public async Task <IActionResult> ChangePassword([FromBody] ChangePasswordBody body)
{
if (string.IsNullOrEmpty(body.Username))
{
return(BadRequest("Username not specified"));
}
if (string.IsNullOrEmpty(body.Password))
{
return(BadRequest("Password not specified"));
}
var normalizedUsername = UsernameNormalizer.Normalize(body.Username);
if (!await authenticationModule.ExistsAsync(normalizedUsername))
{
return(NotFound($"User '{normalizedUsername}' not found"));
}
// Authroize
var loggedInUsername = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name);
var authorizationResult = await authorizationModule.AuthorizeAsync(
new ManageUserResourceDescription(normalizedUsername, UserManagementActionType.ChangePassword),
loggedInUsername);
if (!authorizationResult.IsAuthorized)
{
return(StatusCode((int)HttpStatusCode.Unauthorized, "Not authorized"));
}
// Execute
if (!await authenticationModule.ChangePasswordAsync(normalizedUsername, body.Password))
{
return(StatusCode((int)HttpStatusCode.InternalServerError, "Could not update password"));
}
return(Ok());
}
public async Task <IActionResult> ChangePassword([FromBody] ChangePasswordBody body)
{
if (body.NewPassword == body.RePassword)
{
var result = await userManager.ChangePasswordAsync(CurrentUser, body.Password, body.NewPassword);
if (result.Succeeded)
{
return(Success());
}
return(IdentityError(result));
}
return(BadRequest("Mật khẩu không chính xác"));
}
public async Task <IActionResult> ChangeAsync([FromBody, Required] ChangePasswordBody changePasswordData, [FromHeader(Name = "Authorization")] string authorization = null)
{
string newPass = Encryption.Decrypt(changePasswordData.NewPassword);
string oldPass = Encryption.Decrypt(changePasswordData.OldPassword);
if (!Utils.IsValidPassword(changePasswordData.NewPassword))
{
return(BadRequest(new ErrorResponse {
Error = "Invalid new password"
}));
}
bool withOldPass = oldPass != null;
bool withResetCode = !string.IsNullOrWhiteSpace(changePasswordData.ResetCode);
if (!withOldPass && !withResetCode)
{
return(BadRequest(new ErrorResponse {
Error = "Missing old password or reset code"
}));
}
if (withOldPass && withResetCode)
{
return(BadRequest(new ErrorResponse {
Error = "Requests shouldn't contain old password and reset code"
}));
}
if (withResetCode && string.IsNullOrWhiteSpace(changePasswordData.Email))
{
return(BadRequest(new ErrorResponse {
Error = "Requests with reset code require email"
}));
}
User user;
if (withOldPass)
{
var validation = Token.ValidateAuthorization(authorization);
if (!validation.IsValid)
{
return(BadRequest(validation.Result));
}
user = await _context.Users.FirstOrDefaultAsync(x => x.Token == validation.Token);
if (user == null)
{
return(NotFound(new ErrorResponse {
Error = "Token not found"
}));
}
if (user.Password != Hash.Process(oldPass, user.PasswordSalt))
{
return(BadRequest(new ErrorResponse {
Error = "Old password is wrong"
}));
}
}
else
{
if (!Utils.IsValidEmail(changePasswordData.Email))
{
return(BadRequest(new ErrorResponse {
Error = "Invalid email"
}));
}
var resetRequest = await _context.ForgotPasswordRequests.FirstOrDefaultAsync(x => x.Code == changePasswordData.ResetCode);
if (resetRequest == null)
{
return(BadRequest(new ErrorResponse {
Error = "Invalid reset code"
}));
}
user = resetRequest.User;
if (!user.Email.Equals(changePasswordData.Email, StringComparison.InvariantCultureIgnoreCase))
{
return(BadRequest(new ErrorResponse {
Error = "Invalid reset code"
}));
}
if (resetRequest.RequestDate < DateTimeOffset.UtcNow.Subtract(Code.LifeSpan))
{
return(BadRequest(new ErrorResponse {
Error = "Invalid reset code"
}));
}
_context.ForgotPasswordRequests.Remove(resetRequest);
}
string salt = Hash.GenerateSalt();
user.Password = Hash.Process(newPass, salt);
user.PasswordSalt = salt;
await _context.SaveChangesAsync();
return(Ok());
}
