public IActionResult ResetPassword(CustomerChangePasswordWithOTPConfirm model)
{
var resetPasswordResult = _customerService.ChangePasswordWithOTPConfirm(model);
if (resetPasswordResult == CustomerService.ERROR_INVALID_OTP)
{
return(BadRequest(resetPasswordResult));
}
if (resetPasswordResult == CustomerService.ERROR_NOT_FOUND_CUSTOMER)
{
return(StatusCode((int)HttpStatusCode.NotAcceptable, resetPasswordResult));
}
return(Ok());
}
public string ChangePasswordWithOTPConfirm(CustomerChangePasswordWithOTPConfirm model)
{
var validOtp = _oTPRepository.Get(x =>
x.Deleted == false &&
x.Code == model.OTP &&
x.ExpiredAtUTC > DateTime.UtcNow &&
x.PhoneNo == model.PhoneNumber
);
if (validOtp == null)
{
return(ERROR_INVALID_OTP);
}
//Find existed customer -> update this customer
var existedCustomer = _customerRepository.Get(x =>
x.Deleted == false &&
x.PhoneNumber == model.PhoneNumber
);
if (existedCustomer == null)
{
return(ERROR_NOT_FOUND_CUSTOMER);
}
//Generate new password hash
byte[] salt = new byte[128 / 8];
using (var randomNumberGenerator = RandomNumberGenerator.Create())
{
randomNumberGenerator.GetBytes(salt);
}
existedCustomer.PasswordHash = HashPassword(model.Password, salt);
existedCustomer.SaltPasswordHash = Convert.ToBase64String(salt);
_customerRepository.Update(existedCustomer);
_unitOfWork.CommitChanges();
return(string.Empty);
}
