public UserProfileVM Login() { Stream stream = Request.Body; LoginVM loginVM = this.ReadRequestBody <LoginVM>(stream); User?existingUser = _UserRepo.GetUserByUsername(loginVM.Username); if (existingUser == null || !PasswordOperator.ValidateMe(existingUser.Password, loginVM.Password)) { return(new UserProfileVM()); } else { HttpContext.Session.SetString("sessionId", IdGenerator.GenerateId()); return(this.GetProfile(existingUser)); } }
public ActionResult ChangePassword() { Stream stream = Request.Body; ChangePasswordVM changeable = this.ReadRequestBody <ChangePasswordVM>(stream); User user = _UserRepo.GetUserByUsername(changeable.Username); bool isSame = PasswordOperator.ValidateMe(user.Password, changeable.NewPassword); bool isValid = PasswordOperator.ValidateMe(user.Password, changeable.OldPassword); if (isSame || !isValid) { return(StatusCode(417)); } else { string hashedPassword = PasswordOperator.HashMe(changeable.NewPassword); user.Password = hashedPassword; _UserRepo.UpdateEntityById(user); return(Ok()); } }