public async Task ChangePassword(UserPasswordChangeResource userEntry) { var user = await _userRepository.GetByUsernameAsync(userEntry.Username); if (!AuthBusinessLogic.CheckWaitPeriod(user, _configuration)) { // TODO: Implement timeout time throw new UserLoginTimeoutException("{0} seconds."); } if (user == null) { throw new WrongUserCredentialsException("Invalid username or password."); } if (!AuthBusinessLogic.CheckIfValidPassword(user, userEntry.Password, _configuration)) { _userRepository.MarkFailedLogin(user); await _userRepository.SaveChanges(); throw new WrongUserCredentialsException("Invalid username or password."); } user.PasswordHash = AuthBusinessLogic.GetHash(userEntry.Username, userEntry.NewPassword, _configuration); await _userRepository.Update(user); _userRepository.MarkSuccessfulLogin(user); await _userRepository.SaveChanges(); }
public async Task <IActionResult> ChangePassword([Required, FromBody] UserPasswordChangeResource user) { if (user.Username == null || user.Password == null || user.NewPassword == null) { throw new WrongUserCredentialsException("The supplied username or password is null."); } await _service.ChangePassword(user); return(new NoContentResult()); }