resetPassword(string id, [FromBody] SetPasswordResource aSetPasswordResource) { //verify that the user exsists and then assigns new password and replaces old user in DB var userList = (await Database.Users()).ToList(); var user = userList .Where(u => u.UserAccountId == id) .FirstOrDefault(); if (user == null) { return(BadRequest("User not found")); } var userIndex = userList.IndexOf(user); user.Password = aSetPasswordResource.Password; userList[userIndex] = user; Database.SaveUsers(userList); return(Ok()); }
setPassword(string id, [FromBody] SetPasswordResource aSetPasswordResource) { //get user by payload ID, verify that the users exsists and that the old password is the same as the user in DB var userList = (await Database.Users()).ToList(); var user = userList .Where(u => u.UserAccountId == id) .FirstOrDefault(); if (user == null) { return(BadRequest("User not found")); } if (aSetPasswordResource.CurrentPassword != user.Password) { return(Unauthorized("Wrong current password input")); } //Verify with identity claims that it is the same user that sends the payload is updated var identity = HttpContext.User.Identity as ClaimsIdentity; if (user.UserAccountId != identity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).FirstOrDefault().Value) { return(Unauthorized("Password can only be changed by same User Account")); } //Sets password and saves to DB var userIndex = userList.IndexOf(user); user.Password = aSetPasswordResource.Password; userList[userIndex] = user; Database.SaveUsers(userList); return(Ok()); }