public IActionResult SetPasswordV1([FromBody] PasswordChangeV1 model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var user = uow.Users.Get(x => x.Id == GetIdentityGUID()).SingleOrDefault(); if (user == null) { ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{GetIdentityGUID()}"); return(NotFound(ModelState)); } else if (!user.IsHumanBeing) { ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}"); return(BadRequest(ModelState)); } else if (!new ValidationHelper().ValidatePassword(model.CurrentPassword).Succeeded || !new ValidationHelper().ValidatePassword(model.NewPassword).Succeeded || model.NewPassword != model.NewPasswordConfirm) { ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"Bad password for user:{user.Id}"); return(BadRequest(ModelState)); } uow.Users.SetPassword(user, model.NewPassword); uow.Commit(); return(NoContent()); }
public async ValueTask <IActionResult> ChangePasswordV1([FromBody] PasswordChangeV1 model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var user = uow.Users.Get(x => x.Id == GetIdentityGUID()).SingleOrDefault(); if (user == null) { ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{model.EntityId}"); return(NotFound(ModelState)); } else if (!user.IsHumanBeing || user.Id != model.EntityId) { ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}"); return(BadRequest(ModelState)); } else if (!PBKDF2.Validate(user.PasswordHashPBKDF2, model.CurrentPassword) || model.NewPassword != model.NewPasswordConfirm) { ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"Bad password for user:{user.Id}"); return(BadRequest(ModelState)); } var expire = uow.Settings.Get(x => x.IssuerId == null && x.AudienceId == null && x.UserId == null && x.ConfigKey == SettingsConstants.GlobalTotpExpire).Single(); string token = HttpUtility.UrlEncode(new PasswordTokenFactory(uow.InstanceType.ToString()) .Generate(model.NewPassword, TimeSpan.FromSeconds(uint.Parse(expire.ConfigValue)), user.Id.ToString(), user.SecurityStamp)); if (uow.InstanceType != InstanceContext.DeployedOrLocal && uow.InstanceType != InstanceContext.End2EndTest) { return(Ok(token)); } var url = UrlFactory.GenerateConfirmPasswordV1(conf, user.Id.ToString(), token); var alert = ControllerContext.HttpContext.RequestServices.GetRequiredService <IAlertService>(); await alert.Enqueue_EmailV1( new EmailV1() { FromEmail = user.EmailAddress, FromDisplay = $"{user.FirstName} {user.LastName}", ToEmail = user.EmailAddress, ToDisplay = $"{user.FirstName} {user.LastName}", Subject = MessageConstants.ConfirmPasswordSubject, Body = Email.ConfirmPassword(map.Map <UserV1>(user), url) }); return(NoContent()); }