public IActionResult User_EditPassword(int id, [FromBody] PasswordReset psw_reset) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // get user from db User user = _context.Users.Single(a => a.ID == id); // if password is valid then we change it and update db if (ValidatePassword(psw_reset.Current_Password, user.Password)) { user.Password = HelperMethods.ConcatenatedSaltAndSaltedHash(psw_reset.New_Password); _context.Update(user); _context.SaveChanges(); return(Ok()); } else { ErrorMessage error = new ErrorMessage("Invalid Password", "Your current password does not match."); return(new BadRequestObjectResult(error)); } }
public string User_EditPassword(int id, [FromBody] string passwordJson) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } JObject json = null; // might want Json verification as own function since all will do it.. we will see try { json = JObject.Parse(passwordJson); } catch (Exception ex) { Response.StatusCode = 400; ErrorMessage error = new ErrorMessage("Invalid Json", passwordJson, ex.Message); return(JObject.FromObject(error).ToString()); } try { User user = _context.Users.Single(a => a.ID == id); // if password is valid then we change it and update db if (ValidatePassword(json["current_password"].ToString(), user.Password)) { user.Password = HelperMethods.ConcatenatedSaltAndSaltedHash(json["new_password"].ToString()); _context.Update(user); _context.SaveChanges(); } else { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid Password", json["current_password"].ToString(), "n/a")).ToString()); } } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Failed to update with new password", "n/a", ex.Message)).ToString()); // don't continue to send password back and forth in messages } return(JObject.Parse(SuccessMessage._result).ToString()); }
[HttpPost, AllowAnonymous] // Working.. needs password hashing public string User_AddUser([FromBody] string userJson) { JObject json = null; // might want Json verification as own function since all will do it.. we will see try { json = JObject.Parse(userJson); } catch (Exception ex) { Response.StatusCode = 400; ErrorMessage error = new ErrorMessage("Invalid Json", userJson, ex.Message); return(JObject.FromObject(error).ToString()); } // attempt to create new user and add to the database... later we need to implement hashing try { User newUser = new User { First_Name = json["firstname"].ToString(), Last_Name = json["lastname"].ToString(), Email = json["email"].ToString(), Password = HelperMethods.ConcatenatedSaltAndSaltedHash(json["password"].ToString()), NumAccs = 0, Role = UserRoles.User }; _context.Users.Add(newUser); _context.SaveChanges(); HelperMethods.CreateUserKeyandIV(_context.Users.Single(a => a.Email == json["email"].ToString()).ID); // after we save changes, we need to get the user by their email and then use the id to create unique password and iv } catch (Exception ex) { Response.StatusCode = 500; ErrorMessage error = new ErrorMessage("Failed to create new user", json.ToString(), ex.Message); return(JObject.FromObject(error).ToString()); } JObject message = JObject.Parse(SuccessMessage._result); message.Add(new JProperty("id", _context.Users.Single(a => a.Email == json["email"].ToString()).ID)); // user context to get id since locally created user will not have id set return(message.ToString()); }