public async Task <ActionResult> ChangePassword(PasswordChangeParams passwordChangeParams) { var userId = HttpContext.GetUserId(); if (!userId.HasValue) { return(Unauthorized()); } await _userService.ChangePassword(userId.Value, passwordChangeParams); return(Ok()); }
public async Task ChangePassword(int userId, PasswordChangeParams passwordChangeParams) { var user = await _userRepository.GetByIdAsync(userId); if (user == null) { throw new UnauthorizedException("Brak użytkownika"); } using var hmac = new HMACSHA512(user.PasswordSalt); var currentPasswordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(passwordChangeParams.CurrentPassword)); if (!HashesAreEqual(currentPasswordHash, user.PasswordHash)) { throw new UnauthorizedException("Niepoprawne hasło"); } var newPasswordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(passwordChangeParams.NewPassword)); await _userRepository.ChangePasswordAsync(user, newPasswordHash, hmac.Key); }