public async Task <IActionResult> UpdateUser(string id, [FromBody] UserEditViewModel user) { User appUser = await _accountManager.GetUserByIdAsync(id); string[] currentRoles = appUser != null ? (await _accountManager.GetUserRolesAsync(appUser)).ToArray() : null; Task <AuthorizationResult> manageUsersPolicy = _authorizationService.AuthorizeAsync(User, id, AccountManagementOperations.Update); Task <AuthorizationResult> assignRolePolicy = _authorizationService.AuthorizeAsync(User, (user.Roles, currentRoles), Authorization.Policies.AssignAllowedRolesPolicy); if ((await Task.WhenAll(manageUsersPolicy, assignRolePolicy)).Any(r => !r.Succeeded)) { return(new ChallengeResult()); } if (ModelState.IsValid) { if (user == null) { return(BadRequest($"{nameof(user)} cannot be null")); } if (!string.IsNullOrWhiteSpace(user.Id) && id != user.Id) { return(BadRequest("Conflicting user id in parameter and model data")); } if (appUser == null) { return(NotFound(id)); } bool isPasswordChanged = !string.IsNullOrWhiteSpace(user.NewPassword); bool isUserNameChanged = !appUser.UserName.Equals(user.UserName, StringComparison.OrdinalIgnoreCase); if (Utilities.GetUserId(User) == id) { if (string.IsNullOrWhiteSpace(user.CurrentPassword)) { if (isPasswordChanged) { AddError("Current password is required when changing your own password", "Password"); } if (isUserNameChanged) { AddError("Current password is required when changing your own username", "Username"); } } else if (isPasswordChanged || isUserNameChanged) { if (!await _accountManager.CheckPasswordAsync(appUser, user.CurrentPassword)) { AddError("The username/password couple is invalid."); } } } if (ModelState.IsValid) { _mapper.Map <UserEditViewModel, User>(user, appUser); (bool Succeeded, string[] Errors)result = await _accountManager.UpdateUserAsync(appUser, user.Roles); if (result.Succeeded) { if (isPasswordChanged) { if (!string.IsNullOrWhiteSpace(user.CurrentPassword)) { result = await _accountManager.UpdatePasswordAsync(appUser, user.CurrentPassword, user.NewPassword); } else { result = await _accountManager.ResetPasswordAsync(appUser, user.NewPassword); } } if (result.Succeeded) { return(NoContent()); } } AddError(result.Errors); } } return(BadRequest(ModelState)); }