Esempio n. 1
0
        public async Task <IHttpActionResult> ChangePassword(ChangePasswordTO passwordDetails)
        {
            if (passwordDetails.NewPassword != passwordDetails.ConfirmNewPassword)
            {
                return(BadRequest(UserENUM.DIFFERENT_PASSWORDS.ToString()));
            }

            if (passwordDetails.NewPassword.Length < 5)
            {
                return(BadRequest(UserENUM.PASSWORD_TOO_SHORT.ToString()));
            }

            string identityUserName = HttpContext.Current.User.Identity.Name;

            passwordDetails.UserName = identityUserName;

            // Additional check if user session is not hijacked
            bool isAuth = await _authService.CheckCredentials(identityUserName, passwordDetails.CurrentPassword);

            if (!isAuth)
            {
                return(BadRequest(UserENUM.WRONG_PASSWORD.ToString()));
            }

            bool result = await _authService.ChangePassword(passwordDetails);

            if (result)
            {
                logger.Log(LogLevel.Info, "Password was changed for user: "******".\n");
                return(Ok());
            }
            return(BadRequest(UserENUM.UNABLE_CHANGE_PASSWORD.ToString()));
        }
Esempio n. 2
0
        public async Task <bool> ChangePassword(ChangePasswordTO passwordDetails)
        {
            using (var scope = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled))
            {
                var result = await _authRepository.ChangePassword(passwordDetails.UserName, passwordDetails.CurrentPassword, passwordDetails.NewPassword);

                if (result)
                {
                    scope.Complete();
                    return(true);
                }

                return(false);
            }
        }