public IActionResult ResetPassword(CustomerChangePasswordWithOTPConfirm model) { var resetPasswordResult = _customerService.ChangePasswordWithOTPConfirm(model); if (resetPasswordResult == CustomerService.ERROR_INVALID_OTP) { return(BadRequest(resetPasswordResult)); } if (resetPasswordResult == CustomerService.ERROR_NOT_FOUND_CUSTOMER) { return(StatusCode((int)HttpStatusCode.NotAcceptable, resetPasswordResult)); } return(Ok()); }
public string ChangePasswordWithOTPConfirm(CustomerChangePasswordWithOTPConfirm model) { var validOtp = _oTPRepository.Get(x => x.Deleted == false && x.Code == model.OTP && x.ExpiredAtUTC > DateTime.UtcNow && x.PhoneNo == model.PhoneNumber ); if (validOtp == null) { return(ERROR_INVALID_OTP); } //Find existed customer -> update this customer var existedCustomer = _customerRepository.Get(x => x.Deleted == false && x.PhoneNumber == model.PhoneNumber ); if (existedCustomer == null) { return(ERROR_NOT_FOUND_CUSTOMER); } //Generate new password hash byte[] salt = new byte[128 / 8]; using (var randomNumberGenerator = RandomNumberGenerator.Create()) { randomNumberGenerator.GetBytes(salt); } existedCustomer.PasswordHash = HashPassword(model.Password, salt); existedCustomer.SaltPasswordHash = Convert.ToBase64String(salt); _customerRepository.Update(existedCustomer); _unitOfWork.CommitChanges(); return(string.Empty); }