public async Task <IActionResult> ChangePassword([FromBody] Secrets secrets)
{
//TODO: Here is a bug that any user even without token can change password for any one.
//We should check that if user change password for himself its ok, or admin can change password.
_log.LogInfo("Get new password.");
if (!ModelState.IsValid)
{
_log.LogError("Incorrect input.");
return(BadRequest(ModelState));
}
if (await _appDbContext.ChangePassword(secrets) == null)
{
_log.LogError("Invalid input, null password.");
return(BadRequest(Errors.AddErrorToModelState("changesFailure", "Invalid input.", ModelState)));
}
_log.LogInfo("Change password.");
return(Ok());
}