Example #1
0
        public HttpResponseMessage ChangePassword(string id, [FromBody] AccountDetailsModel details)
        {
            if ((details.Email ?? "").Length == 0 || (details.Password ?? "").Length == 0 || (details.NewPassword ?? "").Length == 0)
            {
                throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.BadRequest));
            }
            if (User.Identity.UserId() == id)
            {
                IUser profile = repository.GetUser(id);
                if (profile != null)
                {
                    // Ensure the email of the user logged in is being used
                    if (profile.Email != details.Email)
                    {
                        throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden));
                    }
                    // User must supply existing password to change his email address. Valid password and existing email
                    try
                    {
                        accountBusiness.SignIn(profile.Email, details.Password);
                    }
                    catch (InvalidEmailOrPasswordException)
                    {
                        throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden));
                    }

                    // Retrieve the user credentials
                    Domain.ICredentials credentials = repository.GetCredentials(profile.Email);

                    if (credentials != null)
                    {
                        credentials.Password = details.NewPassword;

                        // Save user credentials
                        accountBusiness.ChangePassword(profile, credentials);

                        HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.OK, profile);
                        response.Headers.Location = new Uri(Request.RequestUri, "/api/account/" + id);
                        return(response);
                    }
                }

                // No such user or user has no credentials
                throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.NotFound));
            }
            throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden));
        }