public ActionResult <string> UpdatePassword(UserPassDTO userPassDTO) { if (_authService.IsAuthenticated(HttpContext.User)) { var user = _userService.GetUserByEmail(HttpContext.User.Identity.Name); var validPassword = _hashService.Check(user.Password, userPassDTO.OldPassword).Verified; var newPassValid = userPassDTO.Password.Length > 0; if (user == null) { return(NotFound()); } if (!validPassword || !newPassValid) { return(BadRequest("Password not valid")); } user.Password = _hashService.Hash(userPassDTO.Password); _userService.UpdateUser(user); _userService.SaveChanges(); return(Ok("Password updated")); } return(Unauthorized("Access denied")); }
public User AuthenticateUser(LoginDTO loginDTO) { var user = _repository.GetUserByEmail(loginDTO.Email); var validPassword = _hashService.Check(user.Password, loginDTO.Password).Verified; if (user != null && validPassword) { return(user); } return(null); }