public async Task <ResponseModelBase> ChangePassword([FromBody] ChangePasswordRequestModel model) { if (!ModelState.IsValid) { return(ErrorModel.Of("invalid_request")); } if (!await ldb.ValidateAccount(model.EmailAddress, model.OldPassword)) { return(ErrorModel.Of("username_or_password_incorrect")); } if (model.NewPassword.Length < 8) { return(ErrorModel.Of("password_too_short")); } //Change their password var user = await ldb.FindByEmailAddress(model.EmailAddress); if (user == null) { return(ErrorModel.Of("user_not_found")); } user.PasswordHashes = await Task.Run(() => PasswordHasher.GenerateHashPermutations(model.NewPassword)); //Clear all sessions ldb.DBContext.Sessions.RemoveRange(user.ActiveSessions); user.ActiveSessions.Clear(); //And login tokens ldb.DBContext.ServerTokens.RemoveRange(user.ActiveServerTokens); user.ActiveServerTokens.Clear(); //Update await ldb.UpdateUser(user); return(OkModel.Of("password_changed")); }
public async Task <ResponseModelBase> ChangeEmail([FromBody] ChangeEmailRequestModel model) { if (!ModelState.IsValid) { return(ErrorModel.Of("invalid_request")); } UserModel usr; if (await ldb.ValidateAccount(model.EmailAddress, model.Password)) { return(ErrorModel.Of("username_or_password_incorrect")); } //retrieve the user usr = await ldb.FindByEmailAddress(model.EmailAddress); if (usr == null) { return(ErrorModel.Of("user_not_found")); } //make sure that the email address isn't in use var other = await ldb.FindByEmailAddress(model.NewEmailAddress); if (other != null) { return(ErrorModel.Of("email_address_in_use")); } usr.EmailAddress = model.NewEmailAddress; usr.UniqueConfirmationCode = Guid.NewGuid(); usr.EmailConfirmationSent = DateTime.Now; usr.IsEmailConfirmed = false; Task.WaitAll( ldb.UpdateUser(usr), Backend.EmailSender.SendEmail(usr, Backend.EmailSender.RegistrationTemplate) ); return(Models.OkModel.Of("email_address_changed")); }