public IHttpActionResult Put(string userGuid, string verifyCode)
{
try
{
string body = new StreamReader(HttpContext.Current.Request.InputStream).ReadToEnd();
UpdatePasswordEnt ent = JsonConvert.DeserializeObject <UpdatePasswordEnt>(body);
string errorInfo = string.Empty;
if ((new User()).UpdatePassword(userGuid, ent, verifyCode, ref errorInfo))
{
return(Ok("True"));
}
if (errorInfo == "User not exist")
{
return(NotFound());
}
return(BadRequest(errorInfo));
}
catch (Exception ex)
{
_log.Error(ex.ToString());
return(BadRequest(ex.ToString()));
}
}
public bool UpdatePassword(string userGuid, UpdatePasswordEnt ent, string verifyCode, ref string errorInfo)
{
_log.Info("Request to update password for user " + userGuid);
string existCode = GetVerificationCode(userGuid);
if (existCode.Equals(string.Empty))
{
errorInfo = "No security code or code expired";
return(false);
}
if (!verifyCode.Equals(existCode))
{
errorInfo = "Security code incorrect";
return(false);
}
UserEnt userEnt = GetUserByGuid(userGuid, ref errorInfo);
if (userEnt == null)
{
return(false);
}
if (string.Compare(userEnt.Password, ent.OldPassword) != 0)
{
_log.Warn("User " + userGuid + "'s old password not correct while updating password");
errorInfo = "Old password incorrect";
return(false);
}
string sql = string.Format("UPDATE user SET password='******' and update_time='{1}' WHERE user_guid='{2}'"
, ent.NewPassword, DateTime.UtcNow.ToString("yyyy-MM-ddThh:mm:ssZ"), userGuid);
int cnt = ExecuteSql(sql);
if (cnt == 0)
{
throw new Exception("Failed to update database");
}
_log.Info("User " + userGuid + "'s password updated successfully");
return(true);
}
