public IHttpActionResult ChangePassword(int id, [FromBody] PasswordDto password) { try { var token = Request.Headers.GetValues("Authorization").First(); if (!FunctionCommon.ValidatePermission(token, id)) { return(ResponseMessage(new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent("Not allowed.") })); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var i = _accountService.ChangePassword(password, id); if (i == -1) { return(BadRequest("Cannot found this account")); } else if (i == 0) { return(BadRequest("Old password isn't correct")); } return(Ok("Update password success")); } catch (Exception e) { return(InternalServerError(e)); } }