/// <summary> /// Changes the password of the user. /// </summary> /// <param name="sessionToken">The session token for the current user.</param> /// <param name="oldPassword">The person's old password.</param> /// <param name="newPassword">The person's new password.</param> public override void ChangePassword(string sessionToken, string oldPassword, string newPassword) { // Retrieve the user string userName = GetUserName(sessionToken); if (string.IsNullOrEmpty(userName)) { throw new SessionInvalidException(); } IAuthentication user = RetrieveUser(userName); if (user == null) { throw new SessionInvalidException(); } // Validate the old password LoginRequest credientals = new LoginRequest(userName); credientals.AddCredential(LoginRequest.PasswordCredential, oldPassword); if (!user.Authenticate(credientals)) { LogEvent(null, userName, SecurityEvent.ChangePassword, SecurityRight.Deny, "Old password is incorrect"); throw new SecurityException("Old password is incorrect"); } // Change the password LogEvent(null, userName, SecurityEvent.ChangePassword, SecurityRight.Allow, null); user.ChangePassword(newPassword); // Update the file UpdateSetting(user); }
/// <summary> /// Resets the password for a user. /// </summary> /// <param name="sessionToken">The session token for the current user.</param> /// <param name="userName">The user name to reset the password for.</param> /// <param name="newPassword">The person's new password.</param> public override void ResetPassword(string sessionToken, string userName, string newPassword) { // Retrieve the user and make sure they have the right permission string currentUser = GetUserName(sessionToken); if (string.IsNullOrEmpty(currentUser)) { throw new SessionInvalidException(); } if (!CheckServerPermission(currentUser, SecurityPermission.ModifySecurity)) { LogEvent(null, currentUser, SecurityEvent.ResetPassword, SecurityRight.Deny, null); throw new PermissionDeniedException("Reset password"); } // Change the password LogEvent(null, currentUser, SecurityEvent.ResetPassword, SecurityRight.Allow, string.Format(System.Globalization.CultureInfo.CurrentCulture, "Reset password for '{0}'", userName)); IAuthentication user = RetrieveUser(userName); if (user == null) { throw new SessionInvalidException(); } user.ChangePassword(newPassword); // Update the file UpdateSetting(user); }
public async Task <IActionResult> ChangePassword([FromBody] ChangePasswordDto changePassword) { string userId = HttpContext.User.Identity.GetUserId(); ResponseDto <ErrorDto> errorResponse = new ResponseDto <ErrorDto>(false); try { await _authentication.ChangePassword(userId, changePassword); return(Ok()); } catch (AuthenticationException ex) { errorResponse.Data = new ErrorDto(ex.Message); return(BadRequest(errorResponse)); } }
public async Task <IActionResult> ChangePassword(ChangePasswordViewModel model) { if (!ModelState.IsValid) { return(View(model)); } var changePasswordResult = await _auth.ChangePassword(User, model.OldPassword, model.NewPassword); if (!changePasswordResult) { return(View(model)); } _logger.LogInformation("User changed their password successfully."); StatusMessage = "Your password has been changed."; return(RedirectToAction(nameof(ChangePassword))); }