public async Task <ActionResultResponse> UpdatePassword(string userId, UpdatePasswordMeta updatePasswordMeta)
{
var accountInfo = await _userAccountRepository.GetInfo(userId);
if (accountInfo == null)
{
return(new ActionResultResponse(-1, _sharedResourceService.GetString("You do not have permission to do this action.")));
}
var oldPasswordSalt = accountInfo.PasswordSalt;
var oldPasswordHash = Generate.GetInputPasswordHash(updatePasswordMeta.OldPassword.Trim(), oldPasswordSalt);
if (Convert.ToBase64String(oldPasswordHash) != accountInfo.PasswordHash)
{
return(new ActionResultResponse(-2, _resourceService.GetString("Old password does not match.")));
}
var passwordSalt = Generate.GenerateRandomBytes(Generate.PasswordSaltLength);
var passwordHash = Generate.GetInputPasswordHash(updatePasswordMeta.NewPassword.Trim(), passwordSalt);
accountInfo.PasswordSalt = passwordSalt;
accountInfo.PasswordHash = Convert.ToBase64String(passwordHash);
var result = await _userAccountRepository.UpdatePassword(userId, accountInfo.PasswordSalt, accountInfo.PasswordHash);
return(new ActionResultResponse(result, result > 0
? _resourceService.GetString("Change password successful.")
: _sharedResourceService.GetString("Something went wrong. Please contact with administrator.")));
}
public async Task <IActionResult> UpdatePassword([FromBody] UpdatePasswordMeta updatePasswordMeta)
{
var result = await _userAccountService.UpdatePassword(CurrentUser.Id, updatePasswordMeta);
if (result.Code < 0)
{
return(BadRequest(result));
}
return(Ok(result));
}