public async Task <ActionResult> ChangePassword(PasswordChangeParams passwordChangeParams)
{
var userId = HttpContext.GetUserId();
if (!userId.HasValue)
{
return(Unauthorized());
}
await _userService.ChangePassword(userId.Value, passwordChangeParams);
return(Ok());
}
public async Task ChangePassword(int userId, PasswordChangeParams passwordChangeParams)
{
var user = await _userRepository.GetByIdAsync(userId);
if (user == null)
{
throw new UnauthorizedException("Brak użytkownika");
}
using var hmac = new HMACSHA512(user.PasswordSalt);
var currentPasswordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(passwordChangeParams.CurrentPassword));
if (!HashesAreEqual(currentPasswordHash, user.PasswordHash))
{
throw new UnauthorizedException("Niepoprawne hasło");
}
var newPasswordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(passwordChangeParams.NewPassword));
await _userRepository.ChangePasswordAsync(user, newPasswordHash, hmac.Key);
}
