public async Task <IActionResult> ChangePassword(int id, AccountForChangePWDTO account)
{
if (User.FindFirst(ClaimTypes.NameIdentifier).Value == null)
{
return(Unauthorized());
}
if (id != int.Parse(User.FindFirst(ClaimTypes.NameIdentifier).Value))
{
return(Unauthorized());
}
var accountFromDb = await _repo.GetUser(id);
if (accountFromDb == null)
{
return(NotFound());
}
var updatedAccount = await _repo.ChangePassword(account);
if (updatedAccount == null)
{
return(BadRequest("Wrong old password"));
}
if (await _repo.SaveAll())
{
return(NoContent());
}
throw new Exception($"Error on updating account {id} password");
}
public async Task <Account> ChangePassword(AccountForChangePWDTO account)
{
var accountFromDb = await GetUser(account.Username);
if (!ComparePassword(account.OldPassword, accountFromDb.PasswordHash, accountFromDb.PasswordSalt))
{
return(null);
}
byte[] hasedPassword, passwordSalt;
CreateHashedPassword(account.NewPassword, out hasedPassword, out passwordSalt);
accountFromDb.PasswordHash = hasedPassword;
accountFromDb.PasswordSalt = passwordSalt;
await UpdateUser(accountFromDb);
return(accountFromDb);
}
