Esempio n. 1
0
        public ActionResult <string> UpdatePassword(UserPassDTO userPassDTO)
        {
            if (_authService.IsAuthenticated(HttpContext.User))
            {
                var user          = _userService.GetUserByEmail(HttpContext.User.Identity.Name);
                var validPassword = _hashService.Check(user.Password, userPassDTO.OldPassword).Verified;
                var newPassValid  = userPassDTO.Password.Length > 0;

                if (user == null)
                {
                    return(NotFound());
                }

                if (!validPassword || !newPassValid)
                {
                    return(BadRequest("Password not valid"));
                }

                user.Password = _hashService.Hash(userPassDTO.Password);

                _userService.UpdateUser(user);

                _userService.SaveChanges();

                return(Ok("Password updated"));
            }

            return(Unauthorized("Access denied"));
        }
Esempio n. 2
0
        public User AuthenticateUser(LoginDTO loginDTO)
        {
            var user          = _repository.GetUserByEmail(loginDTO.Email);
            var validPassword = _hashService.Check(user.Password, loginDTO.Password).Verified;

            if (user != null && validPassword)
            {
                return(user);
            }

            return(null);
        }