public async Task <IActionResult> ForceAccountActivateAsync([FromBody] ForceChangePassInput input) { try { if (input == null) { return(BadRequest()); } //IMPORTANT //make sure the extra security token is allowed, as this api can change pass for any user var cfg = Cartomatic.Utils.NetCoreConfig.GetNetCoreConfig(); var token = cfg.GetSection("AccessTokens:Auth").Get <string>(); if (token != input.Token) { return(StatusCode((int)HttpStatusCode.Unauthorized)); } var user = await GetDefaultDbContext().Users.AsNoTracking().FirstOrDefaultAsync(u => u.Uuid == input.UserId); if (user.IsAccountVerified) { return(BadRequest("Account already active")); } var output = await Auth.ForceActivateAccountAsync(input.UserId); user.IsAccountVerified = true; Cartomatic.Utils.Identity.ImpersonateUserViaHttpContext(user.Uuid); //nee to impersonate, as otherwise dbctx will fail to save changes! await user.UpdateAsync(GetDefaultDbContext()); return(Ok(output)); } catch (Exception ex) { return(HandleException(ex)); } }
public async Task <IActionResult> ForceChangePasswordAsync([FromBody] ForceChangePassInput input) { try { //IMPORTANT //make sure the extra security token is allowed, as this api can change pass for any user var cfg = Cartomatic.Utils.NetCoreConfig.GetNetCoreConfig(); var token = cfg.GetSection("AccessTokens:Auth").Get <string>(); if (token != input.Token) { return(StatusCode((int)HttpStatusCode.Unauthorized)); } var output = await Auth.ForceResetPasswordAsync(input.UserId, input.NewPass); return(Ok(output)); } catch (Exception ex) { return(HandleException(ex)); } }