public async Task <bool> ChangeUserPasswordAsync(ChangeUserPasswordRequest changeUserPasswordRequest) { var userId = _authenticateService.GetUserId(); var userResponse = await _userRepository.GetUserByIdAsync(userId); var passwordResult = _passwordHashService.Verify(userResponse.Password, changeUserPasswordRequest.Password); if (!passwordResult) { throw new ArgumentException(string.Format(ValidationMessages.Invalid, nameof(changeUserPasswordRequest.Password))); } var changePasswordResponse = await _loginRepository.UpdatePasswordAsync(userResponse.Id, _passwordHashService.Hash(changeUserPasswordRequest.NewPassword)); return(changePasswordResponse > 0); }
public User SignIn(string email, string password) { bool isAutenticated = false; var user = _storage.GetByEmailOrDefault(email); if (user != null) { isAutenticated = _passwordHashService.Verify(password, user.Password); } // Note for tech test reviewer: I'm returning the same exception as if email doesnt exist and if the password doesnt match. // If I was in a work situation I'd question these reqs because they say throw 401 for invalid password // In my opinion it think its a security flaw if you return different messages because someone could guess email address // they will know its in your system if there's different error code if (!isAutenticated) { throw new InvalidEmailAndPasswordException(); } return(UpdateLastLogin(user)); }