public IActionResult ChangePassword(ChangePassInput changePassInput) { var user = _authHandler.UserFromClaimsPrincipal(User); if (string.IsNullOrWhiteSpace(changePassInput.OldPassword) || string.IsNullOrWhiteSpace(changePassInput.NewPassword)) { _logger.LogInformation("Old or new Password is null or empty."); _logger.LogInformation($"Terminating session. User: {user.Uuid}" + $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}"); _authHandler.TerminateSession(user); return(BadRequest()); } if (changePassInput.OldPassword.Length > 64 || changePassInput.NewPassword.Length > 64) { _logger.LogInformation("Old or new password length exceeds permitted length."); _logger.LogInformation($"Terminating session. User: {user.Uuid}" + $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}"); _authHandler.TerminateSession(user); return(BadRequest()); } user.Password = changePassInput.OldPassword; if (_authHandler.ChangePassword(user, changePassInput.NewPassword)) { _activityLogger.LogChangePassword(Request.HttpContext.Connection.RemoteIpAddress, user); return(Ok()); } _logger.LogInformation("Auth handler rejected password change."); _logger.LogInformation($"Terminating session. User: {user.Uuid}" + $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}"); _authHandler.TerminateSession(user); return(BadRequest()); }