public PasswordChangeResponse ChangeOwnPassword(PasswordChangeRequest request) { if (request == null) { throw new ArgumentNullException(nameof(request)); } using (var tran = transactionCreator.GetTransaction()) { var user = userReader.RequireCurrentUser(); if (!IsExistingPasswordCorrect(request.ExistingPassword, user)) { return new PasswordChangeResponse { ExistingPasswordIncorrect = true } } ; if (request.ConfirmNewPassword != request.NewPassword) { return new PasswordChangeResponse { NewPasswordDoesNotMatchConfirmation = true } } ; if (!policy.IsPasswordOk(request.NewPassword, user)) { return new PasswordChangeResponse { NewPasswordDoesNotSatisfyPolicy = true } } ; updater.ChangePassword(user, request.NewPassword); tran.Commit(); } return(new PasswordChangeResponse()); } bool IsExistingPasswordCorrect(string password, User user) { var credentials = new LoginCredentials { Password = password, Username = user.Username, }; return(authService.Authenticate(credentials).Success); }