Example #1
0
        public async Task <IActionResult> Post([FromBody] ChangePasswordModel model)
        {
            // Validate the request
            if (model == null)
            {
                _logger.LogWarning("Null model");

                return(BadRequest(ApiResult.InvalidRequest()));
            }

            if (model.NewPassword != model.NewPasswordVerify)
            {
                _logger.LogWarning("Invalid model, passwords don't match");

                return(BadRequest(ApiResult.InvalidRequest()));
            }

            // Validate the model
            if (ModelState.IsValid == false)
            {
                _logger.LogWarning("Invalid model, validation failed");

                return(BadRequest(ApiResult.FromModelStateErrors(ModelState)));
            }

            // Validate the Captcha
            try
            {
                if (await ValidateRecaptcha(model.Recaptcha).ConfigureAwait(false) == false)
                {
                    throw new InvalidOperationException("Invalid Recaptcha response");
                }
            }
            catch (Exception ex)
            {
                _logger.LogWarning(ex, "Invalid Recaptcha");
                return(BadRequest(ApiResult.InvalidCaptcha()));
            }

            var result = new ApiResult();

            try
            {
                if (_options.MinimumScore > 0 && Zxcvbn.MatchPassword(model.NewPassword).Score < _options.MinimumScore)
                {
                    result.Errors.Add(new ApiErrorItem(ApiErrorCode.MinimumScore));
                    return(BadRequest(result));
                }

                var resultPasswordChange = _passwordChangeProvider.PerformPasswordChange(
                    model.Username,
                    model.CurrentPassword,
                    model.NewPassword);

                if (resultPasswordChange == null)
                {
                    return(Json(result));
                }
                result.Errors.Add(resultPasswordChange);
            }
            catch (Exception ex)
            {
                _logger.LogError(ex, "Failed to update password");

                result.Errors.Add(new ApiErrorItem(ApiErrorCode.Generic, ex.Message));
            }

            return(BadRequest(result));
        }
Example #2
0
 public void EmptyPassword()
 {
     Zxcvbn.MatchPassword("").Entropy.Should().Be(0);
 }