public async Task ExecuteAsync(UpdateUserPasswordByCredentialsCommand command, IExecutionContext executionContext) { if (IsLoggedInAlready(command, executionContext)) { throw new Exception($"{nameof(UpdateUserPasswordByCredentialsCommand)} cannot be used when the user is already logged in."); } var authResult = await GetUserSignInInfoAsync(command, executionContext); authResult.ThrowIfNotSuccess(); var user = await GetUserAsync(authResult); var updatePasswordCommand = new UpdateUserPasswordByUserIdCommand() { UserId = authResult.User.UserId, NewPassword = command.NewPassword }; using (var scope = _domainRepository.Transactions().CreateScope()) { await _domainRepository .WithElevatedPermissions() .ExecuteCommandAsync(updatePasswordCommand); await _passwordUpdateCommandHelper.SendPasswordChangedNotification(user); await scope.CompleteAsync(); } // We pass out the userid since we do the auth inside the command and it might be useful to the callee command.OutputUserId = authResult.User.UserId; }
public async Task ExecuteAsync(UpdateUnauthenticatedUserPasswordCommand command, IExecutionContext executionContext) { if (IsLoggedInAlready(command, executionContext)) { throw new Exception("UpdateUnauthenticatedUserPasswordCommand cannot be used when the user is already logged in."); } await ValidateMaxLoginAttemptsNotExceeded(command, executionContext); var userArea = _userAreaRepository.GetByCode(command.UserAreaCode); var userLoginInfo = await GetUserLoginInfoAsync(command, executionContext); if (userLoginInfo == null) { var failedLoginLogCommand = new LogFailedLoginAttemptCommand(command.UserAreaCode, command.Username); await _commandExecutor.ExecuteAsync(failedLoginLogCommand); throw new InvalidCredentialsAuthenticationException(nameof(command.OldPassword)); } var updatePasswordCommand = new UpdateUserPasswordByUserIdCommand() { UserId = userLoginInfo.UserId, NewPassword = command.NewPassword }; // User is not logged in, so will need to elevate permissions here to change the password. var systemExecutionContext = await _executionContextFactory.CreateSystemUserExecutionContextAsync(executionContext); await _commandExecutor.ExecuteAsync(updatePasswordCommand, systemExecutionContext); // We pass out the userid since we do the auth inside the command and it might be useful to the callee command.OutputUserId = userLoginInfo.UserId; }