public async Task <IActionResult> ResetPassword([FromBody] PasswordReset reset)
{
if (!hasher.CompareHashAndPassword(AuthorizedUser.PasswordHash, reset.CurrentPassword))
{
return(BadRequest("invalid current password"));
}
AuthorizedUser.PasswordHash = hasher.HashFromPassword(reset.NewPassword);
db.Update(AuthorizedUser);
await db.SaveChangesAsync();
return(NoContent());
}
public async Task <ActionResult <UserView> > Register([FromBody] AuthCredentials creds)
{
if (await db.Users.AnyAsync(u => u.LoginName == creds.LoginName))
{
return(BadRequest("login name already exists"));
}
var user = new User()
{
LoginName = creds.LoginName,
PasswordHash = hasher.HashFromPassword(creds.Password),
};
db.Add(user);
await db.SaveChangesAsync();
return(Created($"/api/users/{user.Id}", new UserView(user)));
}
