public ActionResult <string> UpdatePassword(UserPassDTO userPassDTO)
{
if (_authService.IsAuthenticated(HttpContext.User))
{
var user = _userService.GetUserByEmail(HttpContext.User.Identity.Name);
var validPassword = _hashService.Check(user.Password, userPassDTO.OldPassword).Verified;
var newPassValid = userPassDTO.Password.Length > 0;
if (user == null)
{
return(NotFound());
}
if (!validPassword || !newPassValid)
{
return(BadRequest("Password not valid"));
}
user.Password = _hashService.Hash(userPassDTO.Password);
_userService.UpdateUser(user);
_userService.SaveChanges();
return(Ok("Password updated"));
}
return(Unauthorized("Access denied"));
}
public User AuthenticateUser(LoginDTO loginDTO)
{
var user = _repository.GetUserByEmail(loginDTO.Email);
var validPassword = _hashService.Check(user.Password, loginDTO.Password).Verified;
if (user != null && validPassword)
{
return(user);
}
return(null);
}
