public async Task <UserDTO> UpdatePasswordAsync(UserPasswordPutRequest model, UserManager <ApplicationUser> userManager, ClaimsPrincipal currentUser)
{
try
{
var appUser = await userManager.FindByIdAsync(model.Id.ToString());
if (appUser == null)
{
throw new Exception($"No existe el usuario con id {model.Id}");
}
ApplicationUser user = await userManager.GetUserAsync(currentUser);
if ((!await userManager.IsInRoleAsync(user, "SuperUser") && await userManager.IsInRoleAsync(appUser, "SuperUser")) ||
(!model.IsProfile && !await userManager.IsInRoleAsync(user, "SuperUser") && await userManager.IsInRoleAsync(appUser, "Admin")))
{
throw new Exception($"No tienes permisos para editar el usuario {appUser.UserName}");
}
var passwordResult = await userManager.ChangePasswordAsync(appUser, model.OldPassword, model.Password);
if (!passwordResult.Succeeded)
{
throw new Exception($"ERROR actualizando la contraseña - {passwordResult.Errors}");
}
return(await ModelToDTOAsync(appUser, userManager));
}
catch (Exception e)
{
throw new Exception(e.Message);
}
}
public async Task <IActionResult> UpdatePassword(UserPasswordPutRequest model)
{
try
{
if (!ModelState.IsValid)
{
throw new Exception("Petición de actualización inválida");
}
ClaimsPrincipal currentUser = User;
return(Ok(await _userService.UpdatePasswordAsync(model, _userManager, currentUser)));
}
catch (Exception e)
{
return(StatusCode(500, e.Message));
}
}
public async Task <UserModel> PasswordPut([FromBody] UserPasswordPutRequest request)
{
return(await Store.PasswordSetAsync(request.Identifier, request.Password));
}
