public async Task <IHttpActionResult> ChangePassword(ChangePasswordTO passwordDetails) { if (passwordDetails.NewPassword != passwordDetails.ConfirmNewPassword) { return(BadRequest(UserENUM.DIFFERENT_PASSWORDS.ToString())); } if (passwordDetails.NewPassword.Length < 5) { return(BadRequest(UserENUM.PASSWORD_TOO_SHORT.ToString())); } string identityUserName = HttpContext.Current.User.Identity.Name; passwordDetails.UserName = identityUserName; // Additional check if user session is not hijacked bool isAuth = await _authService.CheckCredentials(identityUserName, passwordDetails.CurrentPassword); if (!isAuth) { return(BadRequest(UserENUM.WRONG_PASSWORD.ToString())); } bool result = await _authService.ChangePassword(passwordDetails); if (result) { logger.Log(LogLevel.Info, "Password was changed for user: "******".\n"); return(Ok()); } return(BadRequest(UserENUM.UNABLE_CHANGE_PASSWORD.ToString())); }
public async Task <bool> ChangePassword(ChangePasswordTO passwordDetails) { using (var scope = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled)) { var result = await _authRepository.ChangePassword(passwordDetails.UserName, passwordDetails.CurrentPassword, passwordDetails.NewPassword); if (result) { scope.Complete(); return(true); } return(false); } }