/// <summary>
/// Changes the password of the specified user
/// </summary>
/// <param name="username">the username of the user</param>
/// <param name="oldPassword">old password for user</param>
/// <param name="newPassword">new password for user</param>
/// <param name="confirmPassword">confirmed new password for user</param>
/// <returns></returns>
public Status <User> ChangePassword(string username, string oldPassword, string newPassword, string confirmPassword)
{
if (confirmPassword != newPassword)
{
return(Status <User> .ValidationError <User>(null, "ConfirmPassword", "Passwords do not match"));
}
using (var context = new RentlerContext())
{
// get user whose password needs to be reset
var userStatus = GetUser(username, context);
if (userStatus.StatusCode != 200)
{
return(userStatus);
}
var user = userStatus.Result;
if (user.PasswordHash != FormsAuthentication.HashPasswordForStoringInConfigFile(oldPassword, "SHA1"))
{
return(Status <User> .ValidationError <User>(null, "OldPassword", "Old Password is incorrect"));
}
try
{
// reset password
user.PasswordHash = FormsAuthentication.HashPasswordForStoringInConfigFile(newPassword, "SHA1");
context.SaveChanges();
// notify user by email that their password was changed successfully.
EmailChangePasswordModel model = new EmailChangePasswordModel()
{
Name = string.Format("{0} {1}", user.FirstName, user.LastName),
To = user.Email
};
mailer.ChangePassword(model);
return(Status <User> .OK(user));
}
catch (Exception ex)
{
// TODO: log exception
return(Status.Error <User>("System was unable to change password", null));
}
}
}
public ActionResult ChangePassword(EmailChangePasswordModel model)
{
var status = mailer.ChangePassword(model);
return(Json(status, JsonRequestBehavior.AllowGet));
}
