/// <summary>
/// Changes the password of the user.
/// </summary>
/// <param name="sessionToken">The session token for the current user.</param>
/// <param name="oldPassword">The person's old password.</param>
/// <param name="newPassword">The person's new password.</param>
public override void ChangePassword(string sessionToken, string oldPassword, string newPassword)
{
// Retrieve the user
string userName = GetUserName(sessionToken);
if (string.IsNullOrEmpty(userName))
{
throw new SessionInvalidException();
}
IAuthentication user = RetrieveUser(userName);
if (user == null)
{
throw new SessionInvalidException();
}
// Validate the old password
LoginRequest credientals = new LoginRequest(userName);
credientals.AddCredential(LoginRequest.PasswordCredential, oldPassword);
if (!user.Authenticate(credientals))
{
LogEvent(null, userName, SecurityEvent.ChangePassword, SecurityRight.Deny, "Old password is incorrect");
throw new SecurityException("Old password is incorrect");
}
// Change the password
LogEvent(null, userName, SecurityEvent.ChangePassword, SecurityRight.Allow, null);
user.ChangePassword(newPassword);
// Update the file
UpdateSetting(user);
}
/// <summary>
/// Resets the password for a user.
/// </summary>
/// <param name="sessionToken">The session token for the current user.</param>
/// <param name="userName">The user name to reset the password for.</param>
/// <param name="newPassword">The person's new password.</param>
public override void ResetPassword(string sessionToken, string userName, string newPassword)
{
// Retrieve the user and make sure they have the right permission
string currentUser = GetUserName(sessionToken);
if (string.IsNullOrEmpty(currentUser))
{
throw new SessionInvalidException();
}
if (!CheckServerPermission(currentUser, SecurityPermission.ModifySecurity))
{
LogEvent(null, currentUser, SecurityEvent.ResetPassword, SecurityRight.Deny, null);
throw new PermissionDeniedException("Reset password");
}
// Change the password
LogEvent(null, currentUser, SecurityEvent.ResetPassword, SecurityRight.Allow,
string.Format(System.Globalization.CultureInfo.CurrentCulture, "Reset password for '{0}'", userName));
IAuthentication user = RetrieveUser(userName);
if (user == null)
{
throw new SessionInvalidException();
}
user.ChangePassword(newPassword);
// Update the file
UpdateSetting(user);
}
public async Task <IActionResult> ChangePassword([FromBody] ChangePasswordDto changePassword)
{
string userId = HttpContext.User.Identity.GetUserId();
ResponseDto <ErrorDto> errorResponse = new ResponseDto <ErrorDto>(false);
try
{
await _authentication.ChangePassword(userId, changePassword);
return(Ok());
}
catch (AuthenticationException ex)
{
errorResponse.Data = new ErrorDto(ex.Message);
return(BadRequest(errorResponse));
}
}
public async Task <IActionResult> ChangePassword(ChangePasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var changePasswordResult = await _auth.ChangePassword(User, model.OldPassword, model.NewPassword);
if (!changePasswordResult)
{
return(View(model));
}
_logger.LogInformation("User changed their password successfully.");
StatusMessage = "Your password has been changed.";
return(RedirectToAction(nameof(ChangePassword)));
}
