public GenericStatusMessage ChangePassword([FromBody] PasswordChangePayload payload)
{
long?userId = AuthenticationService.IsAuthorized(Request, UserRole.Coach, UserRole.RoomOwner);
if (userId == null)
{
Response.StatusCode = 401;
return(new GenericStatusMessage(false));
}
else
{
UserManipulationService userManipulationService = new UserManipulationService();
GenericStatusMessage message = userManipulationService.ChangePassword(payload, userId.Value);
Response.StatusCode = message.Success ? 200 : 401;
return(message);
}
}
public GenericStatusMessage ChangePassword(PasswordChangePayload payload, long userId)
{
using (ReservationDataContext context = new ReservationDataContext())
{
User user = context.Users.Single(x => x.Id == userId);
bool correctPassword = PasswordHasher.Validate(payload.CurrentPassword, user.PasswordHash);
if (!correctPassword)
{
Logger.Debug($"{user.Username} failed to change password due to incorrect password.");
return(new GenericStatusMessage(false, "Password incorrect."));
}
else if (payload.NewPassword != payload.NewPasswordAgain)
{
Logger.Debug($"{user.Username} failed to change password due to mismatching passwords.");
return(new GenericStatusMessage(false, "Passwords do not match."));
}
user.PasswordHash = PasswordHasher.Create(payload.NewPassword);
context.SaveChanges();
return(new GenericStatusMessage(true));
}
}
