public async Task <bool> ChangeUserPasswordAsync(ChangeUserPasswordRequest changeUserPasswordRequest)
{
var userId = _authenticateService.GetUserId();
var userResponse = await _userRepository.GetUserByIdAsync(userId);
var passwordResult = _passwordHashService.Verify(userResponse.Password, changeUserPasswordRequest.Password);
if (!passwordResult)
{
throw new ArgumentException(string.Format(ValidationMessages.Invalid, nameof(changeUserPasswordRequest.Password)));
}
var changePasswordResponse = await _loginRepository.UpdatePasswordAsync(userResponse.Id, _passwordHashService.Hash(changeUserPasswordRequest.NewPassword));
return(changePasswordResponse > 0);
}
public User SignIn(string email, string password)
{
bool isAutenticated = false;
var user = _storage.GetByEmailOrDefault(email);
if (user != null)
{
isAutenticated = _passwordHashService.Verify(password, user.Password);
}
// Note for tech test reviewer: I'm returning the same exception as if email doesnt exist and if the password doesnt match.
// If I was in a work situation I'd question these reqs because they say throw 401 for invalid password
// In my opinion it think its a security flaw if you return different messages because someone could guess email address
// they will know its in your system if there's different error code
if (!isAutenticated)
{
throw new InvalidEmailAndPasswordException();
}
return(UpdateLastLogin(user));
}
