public IHttpActionResult PutUserAccounts(ChangePasswordDTO passwordInput) // CHANGE PASSWORD
{
TextResult httpResponse = new TextResult("Failed to change password!", msg); // Http response
string salt;
string hashedOldPassword = null;
string hashedNewPassword;
string hashedPasswordFromDb = null;
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
UserAccountsManager umgr = new UserAccountsManager();
bool passwordIsNotOk = umgr.CheckIfPasswordIsOk(passwordInput.NewPassword); // Check if password is valid
if (passwordIsNotOk.Equals(true))
{
httpResponse.ChangeHTTPMessage("Password must contain atleast six characters, one digit and one uppercase!", msg); // If password is not ok, HTTP response
return(httpResponse);
}
try
{
salt = umgr.GetUserSalt(passwordInput.AccountName); // Gets salt from DB
hashedOldPassword = umgr.HashPassword(salt, passwordInput.OldPassword); // Hashing old password with user salt
hashedNewPassword = umgr.HashPassword(salt, passwordInput.NewPassword); // Hashing new password with user salt
hashedPasswordFromDb = umgr.GetPassword(passwordInput.AccountName); // Gets old hashed password from DB
} catch
{
return(httpResponse); // http response if above operations failed
}
if (hashedOldPassword.Equals(hashedPasswordFromDb)) // Compares new password vs old
{
UserAccounts updatedUser = new UserAccounts();
updatedUser.accountPassword = hashedNewPassword; // Adds new hashed password to user entity
updatedUser.accountName = passwordInput.AccountName; // User entity account name
bool entityIsUpdated = umgr.UpdateEntityInDb(updatedUser); // Updating entity in DB
if (entityIsUpdated.Equals(true))
{
httpResponse.ChangeHTTPMessage("Password changed!", msg);
return(httpResponse);
}
return(httpResponse);
}
httpResponse.ChangeHTTPMessage("Password not correct!", msg); // if input password and password from DB do not match
return(httpResponse);
}