public async Task <ResponseModelBase> ChangePassword([FromBody] ChangePasswordRequestModel model)
{
if (!ModelState.IsValid)
{
return(ErrorModel.Of("invalid_request"));
}
if (!await ldb.ValidateAccount(model.EmailAddress, model.OldPassword))
{
return(ErrorModel.Of("username_or_password_incorrect"));
}
if (model.NewPassword.Length < 8)
{
return(ErrorModel.Of("password_too_short"));
}
//Change their password
var user = await ldb.FindByEmailAddress(model.EmailAddress);
if (user == null)
{
return(ErrorModel.Of("user_not_found"));
}
user.PasswordHashes = await Task.Run(() => PasswordHasher.GenerateHashPermutations(model.NewPassword));
//Clear all sessions
ldb.DBContext.Sessions.RemoveRange(user.ActiveSessions);
user.ActiveSessions.Clear();
//And login tokens
ldb.DBContext.ServerTokens.RemoveRange(user.ActiveServerTokens);
user.ActiveServerTokens.Clear();
//Update
await ldb.UpdateUser(user);
return(OkModel.Of("password_changed"));
}
public async Task <ResponseModelBase> ChangeEmail([FromBody] ChangeEmailRequestModel model)
{
if (!ModelState.IsValid)
{
return(ErrorModel.Of("invalid_request"));
}
UserModel usr;
if (await ldb.ValidateAccount(model.EmailAddress, model.Password))
{
return(ErrorModel.Of("username_or_password_incorrect"));
}
//retrieve the user
usr = await ldb.FindByEmailAddress(model.EmailAddress);
if (usr == null)
{
return(ErrorModel.Of("user_not_found"));
}
//make sure that the email address isn't in use
var other = await ldb.FindByEmailAddress(model.NewEmailAddress);
if (other != null)
{
return(ErrorModel.Of("email_address_in_use"));
}
usr.EmailAddress = model.NewEmailAddress;
usr.UniqueConfirmationCode = Guid.NewGuid();
usr.EmailConfirmationSent = DateTime.Now;
usr.IsEmailConfirmed = false;
Task.WaitAll(
ldb.UpdateUser(usr),
Backend.EmailSender.SendEmail(usr, Backend.EmailSender.RegistrationTemplate)
);
return(Models.OkModel.Of("email_address_changed"));
}
