public async Task <BaseHttpActionResult> ChangePassword([Required] ChangePasswordViewModel changePasswordViewModel)
{
//load user using username and provided password
var user = await _repo.FindUser(this.User.Identity.GetUserName(), changePasswordViewModel.CurrentPassword);
if (user == null)
{
return(ErrorHttpActionResult.GenerateBadRequest("The current password is invalid"));
}
IdentityResult result = await _repo.ChangePassword(user.Id, changePasswordViewModel.CurrentPassword, changePasswordViewModel.NewPassword);
return(GetResult(result));
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (IAuthenticationRepository _repo = NinjectWebCommon.Load <IAuthenticationRepository>())
{
IdentityUserDTO user = await _repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("The username or password is incorrect.", null);
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id));
context.Validated(identity);
}
}
