Esempio n. 1
0
        public IHttpActionResult PutUserAccounts(ChangePasswordDTO passwordInput)        // CHANGE PASSWORD
        {
            TextResult httpResponse = new TextResult("Failed to change password!", msg); // Http response

            string salt;
            string hashedOldPassword = null;
            string hashedNewPassword;
            string hashedPasswordFromDb = null;

            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }
            UserAccountsManager umgr = new UserAccountsManager();
            bool passwordIsNotOk     = umgr.CheckIfPasswordIsOk(passwordInput.NewPassword); // Check if password is valid

            if (passwordIsNotOk.Equals(true))
            {
                httpResponse.ChangeHTTPMessage("Password must contain atleast six characters, one digit and one uppercase!", msg); // If password is not ok, HTTP response
                return(httpResponse);
            }
            try
            {
                salt = umgr.GetUserSalt(passwordInput.AccountName);                        // Gets salt from DB
                hashedOldPassword    = umgr.HashPassword(salt, passwordInput.OldPassword); // Hashing old password with user salt
                hashedNewPassword    = umgr.HashPassword(salt, passwordInput.NewPassword); // Hashing new password with user salt
                hashedPasswordFromDb = umgr.GetPassword(passwordInput.AccountName);        // Gets old hashed password from DB
            } catch
            {
                return(httpResponse); // http response if above operations failed
            }

            if (hashedOldPassword.Equals(hashedPasswordFromDb)) // Compares new password vs old
            {
                UserAccounts updatedUser = new UserAccounts();
                updatedUser.accountPassword = hashedNewPassword;           // Adds new hashed password to user entity
                updatedUser.accountName     = passwordInput.AccountName;   // User entity account name
                bool entityIsUpdated = umgr.UpdateEntityInDb(updatedUser); // Updating entity in DB
                if (entityIsUpdated.Equals(true))
                {
                    httpResponse.ChangeHTTPMessage("Password changed!", msg);
                    return(httpResponse);
                }
                return(httpResponse);
            }
            httpResponse.ChangeHTTPMessage("Password not correct!", msg); // if input password and password from DB do not match
            return(httpResponse);
        }