Пример #1
0
        public async Task <IHttpActionResult> ChangePassword(ChangePassInput input)
        {
            //Note: basically this is a pass reset request, so NO need to inform a potential attacker about exceptions - always return ok!

            try
            {
                var resetPassSuccess =
                    await Auth.ChangePasswordAsync(CustomUserAccountService.GetInstance("MapHiveMbr"), input.NewPass, input.OldPass);

                return(Ok(resetPassSuccess));
            }
            catch (Exception ex)
            {
                return(HandleException(ex));
            }
        }
Пример #2
0
        public async Task <IActionResult> ChangePasswordAsync([FromBody] ChangePassInput input)
        {
            //Note: basically this is a pass reset request, so NO need to inform a potential attacker about exceptions - always return ok!

            try
            {
                var resetPassSuccess =
                    await Auth.ChangePasswordAsync(input.NewPass, input.OldPass);

                return(Ok(resetPassSuccess));
            }
            catch (Exception ex)
            {
                return(HandleException(ex));
            }
        }
Пример #3
0
        public IActionResult ChangePassword(ChangePassInput changePassInput)
        {
            var user = _authHandler.UserFromClaimsPrincipal(User);

            if (string.IsNullOrWhiteSpace(changePassInput.OldPassword) ||
                string.IsNullOrWhiteSpace(changePassInput.NewPassword))
            {
                _logger.LogInformation("Old or new Password is null or empty.");

                _logger.LogInformation($"Terminating session. User: {user.Uuid}" +
                                       $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
                _authHandler.TerminateSession(user);

                return(BadRequest());
            }

            if (changePassInput.OldPassword.Length > 64 || changePassInput.NewPassword.Length > 64)
            {
                _logger.LogInformation("Old or new password length exceeds permitted length.");

                _logger.LogInformation($"Terminating session. User: {user.Uuid}" +
                                       $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
                _authHandler.TerminateSession(user);

                return(BadRequest());
            }

            user.Password = changePassInput.OldPassword;

            if (_authHandler.ChangePassword(user, changePassInput.NewPassword))
            {
                _activityLogger.LogChangePassword(Request.HttpContext.Connection.RemoteIpAddress, user);
                return(Ok());
            }

            _logger.LogInformation("Auth handler rejected password change.");
            _logger.LogInformation($"Terminating session. User: {user.Uuid}" +
                                   $", IP: {HttpContext?.Connection.RemoteIpAddress.ToString() ?? "Unknown IP"}");
            _authHandler.TerminateSession(user);
            return(BadRequest());
        }