public IHttpActionResult Post(CreateUserModel model) { if (model == null) { throw new ArgumentNullException(nameof(model)); } bool exists; using (var tran = transactionCreator.GetTransaction()) { var existingUser = userQuery.Get(model.username); if (existingUser == null) { userCreator.Add(model.username, model.password); exists = false; } else { passwordChanger.ChangePassword(existingUser, model.password); exists = true; } tran.Commit(); } return(Ok(exists? $"The existing user '{model.username}' was updated" : $"The user '{model.username}' was created")); }
public PasswordChangeResponse ChangeOwnPassword(PasswordChangeRequest request) { if (request == null) { throw new ArgumentNullException(nameof(request)); } using (var tran = transactionCreator.GetTransaction()) { var user = userReader.RequireCurrentUser(); if (!IsExistingPasswordCorrect(request.ExistingPassword, user)) { return new PasswordChangeResponse { ExistingPasswordIncorrect = true } } ; if (request.ConfirmNewPassword != request.NewPassword) { return new PasswordChangeResponse { NewPasswordDoesNotMatchConfirmation = true } } ; if (!policy.IsPasswordOk(request.NewPassword, user)) { return new PasswordChangeResponse { NewPasswordDoesNotSatisfyPolicy = true } } ; updater.ChangePassword(user, request.NewPassword); tran.Commit(); } return(new PasswordChangeResponse()); } bool IsExistingPasswordCorrect(string password, User user) { var credentials = new LoginCredentials { Password = password, Username = user.Username, }; return(authService.Authenticate(credentials).Success); }