public async Task <IHttpActionResult> InstanceAdminChangePassword([FromBody] UpdateUserPassword updatePassword)
{
if (updatePassword == null)
{
throw new BadRequestException(ErrorMessages.InvalidChangeInstanceAdminPasswordParameters, ErrorCodes.BadRequest);
}
await _privilegesManager.Demand(Session.UserId, InstanceAdminPrivileges.ManageUsers);
var user = await _userRepository.GetUserAsync(updatePassword.UserId);
if (user == null)
{
throw new ResourceNotFoundException(ErrorMessages.UserNotExist, ErrorCodes.ResourceNotFound);
}
string decodedPassword;
try
{
decodedPassword = SystemEncryptions.Decode(updatePassword.Password);
}
catch (FormatException)
{
throw new BadRequestException(ErrorMessages.IncorrectBase64FormatPasswordField, ErrorCodes.BadRequest);
}
UserConverter.ValidatePassword(user, decodedPassword);
await _userRepository.UpdateUserPasswordAsync(user.Login, decodedPassword);
return(Ok());
}
public Result Updatepassword(UpdateUserPassword userPassword)
{
try
{
using (SqlConnection conn = DbHelper.CreateConnection())
{
string strQuery;
SqlCommand cmd;
strQuery = "UPDATE security.Users SET [password]=@paramnewPassword,@parammodifiedby= @paramuserid,@parammodifieddate=getdate() WHERE userid = @paramuserid ";
cmd = new SqlCommand(strQuery);
cmd.Connection = conn;
cmd.Parameters.Add("@paramuserid", SqlDbType.Int).Value = userPassword.userid;
cmd.Parameters.Add("@paramnewPassword", SqlDbType.VarChar, 150).Value = CommonFunctions.MD5Encryption(userPassword.Password);
cmd.Parameters.Add("@parammodifiedby", SqlDbType.Int).Value = userPassword.modifiedby;
cmd.Parameters.Add("@parammodifieddate", SqlDbType.DateTime).Value = userPassword.modifieddate;
int flag = cmd.ExecuteNonQuery();
return(new Result
{
Results = flag
});
}
}
catch (Exception ex)
{
throw ex;
}
}
public HttpResponseMessage UpdatePassword(UpdateUserPassword userPassword)
{
logger.Info("Started");
logger.Debug("Update user started");
HttpResponseMessage response = new HttpResponseMessage();;
Result objResult = null;
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
UserBAL userBLL = new UserBAL();
try
{
logger.Debug("UpdateUserPassword BAL started");
objResult = userBLL.UpdateUserPassword(userPassword);
logger.Debug("UpdateUserPassword BAL finished");
if (objResult.Results == 1)
{
response = Request.CreateResponse(HttpStatusCode.OK, "Password updated successfully");
}
else
{
response = Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong");
}
return(response);
}
catch (Exception ex)
{
logger.ErrorException("Data Empty", ex);
}
logger.Debug("update user finished");
return(response);
}
/// <summary>
/// Change User password
/// </summary>
/// <param name="UserId">target user</param>
/// <param name="NewPassword">new password</param>
/// <returns>Success status</returns>
public bool ChangeUserPassword(UpdateUserPassword user)
{
if (IsPropInUse("user_password", user.OldPassword) && !IsPropInUse("user_password", user.NewPassword))
{
return(SqlConnector.Update("Users", "user_password", $"'{user.NewPassword}'", $"where user_user_id = {user.UserId}"));
}
return(false);
}
public ActionResult <MyBooleanResult> ChangeUserPassword([FromBody] UpdateUserPassword user)
{
MyBooleanResult res = new MyBooleanResult
{
ResultValue = _userBL.ChangeUserPassword(user)
};
return(res);
}
public AuthenticateTokenManager(GetValidUserData getValidUserData, GetCredentialData getCredentialData, IsGrantedUser isGrantedUser, InsertCredentialData insertCredentialData, UpdateUserPassword updateUserPassword, DeleteCredentialData deleteCredentialData, DeleteAllCredentialData deleteAllCredentialData)
{
this._GetCredentialData = getCredentialData;
this._GetValidUserData = getValidUserData;
this._IsGrantedUser = isGrantedUser;
this._InsertCredentialData = insertCredentialData;
this._UpdateUserPassword = updateUserPassword;
this._DeleteCredentialData = deleteCredentialData;
this._DeleteAllCredentialData = deleteAllCredentialData;
}
public UserPageVM()
{
Usuarios = new ObservableCollection <User>(UserQueries.GetUsers());
Empleados = new List <IdName>(PersonaQueries.GetEmpleadosDropDown());
Roles = new ObservableCollection <Role>(UserQueries.GetRoles());
SelectedRole = new Role();
NuevoUsuarioCommand = new NewUserCommand(this);
UpdateUsuarioCommand = new UpdateUserCommand(this);
NewPasswordCommand = new UpdateUserPassword(this);
NewUser = new User();
}
public async Task<ActionResult> UpdateUserPassword(
[FromRoute, Required] Guid userId,
[FromBody, Required] UpdateUserPassword request)
{
if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true).ConfigureAwait(false))
{
return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the password.");
}
var user = _userManager.GetUserById(userId);
if (user == null)
{
return NotFound("User not found");
}
if (request.ResetPassword)
{
await _userManager.ResetPassword(user).ConfigureAwait(false);
}
else
{
if (!HttpContext.User.IsInRole(UserRoles.Administrator))
{
var success = await _userManager.AuthenticateUser(
user.Username,
request.CurrentPw,
request.CurrentPw,
HttpContext.GetNormalizedRemoteIp().ToString(),
false).ConfigureAwait(false);
if (success == null)
{
return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
}
}
await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
var currentToken = (await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false)).Token;
await _sessionManager.RevokeUserTokens(user.Id, currentToken).ConfigureAwait(false);
}
return NoContent();
}
public async Task <ActionResult> UpdateUserPassword(
[FromRoute, Required] Guid userId,
[FromBody] UpdateUserPassword request)
{
if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
{
return(Forbid("User is not allowed to update the password."));
}
var user = _userManager.GetUserById(userId);
if (user == null)
{
return(NotFound("User not found"));
}
if (request.ResetPassword)
{
await _userManager.ResetPassword(user).ConfigureAwait(false);
}
else
{
var success = await _userManager.AuthenticateUser(
user.Username,
request.CurrentPw,
request.CurrentPw,
HttpContext.GetNormalizedRemoteIp(),
false).ConfigureAwait(false);
if (success == null)
{
return(Forbid("Invalid user or password entered."));
}
await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
_sessionManager.RevokeUserTokens(user.Id, currentToken);
}
return(NoContent());
}
private Task <HttpResponseMessage> UpdateUserPassword(HttpClient httpClient, Guid userId, UpdateUserPassword request)
{
using var postContent = new ByteArrayContent(JsonSerializer.SerializeToUtf8Bytes(request, _jsonOpions));
postContent.Headers.ContentType = MediaTypeHeaderValue.Parse(MediaTypeNames.Application.Json);
return(httpClient.PostAsync("Users/" + userId.ToString("N", CultureInfo.InvariantCulture) + "/Password", postContent));
}
private Task <HttpResponseMessage> UpdateUserPassword(HttpClient httpClient, Guid userId, UpdateUserPassword request)
=> httpClient.PostAsJsonAsync("Users/" + userId.ToString("N", CultureInfo.InvariantCulture) + "/Password", request, _jsonOpions);
