예제 #1
0
        public async Task <IActionResult> SetNewPassword(Guid token, [FromBody] ValidatedChangeUserPasswordModel user)
        {
            var existingToken = await _context.Accounts.FromSqlInterpolated($"SELECT * FROM accounts WHERE recover_password_token = UNHEX(REPLACE({token}, {"-"}, {""}))").ToListAsync();

            if (existingToken.Count > 0)
            {
                // token was found, get user id and change their password
                var existingUser = await _context.Users.FirstOrDefaultAsync(u => u.Id == existingToken[0].UserId);

                if (existingUser != null)
                {
                    string salt = _authenticationService.GenerateSalt();
                    string hash = _authenticationService.HashPassword(user.UserPassword, salt);

                    existingUser.UserPasswordHash = hash;
                    existingUser.UserPasswordSalt = salt;

                    _context.Entry(existingUser).State = EntityState.Modified;

                    // invalidate token, now that the password has changed
                    var accountEntry = await _context.Accounts.FirstOrDefaultAsync(a => a.UserId == existingUser.Id);

                    if (accountEntry != null)
                    {
                        accountEntry.RecoverPasswordToken  = null;
                        _context.Entry(accountEntry).State = EntityState.Modified;
                    }

                    await _context.SaveChangesAsync();

                    var origin             = Request.Headers["Origin"];
                    var forgotPasswordLink = $@"{origin}/forgot_password";

                    var emailBody = $@"Hi {existingUser.UserName},

 Your password has been reset @HairdressingProject Admin Portal. If you have not made this request, please contact us or navigate to the page below to reset it again:

 {forgotPasswordLink}

 Regards,

 HairdressingProject Admin.
 ";
                    try
                    {
                        _emailService.SendEmail(existingUser.UserEmail, existingUser.UserName, "Password successfully reset", emailBody);
                        return(NoContent());
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("Failed to send email:");
                        Console.WriteLine(ex);

                        return(StatusCode(StatusCodes.Status500InternalServerError, new { errors = new { Email = new string[] { ex.Message } } }));
                    }
                }
                return(NotFound(new { errors = new { Token = new string[] { "User not found" } }, status = 404 }));
            }
            return(NotFound(new { errors = new { Token = new string[] { "Token not found" } }, status = 404 }));
        }
예제 #2
0
        public async Task <IActionResult> SetNewPassword(ulong id, [FromBody] ValidatedChangeUserPasswordModel user)
        {
            if (!_authorizationService.ValidateJWTToken(Request))
            {
                return(Unauthorized(new { errors = new { Token = new string[] { "Invalid token" } }, status = 401 }));
            }

            if (id != user.Id)
            {
                return(BadRequest(new { errors = new { Id = new string[] { "ID sent does not match the one in the endpoint" } }, status = 400 }));
            }

            var userMod = await _context.Users.FirstOrDefaultAsync(u => u.Id == id);

            if (userMod == null)
            {
                return(NotFound(new { errors = new { Id = new string[] { "User not found" } }, status = 404 }));
            }

            // hash + salt new password
            string salt = _authenticationService.GenerateSalt();
            string hash = _authenticationService.HashPassword(user.UserPassword, salt);

            userMod.UserPasswordHash = hash;
            userMod.UserPasswordSalt = salt;

            _context.Entry(userMod).State = EntityState.Modified;

            try
            {
                await _context.SaveChangesAsync();
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!UsersExists(id))
                {
                    return(NotFound());
                }
                else
                {
                    throw;
                }
            }

            return(NoContent());
        }