public async Task <IActionResult> ChangePassword([FromBody] ChangePasswordBody body) { if (string.IsNullOrEmpty(body.Username)) { return(BadRequest("Username not specified")); } if (string.IsNullOrEmpty(body.Password)) { return(BadRequest("Password not specified")); } var normalizedUsername = UsernameNormalizer.Normalize(body.Username); if (!await authenticationModule.ExistsAsync(normalizedUsername)) { return(NotFound($"User '{normalizedUsername}' not found")); } // Authroize var loggedInUsername = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name); var authorizationResult = await authorizationModule.AuthorizeAsync( new ManageUserResourceDescription(normalizedUsername, UserManagementActionType.ChangePassword), loggedInUsername); if (!authorizationResult.IsAuthorized) { return(StatusCode((int)HttpStatusCode.Unauthorized, "Not authorized")); } // Execute if (!await authenticationModule.ChangePasswordAsync(normalizedUsername, body.Password)) { return(StatusCode((int)HttpStatusCode.InternalServerError, "Could not update password")); } return(Ok()); }