public async Task <IActionResult> UpdateUserAsUser(UserForUpdateAsUserDto userForUpdate) { User user = await _repo.GetUser(userForUpdate.Id); //check if password is not null and between <5, 15> if (!String.IsNullOrEmpty(userForUpdate.Password) && (userForUpdate.Password.Length < 5 || userForUpdate.Password.Length > 15)) { return(BadRequest("Password needs to be between 5 and 15 characters")); } //if email is not same check if new email already exists if (user.Email != userForUpdate.Email.ToLower()) { if (await _auth.EmailExists(userForUpdate.Email.ToLower())) { return(BadRequest("Email already in use")); } } if (await _repo.UpdateUserAsUser(userForUpdate)) { userForUpdate.Password = ""; return(Ok(userForUpdate)); } return(Unauthorized()); }
/// <summary> /// Updates less info for user /// </summary> /// <param name="user"> User for update</param> /// <returns></returns> public async Task <bool> UpdateUserAsUser(UserForUpdateAsUserDto user) { SqlParameter[] parameters = new SqlParameter[] { new SqlParameter { ParameterName = "@userId", DbType = DbType.Int32, Direction = ParameterDirection.Input, Value = user.Id }, new SqlParameter { ParameterName = "@password", DbType = DbType.String, Direction = ParameterDirection.Input, Value = user.Password }, new SqlParameter { ParameterName = "@email", DbType = DbType.String, Direction = ParameterDirection.Input, Value = user.Email.ToLower() }, new SqlParameter { ParameterName = "@response", DbType = DbType.Boolean, Direction = ParameterDirection.Output } }; await _context.Database.ExecuteSqlCommandAsync("EXECUTE UpdateUserAsUser @userId, @password, @email, @response OUT", parameters); return((bool)parameters[parameters.Length - 1].Value); }