public async Task <ActionResult> UpdateUserPassword(long id,
[FromBody] UserPasswordPatchDTO userPasswordPatchDTO)
{
await _bll.Identity.UpdatePasswordAsync(id, userPasswordPatchDTO);
return(Ok());
}
public async Task UpdatePasswordAsync(long id, UserPasswordPatchDTO userPasswordPatchDTO)
{
if (id != userPasswordPatchDTO.Id)
{
throw new ValidationException("Идентификаторы должны совпадать");
}
var user = await _userManager.FindByIdAsync(userPasswordPatchDTO.Id.ToString());
if (user == null)
{
throw new NotFoundException("Пользователь не найден");
}
var currentUser = await _userManager.GetUserAsync(User);
if (!await UserHasAccessToUser(await _userManager.GetUserAsync(User), user))
{
throw new ValidationException("Ошибка доступа");
}
if (await _userManager.IsInRoleAsync(currentUser, "User") || currentUser.Id == user.Id)
{
var result = await _userManager.ChangePasswordAsync(user, userPasswordPatchDTO.CurrentPassword,
userPasswordPatchDTO.NewPassword);
if (!result.Succeeded)
{
throw new ValidationException("Неверный пароль");
}
await _signInManager.RefreshSignInAsync(user);
_logger.LogInformation($"Роль пользователя, {user.Email}, успешно изменен");
return;
}
var passwordValidator = new PasswordValidator <AppUser>();
var valid = await passwordValidator.ValidateAsync(_userManager, null !, userPasswordPatchDTO.NewPassword);
if (!valid.Succeeded)
{
throw new ValidationException("Неверный пароль");
}
await _userManager.RemovePasswordAsync(user);
await _userManager.AddPasswordAsync(user, userPasswordPatchDTO.NewPassword);
}
