public IActionResult ChangePassword(ChangeSecretDto model)
{
var currentUser = _partnerManager.GetPartnerById(this.HttpContext.User.Identity.Name);
if (currentUser.Status.Id > 2)
{
return(Unauthorized(new ApiResponse(-3100, "Sorry, your account is not in correct state")));
}
if (currentUser.LockTime > DateTime.Now)
{
return(Unauthorized(new ApiResponse(-3101, $"Sorry, your account is suspended for {Utility.HowMuchLeftTime(currentUser.LockTime)}")));
}
if (!System.Text.RegularExpressions.Regex.IsMatch(model.newSecret.ToString(), "^[0-9]{4,6}$"))
{
return(BadRequest(new ApiResponse(-3102, $"Sorry, new secret was invalid")));
}
byte[] salt = Convert.FromBase64String(currentUser.Extra);
string hash = Pbkdf2Hasher.ComputeHash(model.oldSecret.ToString(), salt);
if (currentUser.Pwd != hash)
{
return(BadRequest(new ApiResponse(-3103, "Sorry, incorrect credentials")));
}
byte[] newSalt = Pbkdf2Hasher.GenerateRandomSalt();
string newHash = Pbkdf2Hasher.ComputeHash(model.newSecret.ToString(), newSalt);
var changeSecret = new ChangeSecretHistory();
changeSecret.CreatedBy.Id = currentUser.Id;
changeSecret.CreatedBy.Account = currentUser.Account;
changeSecret.AccessChannel.Id = "api";
changeSecret.OldSalt = currentUser.Extra;
changeSecret.OldHash = currentUser.Pwd;
changeSecret.NewSalt = Convert.ToBase64String(newSalt);
changeSecret.NewHash = newHash;
changeSecret.ChangeType.Id = "change";
changeSecret.NotifyBy.Id = "none";
changeSecret.PartAppUser.Id = currentUser.Id;
changeSecret.PartAppUser.Account = currentUser.Account;
var result = new ChangeSecretHistoryRepo(_db, _partnerManager, null).Create(changeSecret);
//var result = _partnerManager.ChangePwd(currentUser.Account, currentUser.Id, model.newSecret.ToString(), false);
if (!result.Success)
{
return(BadRequest(new ApiResponse(-3104, $"Sorry, change secrect was failed, please try later")));
}
return(Ok(new ApiResponse(0, $"Changed successfully")));
}
public OpertionResult Create(ChangeSecretHistory created)
{
try
{
#region Parameters
var parameters = new List <OracleParameter> {
new OracleParameter {
ParameterName = "retVal", OracleDbType = OracleDbType.Int32, Direction = ParameterDirection.ReturnValue
},
new OracleParameter {
ParameterName = "v_createdby", OracleDbType = OracleDbType.Varchar2, Value = created.CreatedBy.Id
},
new OracleParameter {
ParameterName = "v_createdbyacc", OracleDbType = OracleDbType.Int32, Value = created.CreatedBy.Account
},
new OracleParameter {
ParameterName = "v_access_channel", OracleDbType = OracleDbType.Varchar2, Value = created.AccessChannel.Id
},
new OracleParameter {
ParameterName = "v_old_sec_salt", OracleDbType = OracleDbType.Varchar2, Value = created.OldSalt
},
new OracleParameter {
ParameterName = "v_old_hash", OracleDbType = OracleDbType.Varchar2, Value = created.OldHash
},
new OracleParameter {
ParameterName = "v_new_salt", OracleDbType = OracleDbType.Varchar2, Value = created.NewSalt
},
new OracleParameter {
ParameterName = "v_new_hash", OracleDbType = OracleDbType.Varchar2, Value = created.NewHash
},
new OracleParameter {
ParameterName = "v_chg_type", OracleDbType = OracleDbType.Varchar2, Value = created.ChangeType.Id
},
new OracleParameter {
ParameterName = "v_notify_by", OracleDbType = OracleDbType.Varchar2, Value = created.NotifyBy.Id
},
new OracleParameter {
ParameterName = "v_partner_id", OracleDbType = OracleDbType.Varchar2, Value = created.PartAppUser.Id
},
new OracleParameter {
ParameterName = "v_partner_acc", OracleDbType = OracleDbType.Int32, Value = created.PartAppUser.Account
}
};
#endregion
_db.ExecuteStoredProc("pk_infra.fn_Create_chgSec_his", parameters);
var result = int.Parse(parameters.Find(x => x.ParameterName == "retVal").Value.ToString());
if (result > 0)
{
return(new OpertionResult {
AffectedCount = result, Success = true, Error = string.Empty
});
}
else
{
return(new OpertionResult {
AffectedCount = result, Success = false, Error = string.Empty
});
}
}
catch (Exception ex)
{
return(new OpertionResult {
AffectedCount = -1, Success = false, Error = ex.Message
});
}
}