public IActionResult ChangePassword(ChangePassInput changePassInput)
{
var user = _authHandler.UserFromClaimsPrincipal(User);
if (string.IsNullOrWhiteSpace(changePassInput.OldPassword) ||
string.IsNullOrWhiteSpace(changePassInput.NewPassword))
{
_logger.LogInformation("Old or new Password is null or empty.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (changePassInput.OldPassword.Length > 64 || changePassInput.NewPassword.Length > 64)
{
_logger.LogInformation("Old or new password length exceeds permitted length.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
user.Password = changePassInput.OldPassword;
if (_authHandler.ChangePassword(user, changePassInput.NewPassword))
{
_activityLogger.LogChangePassword(Request.HttpContext.Connection.RemoteIpAddress, user);
return(Ok());
}
_logger.LogInformation("Auth handler rejected password change.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}