@
+using System.ComponentModel.DataAnnotations;
 using JetBrains.Annotations;
 using LBPUnion.ProjectLighthouse.Configuration;
 using LBPUnion.ProjectLighthouse.Helpers;
@@ -20,7 +21,7 @@ public class PasswordResetRequestForm : BaseLayout
     { }
 
     [UsedImplicitly]
-    public async Task<IActionResult> OnPost(string username)
+    public async Task<IActionResult> OnPost(string email)
     {
 
         if (!ServerConfiguration.Instance.Mail.MailEnabled)
@@ -29,17 +30,24 @@ public class PasswordResetRequestForm : BaseLayout
             return this.Page();
         }
 
-        if (string.IsNullOrWhiteSpace(username))
+        if (string.IsNullOrWhiteSpace(email))
         {
-            this.Error = "The username field is required.";
+            this.Error = "The email field is required.";
             return this.Page();
         }
 
-        User? user = await this.Database.Users.FirstOrDefaultAsync(u => u.Username == username);
+        if (!new EmailAddressAttribute().IsValid(email))
+        {
+            this.Error = "This email is in an invalid format";
+            return this.Page();
+        }
+
+        User? user = await this.Database.Users.FirstOrDefaultAsync(u => u.EmailAddress == email && u.EmailAddressVerified);
 
         if (user == null)
         {
-            this.Error = "User does not exist.";
+            this.Status = $"A password reset request has been sent to the email {email}.\n" +
+                          "If you do not receive an email verify that you have entered the correct email address";
             return this.Page();
         }
 
@@ -59,8 +67,9 @@ public class PasswordResetRequestForm : BaseLayout
 
         this.Database.PasswordResetTokens.Add(token);
         await this.Database.SaveChangesAsync();
-        
-        this.Status = $"Password reset email sent to {CensorHelper.MaskEmail(user.EmailAddress)}.";
+
+        this.Status = $"A password reset request has been sent to the email {email}." +
+                      "If you do not receive an email verify that you have entered the correct email address";
         return this.Page();
     }
     public void OnGet() => this.Page();