public async Task <IHttpActionResult> ChangePassword([FromBody] ChangePasswordViewModel model, string email)
{
try
{
if (ModelState.IsValid)
{
var user = new User();
if (_userRepo.IsUserExists(email))
{
user = _userRepo.GetByUserEmail(email);
if (!PasswordHashProvider.ValidatePassword(model.OldPassword, user.Password))
{
return(BadRequest("Wrong Password"));
}
else
{
var result = _userRepo.ChangePassword(model, email);
return(await SendResonse(result, "Your password changed successfully"));
}
}
else
{
return(BadRequest("No such user exists"));
}
}
else
{
return(BadRequest(string.Join(" ", ModelState.Values.SelectMany(x => x.Errors).Select(e => e.ErrorMessage))));
}
}
catch (Exception e)
{
return(await ErrorResult(e));
}
}
public bool UpdatePassword(string email, string password)
{
var dbAccount = Context.Set <AuthInternal>().FirstOrDefault(u => u.email == email);
if (PasswordHashProvider.ValidatePassword(password, dbAccount.password))
{
dbAccount.password = string.Empty;
Context.SaveChanges();
return(true);
}
return(false);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (string.IsNullOrEmpty(context.UserName) || string.IsNullOrEmpty(context.Password))
{
context.SetError("invalid_grant", "The username or password is incorrect.");
return;
}
var user = _userRepo.GetByUserEmail(context.UserName);
if (user == null)
{
context.SetError("invalid_username", "The username is not correct.");
return;
}
if (!PasswordHashProvider.ValidatePassword(context.Password, user.Password))
{
context.SetError("invalid_password", "The password is not correct.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", context.ClientId ?? string.Empty
},
{
"userName", context.UserName
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public Account GetOrCreate(LoginRequest account)
{
try
{
var dbUser = _authInternalRepository.FindByEmail(account.Email);
if (dbUser == null)
{
_logger.LogError($"Account with login {account.Email} doesn't exist!");
return(null);
}
if (PasswordHashProvider.ValidatePassword(account.Password, dbUser.password))
{
return(_accountRepository.GetById(dbUser.account_id));
}
return(null);
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}