public async Task <IActionResult> ChangePassword([FromBody] ChangePasswordBody body) { if (string.IsNullOrEmpty(body.Username)) { return(BadRequest("Username not specified")); } if (string.IsNullOrEmpty(body.Password)) { return(BadRequest("Password not specified")); } var normalizedUsername = UsernameNormalizer.Normalize(body.Username); if (!await authenticationModule.ExistsAsync(normalizedUsername)) { return(NotFound($"User '{normalizedUsername}' not found")); } // Authroize var loggedInUsername = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name); var authorizationResult = await authorizationModule.AuthorizeAsync( new ManageUserResourceDescription(normalizedUsername, UserManagementActionType.ChangePassword), loggedInUsername); if (!authorizationResult.IsAuthorized) { return(StatusCode((int)HttpStatusCode.Unauthorized, "Not authorized")); } // Execute if (!await authenticationModule.ChangePasswordAsync(normalizedUsername, body.Password)) { return(StatusCode((int)HttpStatusCode.InternalServerError, "Could not update password")); } return(Ok()); }
public async Task <IActionResult> ChangePassword([FromBody] ChangePasswordBody body) { if (body.NewPassword == body.RePassword) { var result = await userManager.ChangePasswordAsync(CurrentUser, body.Password, body.NewPassword); if (result.Succeeded) { return(Success()); } return(IdentityError(result)); } return(BadRequest("Mật khẩu không chính xác")); }
public async Task <IActionResult> ChangeAsync([FromBody, Required] ChangePasswordBody changePasswordData, [FromHeader(Name = "Authorization")] string authorization = null) { string newPass = Encryption.Decrypt(changePasswordData.NewPassword); string oldPass = Encryption.Decrypt(changePasswordData.OldPassword); if (!Utils.IsValidPassword(changePasswordData.NewPassword)) { return(BadRequest(new ErrorResponse { Error = "Invalid new password" })); } bool withOldPass = oldPass != null; bool withResetCode = !string.IsNullOrWhiteSpace(changePasswordData.ResetCode); if (!withOldPass && !withResetCode) { return(BadRequest(new ErrorResponse { Error = "Missing old password or reset code" })); } if (withOldPass && withResetCode) { return(BadRequest(new ErrorResponse { Error = "Requests shouldn't contain old password and reset code" })); } if (withResetCode && string.IsNullOrWhiteSpace(changePasswordData.Email)) { return(BadRequest(new ErrorResponse { Error = "Requests with reset code require email" })); } User user; if (withOldPass) { var validation = Token.ValidateAuthorization(authorization); if (!validation.IsValid) { return(BadRequest(validation.Result)); } user = await _context.Users.FirstOrDefaultAsync(x => x.Token == validation.Token); if (user == null) { return(NotFound(new ErrorResponse { Error = "Token not found" })); } if (user.Password != Hash.Process(oldPass, user.PasswordSalt)) { return(BadRequest(new ErrorResponse { Error = "Old password is wrong" })); } } else { if (!Utils.IsValidEmail(changePasswordData.Email)) { return(BadRequest(new ErrorResponse { Error = "Invalid email" })); } var resetRequest = await _context.ForgotPasswordRequests.FirstOrDefaultAsync(x => x.Code == changePasswordData.ResetCode); if (resetRequest == null) { return(BadRequest(new ErrorResponse { Error = "Invalid reset code" })); } user = resetRequest.User; if (!user.Email.Equals(changePasswordData.Email, StringComparison.InvariantCultureIgnoreCase)) { return(BadRequest(new ErrorResponse { Error = "Invalid reset code" })); } if (resetRequest.RequestDate < DateTimeOffset.UtcNow.Subtract(Code.LifeSpan)) { return(BadRequest(new ErrorResponse { Error = "Invalid reset code" })); } _context.ForgotPasswordRequests.Remove(resetRequest); } string salt = Hash.GenerateSalt(); user.Password = Hash.Process(newPass, salt); user.PasswordSalt = salt; await _context.SaveChangesAsync(); return(Ok()); }