public async Task <IActionResult> ChangePassword([FromBody] ChangePasswordBody body)
{
if (string.IsNullOrEmpty(body.Username))
{
return(BadRequest("Username not specified"));
}
if (string.IsNullOrEmpty(body.Password))
{
return(BadRequest("Password not specified"));
}
var normalizedUsername = UsernameNormalizer.Normalize(body.Username);
if (!await authenticationModule.ExistsAsync(normalizedUsername))
{
return(NotFound($"User '{normalizedUsername}' not found"));
}
// Authroize
var loggedInUsername = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name);
var authorizationResult = await authorizationModule.AuthorizeAsync(
new ManageUserResourceDescription(normalizedUsername, UserManagementActionType.ChangePassword),
loggedInUsername);
if (!authorizationResult.IsAuthorized)
{
return(StatusCode((int)HttpStatusCode.Unauthorized, "Not authorized"));
}
// Execute
if (!await authenticationModule.ChangePasswordAsync(normalizedUsername, body.Password))
{
return(StatusCode((int)HttpStatusCode.InternalServerError, "Could not update password"));
}
return(Ok());
}
