Exemple #1
0
        public IActionResult ChangePassword(ChangePassInput changePassInput)
        {
            var user = _authHandler.UserFromClaimsPrincipal(User);

            if (string.IsNullOrWhiteSpace(changePassInput.OldPassword) ||
                string.IsNullOrWhiteSpace(changePassInput.NewPassword))
            {
                _logger.LogInformation("Old or new Password is null or empty.");

                _logger.LogInformation($"Terminating session. User: {user.Uuid}" +
                                       $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
                _authHandler.TerminateSession(user);

                return(BadRequest());
            }

            if (changePassInput.OldPassword.Length > 64 || changePassInput.NewPassword.Length > 64)
            {
                _logger.LogInformation("Old or new password length exceeds permitted length.");

                _logger.LogInformation($"Terminating session. User: {user.Uuid}" +
                                       $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
                _authHandler.TerminateSession(user);

                return(BadRequest());
            }

            user.Password = changePassInput.OldPassword;

            if (_authHandler.ChangePassword(user, changePassInput.NewPassword))
            {
                _activityLogger.LogChangePassword(Request.HttpContext.Connection.RemoteIpAddress, user);
                return(Ok());
            }

            _logger.LogInformation("Auth handler rejected password change.");
            _logger.LogInformation($"Terminating session. User: {user.Uuid}" +
                                   $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
            _authHandler.TerminateSession(user);
            return(BadRequest());
        }