public async Task <JsonResult> CurrentUserChangePassword(PegaUser user)
{
if (user.NewChangedPassword.Length < 8 || user.NewChangedPassword.Length > 30)
{
return(Json(ResultsItem.Error("Password changed failed: Password length must be from 8 - 30 characters.")));
}
if (user.NewChangedPassword != user.ConfirmNewChangedPassword)
{
return(Json(ResultsItem.Error("Passwords does not match.")));
}
if (CurrentUser.Username != user.Username)
{
return(Json(ResultsItem.Error("Username does not match.")));
}
// do-later: check if current pw is valid first. if (!AuthorizationLogic.AuthorizeUser(CurrentUser.Username, user.Password))
// Change password
var pwChangeResult = await AuthorizationLogic.ChangePassword(user.Username, user.NewChangedPassword);
if (!pwChangeResult.IsSuccess)
{
return(Json(pwChangeResult));
}
HttpContext.Session.Clear();
string successMessage = "Your password has been successfully reset. Please login again";
TempData["message"] = successMessage;
return(Json(ResultsItem.Success(successMessage)));
}
public async Task <JsonResult> ChooseNewResetPassword(PasswordUpdateRequest passRequest)
{
if (passRequest.NewPassword.Length < 8 || passRequest.NewPassword.Length > 30)
{
return(Json(ResultsItem.Error("Password changed failed: Password length must be from 8 - 30 characters.")));
}
if (passRequest.NewPassword != passRequest.ConfirmNewPassword)
{
return(Json(ResultsItem.Error("Passwords does not match.")));
}
PasswordUpdateRequest savedRequest = TempData["ResetPasswordRequest"] == null ? null : Utilities.Deserialize <PasswordUpdateRequest>(TempData["ResetPasswordRequest"].ToString());
if (savedRequest == null || string.IsNullOrEmpty(savedRequest.AuthenticationHash))
{
return(Json(ResultsItem.Error("Password reset form expired. Please request another password reset.")));
}
if (savedRequest.Username != passRequest.Username)
{
return(Json(ResultsItem.Error("Passwords does not match.")));
}
if (Utilities.GenerateHmacSHA256Hash($"{savedRequest.Username}{savedRequest.EmailAuthCode}_ptpwresetreq", "PTPWRESET") != passRequest.AuthenticationHash)
{
return(Json(ResultsItem.Error("Authentication failed.")));
}
// Change password
var pwChangeResult = await AuthorizationLogic.ChangePassword(passRequest.Username, passRequest.NewPassword);
if (!pwChangeResult.IsSuccess)
{
return(Json(pwChangeResult));
}
string successMessage = "Your password has been successfully reset. Please login again";
TempData["message"] = successMessage;
return(Json(ResultsItem.Success(successMessage)));
}
