public IActionResult SetPasswordV1([FromBody] PasswordChangeV1 model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = uow.Users.Get(x => x.Id == GetIdentityGUID()).SingleOrDefault();
if (user == null)
{
ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{GetIdentityGUID()}");
return(NotFound(ModelState));
}
else if (!user.IsHumanBeing)
{
ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}");
return(BadRequest(ModelState));
}
else if (!new ValidationHelper().ValidatePassword(model.CurrentPassword).Succeeded ||
!new ValidationHelper().ValidatePassword(model.NewPassword).Succeeded ||
model.NewPassword != model.NewPasswordConfirm)
{
ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"Bad password for user:{user.Id}");
return(BadRequest(ModelState));
}
uow.Users.SetPassword(user, model.NewPassword);
uow.Commit();
return(NoContent());
}
public async ValueTask <IActionResult> ChangePasswordV1([FromBody] PasswordChangeV1 model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = uow.Users.Get(x => x.Id == GetIdentityGUID()).SingleOrDefault();
if (user == null)
{
ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{model.EntityId}");
return(NotFound(ModelState));
}
else if (!user.IsHumanBeing ||
user.Id != model.EntityId)
{
ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}");
return(BadRequest(ModelState));
}
else if (!PBKDF2.Validate(user.PasswordHashPBKDF2, model.CurrentPassword) ||
model.NewPassword != model.NewPasswordConfirm)
{
ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"Bad password for user:{user.Id}");
return(BadRequest(ModelState));
}
var expire = uow.Settings.Get(x => x.IssuerId == null && x.AudienceId == null && x.UserId == null &&
x.ConfigKey == SettingsConstants.GlobalTotpExpire).Single();
string token = HttpUtility.UrlEncode(new PasswordTokenFactory(uow.InstanceType.ToString())
.Generate(model.NewPassword, TimeSpan.FromSeconds(uint.Parse(expire.ConfigValue)), user.Id.ToString(), user.SecurityStamp));
if (uow.InstanceType != InstanceContext.DeployedOrLocal &&
uow.InstanceType != InstanceContext.End2EndTest)
{
return(Ok(token));
}
var url = UrlFactory.GenerateConfirmPasswordV1(conf, user.Id.ToString(), token);
var alert = ControllerContext.HttpContext.RequestServices.GetRequiredService <IAlertService>();
await alert.Enqueue_EmailV1(
new EmailV1()
{
FromEmail = user.EmailAddress,
FromDisplay = $"{user.FirstName} {user.LastName}",
ToEmail = user.EmailAddress,
ToDisplay = $"{user.FirstName} {user.LastName}",
Subject = MessageConstants.ConfirmPasswordSubject,
Body = Email.ConfirmPassword(map.Map <UserV1>(user), url)
});
return(NoContent());
}
