public async Task <IHttpActionResult> ChangePassword(ChangePassInput input) { //Note: basically this is a pass reset request, so NO need to inform a potential attacker about exceptions - always return ok! try { var resetPassSuccess = await Auth.ChangePasswordAsync(CustomUserAccountService.GetInstance("MapHiveMbr"), input.NewPass, input.OldPass); return(Ok(resetPassSuccess)); } catch (Exception ex) { return(HandleException(ex)); } }
public async Task <IActionResult> ChangePasswordAsync([FromBody] ChangePassInput input) { //Note: basically this is a pass reset request, so NO need to inform a potential attacker about exceptions - always return ok! try { var resetPassSuccess = await Auth.ChangePasswordAsync(input.NewPass, input.OldPass); return(Ok(resetPassSuccess)); } catch (Exception ex) { return(HandleException(ex)); } }
public IActionResult ChangePassword(ChangePassInput changePassInput) { var user = _authHandler.UserFromClaimsPrincipal(User); if (string.IsNullOrWhiteSpace(changePassInput.OldPassword) || string.IsNullOrWhiteSpace(changePassInput.NewPassword)) { _logger.LogInformation("Old or new Password is null or empty."); _logger.LogInformation($"Terminating session. User: {user.Uuid}" + $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}"); _authHandler.TerminateSession(user); return(BadRequest()); } if (changePassInput.OldPassword.Length > 64 || changePassInput.NewPassword.Length > 64) { _logger.LogInformation("Old or new password length exceeds permitted length."); _logger.LogInformation($"Terminating session. User: {user.Uuid}" + $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}"); _authHandler.TerminateSession(user); return(BadRequest()); } user.Password = changePassInput.OldPassword; if (_authHandler.ChangePassword(user, changePassInput.NewPassword)) { _activityLogger.LogChangePassword(Request.HttpContext.Connection.RemoteIpAddress, user); return(Ok()); } _logger.LogInformation("Auth handler rejected password change."); _logger.LogInformation($"Terminating session. User: {user.Uuid}" + $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}"); _authHandler.TerminateSession(user); return(BadRequest()); }