resetPassword(string id, [FromBody] SetPasswordResource aSetPasswordResource)
{
//verify that the user exsists and then assigns new password and replaces old user in DB
var userList = (await Database.Users()).ToList();
var user = userList
.Where(u => u.UserAccountId == id)
.FirstOrDefault();
if (user == null)
{
return(BadRequest("User not found"));
}
var userIndex = userList.IndexOf(user);
user.Password = aSetPasswordResource.Password;
userList[userIndex] = user;
Database.SaveUsers(userList);
return(Ok());
}
setPassword(string id, [FromBody] SetPasswordResource aSetPasswordResource)
{
//get user by payload ID, verify that the users exsists and that the old password is the same as the user in DB
var userList = (await Database.Users()).ToList();
var user = userList
.Where(u => u.UserAccountId == id)
.FirstOrDefault();
if (user == null)
{
return(BadRequest("User not found"));
}
if (aSetPasswordResource.CurrentPassword != user.Password)
{
return(Unauthorized("Wrong current password input"));
}
//Verify with identity claims that it is the same user that sends the payload is updated
var identity = HttpContext.User.Identity as ClaimsIdentity;
if (user.UserAccountId != identity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).FirstOrDefault().Value)
{
return(Unauthorized("Password can only be changed by same User Account"));
}
//Sets password and saves to DB
var userIndex = userList.IndexOf(user);
user.Password = aSetPasswordResource.Password;
userList[userIndex] = user;
Database.SaveUsers(userList);
return(Ok());
}
