public async Task <IActionResult> ChangePassword([FromBody] ChangePasswordDto dto)
{
ChangePasswordDtoValidator validator = new ChangePasswordDtoValidator();
ValidationResult result = await validator.ValidateAsync(dto);
if (result.IsValid)
{
var userId = User.Claims
.Single(p => p.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value;
var user = await _userManager.FindByIdAsync(userId);
#region 驗證密碼
if (!await _userManager.CheckPasswordAsync(user, dto.CurrentPassword))
{
result.Errors.Add(new ValidationFailure("currentPassword", "目前密碼錯誤"));
return(BadRequest(result.Errors));
}
#endregion
await using (var transaction = await _dbContext.Database.BeginTransactionAsync())
{
try
{
var oldSecurityStamp = user.SecurityStamp;
if (await _userManager.ChangePasswordAsync(user, dto.CurrentPassword, dto.NewPassword) != IdentityResult.Success)
{
throw new DbUpdateException();
}
if (await _userManager.ReplaceClaimAsync(user, new Claim(ClaimTypes.Sid, oldSecurityStamp), new Claim(ClaimTypes.Sid, user.SecurityStamp)) != IdentityResult.Success)
{
throw new DbUpdateException();
}
await transaction.CommitAsync();
}
catch (DbUpdateException)
{
await transaction.RollbackAsync();
throw;
}
}
return(NoContent());
}
return(BadRequest(result.Errors));
}
public void Setup()
{
_validator = new ChangePasswordDtoValidator();
}
