public IHttpActionResult ChangePassword([FromBody] PasswordChangeRequest request)
{
Account userToChange;
if (User.IsInRole(AccountRole.User))
{
userToChange = _userManager.GetUser(User.Identity.GetId());
}
else if (request.Token != null)
{
userToChange = _passwordManager.GetUserByPasswordRecoveryToken(request.Token);
}
else
{
return(BadRequest());
}
if (userToChange == null)
{
return(NotFound());
}
var userId = userToChange.UserId;
if (!Password.IsStringCorrectPassword(request.NewPassword))
{
return(BadRequest());
}
_userManager.ChangeUserPassword(userId, request.NewPassword);
return(Ok());
}