public async ValueTask <IActionResult> ChangePasswordV1([FromBody] PasswordChangeV1 model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = uow.Users.Get(x => x.Id == GetIdentityGUID()).SingleOrDefault();
if (user == null)
{
ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{model.EntityId}");
return(NotFound(ModelState));
}
else if (!user.IsHumanBeing ||
user.Id != model.EntityId)
{
ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}");
return(BadRequest(ModelState));
}
else if (!PBKDF2.Validate(user.PasswordHashPBKDF2, model.CurrentPassword) ||
model.NewPassword != model.NewPasswordConfirm)
{
ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"Bad password for user:{user.Id}");
return(BadRequest(ModelState));
}
var expire = uow.Settings.Get(x => x.IssuerId == null && x.AudienceId == null && x.UserId == null &&
x.ConfigKey == SettingsConstants.GlobalTotpExpire).Single();
string token = HttpUtility.UrlEncode(new PasswordTokenFactory(uow.InstanceType.ToString())
.Generate(model.NewPassword, TimeSpan.FromSeconds(uint.Parse(expire.ConfigValue)), user.Id.ToString(), user.SecurityStamp));
if (uow.InstanceType != InstanceContext.DeployedOrLocal &&
uow.InstanceType != InstanceContext.End2EndTest)
{
return(Ok(token));
}
var url = UrlFactory.GenerateConfirmPasswordV1(conf, user.Id.ToString(), token);
var alert = ControllerContext.HttpContext.RequestServices.GetRequiredService <IAlertService>();
await alert.Enqueue_EmailV1(
new EmailV1()
{
FromEmail = user.EmailAddress,
FromDisplay = $"{user.FirstName} {user.LastName}",
ToEmail = user.EmailAddress,
ToDisplay = $"{user.FirstName} {user.LastName}",
Subject = MessageConstants.ConfirmPasswordSubject,
Body = Email.ConfirmPassword(map.Map <UserV1>(user), url)
});
return(NoContent());
}
public async ValueTask <IActionResult> ChangePhoneV1([FromBody] PhoneChangeV1 model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = uow.Users.Get(x => x.Id == GetIdentityGUID()).SingleOrDefault();
if (user == null)
{
ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{model.EntityId}");
return(NotFound(ModelState));
}
else if (user.Id != model.EntityId ||
!user.IsHumanBeing)
{
ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}");
return(BadRequest(ModelState));
}
else if (user.PhoneNumber != model.CurrentPhoneNumber ||
model.NewPhoneNumber != model.NewPhoneNumberConfirm)
{
ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"Bad phone for user:{user.Id}");
return(BadRequest(ModelState));
}
string token = HttpUtility.UrlEncode(new TimeBasedTokenFactory(8, 10).Generate(model.NewPhoneNumber, user.Id.ToString()));
if (uow.InstanceType != InstanceContext.DeployedOrLocal &&
uow.InstanceType != InstanceContext.End2EndTest)
{
return(Ok(token));
}
var url = UrlFactory.GenerateConfirmPasswordV1(conf, user.Id.ToString(), token);
var alert = ControllerContext.HttpContext.RequestServices.GetRequiredService <IAlertService>();
await alert.Enqueue_TextV1(
new TextV1()
{
FromPhoneNumber = model.NewPhoneNumber,
ToPhoneNumber = model.NewPhoneNumber,
Body = token
});
return(NoContent());
}