Esempio n. 1
0
        public async Task <IActionResult> ChangePassword(UserAccountModel body)
        {
            try
            {
                if (body == null)
                {
                    IActionResult actionResult = BadRequest(
                        "The client set the requested body to null before it was sent."
                        );
                    return(StatusCode(StatusCodes.Status400BadRequest, actionResult));
                }

                else if (string.IsNullOrEmpty(body.password) || string.IsNullOrWhiteSpace(body.password))
                {
                    IActionResult actionResult = customActionResult.FieldsRequired(
                        "The 'password' field has been sent from the client null, empty, or whitespaced."
                        );
                    return(StatusCode(StatusCodes.Status411LengthRequired, actionResult));
                }

                else if (string.IsNullOrEmpty(body.oldPassword) || string.IsNullOrWhiteSpace(body.oldPassword))
                {
                    IActionResult actionResult = customActionResult.FieldsRequired(
                        "The 'old password' field has been sent from the client null, empty, or whitespaced."
                        );
                    return(StatusCode(StatusCodes.Status411LengthRequired, actionResult));
                }

                else
                {
                    DynamicParameters selectPasswordByUserId_params = new DynamicParameters();
                    selectPasswordByUserId_params.Add("@userId", _claims.GetUserId());

                    string selectPasswordByUserId_string  = $"SELECT [password] FROM [User] WHERE [id] = @userId";
                    var    selectPasswordByUserId_results = await _db.SelectAsync <UserAccountModel, dynamic>(selectPasswordByUserId_string, selectPasswordByUserId_params);

                    if (selectPasswordByUserId_results.Count < 1)
                    {
                        IActionResult actionResult = customActionResult.NotFound(
                            "The user details provided do not exist in the database, try again."
                            );
                        return(StatusCode(StatusCodes.Status404NotFound, actionResult));
                    }

                    else
                    {
                        _user.oldPassword = selectPasswordByUserId_results[0].password;
                        bool comparePassword = new HashPassword().VerifyPassword(_user.oldPassword, body.oldPassword);

                        byte[] salt = hashPassword.CreateSalt(10);

                        string newPasswordHashed = hashPassword.GenerateSHA256Hash(body.password, salt, false);

                        if (comparePassword != true)
                        {
                            IActionResult actionResult = customActionResult.Unauthorized(
                                "The old password is wrong, so the access is denied."
                                );
                            return(StatusCode(StatusCodes.Status401Unauthorized, actionResult));
                        }

                        else if (string.IsNullOrEmpty(newPasswordHashed) || string.IsNullOrWhiteSpace(newPasswordHashed))
                        {
                            IActionResult actionResult = customActionResult.Locked(
                                "The new password failed to hash, so the process to change the password has been blocked. Please Try Again."
                                );
                            return(StatusCode(StatusCodes.Status423Locked, actionResult));
                        }

                        else
                        {
                            DynamicParameters updatePassword_params = new DynamicParameters();
                            updatePassword_params.Add("@userId", _claims.GetUserId());
                            updatePassword_params.Add("@newPassword", newPasswordHashed);

                            string updatePassword_string = @"UPDATE [User] SET [password] = @newPassword WHERE [id] = @userId";

                            await _db.UpdateAsync(updatePassword_string, updatePassword_params);

                            IActionResult actionResult = customActionResult.Ok(
                                "Password changed successfully. Be careful and don't give it to anyone."
                                );
                            return(StatusCode(StatusCodes.Status202Accepted, actionResult));
                        }
                    }
                }
            }

            catch (Exception e)
            {
                return(StatusCode(StatusCodes.Status500InternalServerError, e.Message));
            }
        }