public IActionResult ChangePassword([FromBody] ResetPasswordViewModel user)
{
var status = false;
try
{
var model = HttpContext.Session.Get <UserViewModel>(Constants.SessionKeyUserInfo);
user.Email = model.Email;
status = authHandler.ChangePassword(user);
}
catch (UserNotCreatedException ex)
{
status = false;
}
ModelState.Clear();
return(Json(status));
}
public IActionResult ChangePassword(ChangePassInput changePassInput)
{
var user = _authHandler.UserFromClaimsPrincipal(User);
if (string.IsNullOrWhiteSpace(changePassInput.OldPassword) ||
string.IsNullOrWhiteSpace(changePassInput.NewPassword))
{
_logger.LogInformation("Old or new Password is null or empty.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
if (changePassInput.OldPassword.Length > 64 || changePassInput.NewPassword.Length > 64)
{
_logger.LogInformation("Old or new password length exceeds permitted length.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
user.Password = changePassInput.OldPassword;
if (_authHandler.ChangePassword(user, changePassInput.NewPassword))
{
_activityLogger.LogChangePassword(Request.HttpContext.Connection.RemoteIpAddress, user);
return(Ok());
}
_logger.LogInformation("Auth handler rejected password change.");
_logger.LogInformation($"Terminating session. User: {user.Uuid}" +
$", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
_authHandler.TerminateSession(user);
return(BadRequest());
}
public bool ChangePassword([FromBody] dynamic model)
{
return(_impl.ChangePassword((string)model.authenticationCookie, (string)model.userName, (string)model.oldPassword, (string)model.newPassword, (string)model.userData));
}
