public IActionResult User_EditPassword(int id, [FromBody] PasswordReset psw_reset)
{
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV))
{
ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information.");
return(new UnauthorizedObjectResult(error));
}
// get user from db
User user = _context.Users.Single(a => a.ID == id);
// if password is valid then we change it and update db
if (ValidatePassword(psw_reset.Current_Password, user.Password))
{
user.Password = HelperMethods.ConcatenatedSaltAndSaltedHash(psw_reset.New_Password);
_context.Update(user);
_context.SaveChanges();
return(Ok());
}
else
{
ErrorMessage error = new ErrorMessage("Invalid Password", "Your current password does not match.");
return(new BadRequestObjectResult(error));
}
}
public string User_EditPassword(int id, [FromBody] string passwordJson)
{
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id))
{
Response.StatusCode = 401;
return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString());
}
JObject json = null;
// might want Json verification as own function since all will do it.. we will see
try { json = JObject.Parse(passwordJson); } catch (Exception ex) {
Response.StatusCode = 400;
ErrorMessage error = new ErrorMessage("Invalid Json", passwordJson, ex.Message);
return(JObject.FromObject(error).ToString());
}
try {
User user = _context.Users.Single(a => a.ID == id);
// if password is valid then we change it and update db
if (ValidatePassword(json["current_password"].ToString(), user.Password))
{
user.Password = HelperMethods.ConcatenatedSaltAndSaltedHash(json["new_password"].ToString());
_context.Update(user);
_context.SaveChanges();
}
else
{
Response.StatusCode = 401;
return(JObject.FromObject(new ErrorMessage("Invalid Password", json["current_password"].ToString(), "n/a")).ToString());
}
} catch (Exception ex) {
Response.StatusCode = 500;
return(JObject.FromObject(new ErrorMessage("Failed to update with new password", "n/a", ex.Message)).ToString()); // don't continue to send password back and forth in messages
}
return(JObject.Parse(SuccessMessage._result).ToString());
}
[HttpPost, AllowAnonymous] // Working.. needs password hashing
public string User_AddUser([FromBody] string userJson)
{
JObject json = null;
// might want Json verification as own function since all will do it.. we will see
try { json = JObject.Parse(userJson); } catch (Exception ex) {
Response.StatusCode = 400;
ErrorMessage error = new ErrorMessage("Invalid Json", userJson, ex.Message);
return(JObject.FromObject(error).ToString());
}
// attempt to create new user and add to the database... later we need to implement hashing
try {
User newUser = new User {
First_Name = json["firstname"].ToString(), Last_Name = json["lastname"].ToString(), Email = json["email"].ToString(), Password = HelperMethods.ConcatenatedSaltAndSaltedHash(json["password"].ToString()), NumAccs = 0, Role = UserRoles.User
};
_context.Users.Add(newUser);
_context.SaveChanges();
HelperMethods.CreateUserKeyandIV(_context.Users.Single(a => a.Email == json["email"].ToString()).ID); // after we save changes, we need to get the user by their email and then use the id to create unique password and iv
} catch (Exception ex) {
Response.StatusCode = 500;
ErrorMessage error = new ErrorMessage("Failed to create new user", json.ToString(), ex.Message);
return(JObject.FromObject(error).ToString());
}
JObject message = JObject.Parse(SuccessMessage._result);
message.Add(new JProperty("id", _context.Users.Single(a => a.Email == json["email"].ToString()).ID)); // user context to get id since locally created user will not have id set
return(message.ToString());
}
