/** * Set user password after reset. */ private async Task <APIGatewayProxyResponse> SetUserPasswordAfterReset(IDataStores dataStores, IDictionary <string, string> requestHeaders, JObject requestBody) { Debug.Untested(); Debug.AssertValid(dataStores); Debug.AssertValid(requestHeaders); Debug.AssertValidOrNull(requestBody); try { // Log call LoggingHelper.LogMessage($"UserIdentityService::SetUserPasswordAfterReset()"); // Get the NoSQL DB client AmazonDynamoDBClient dbClient = (AmazonDynamoDBClient)dataStores.GetNoSQLDataStore().GetDBClient(); Debug.AssertValid(dbClient); // Check inputs SetUserPasswordAfterResetRequest setUserPasswordAfterResetRequest = UserIdentityService_SetUserPasswordAfterReset_LogicLayer.CheckValidSetUserPasswordAfterResetRequest(requestBody); Debug.AssertValid(setUserPasswordAfterResetRequest); // Perform logic await UserIdentityService_SetUserPasswordAfterReset_LogicLayer.SetUserPasswordAfterReset(dbClient, setUserPasswordAfterResetRequest); // Respond return(new APIGatewayProxyResponse { StatusCode = APIHelper.STATUS_CODE_NO_CONTENT }); } catch (Exception exception) { Debug.Tested(); return(APIHelper.ResponseFromException(exception)); } }
/** * Set user password after reset. */ public static async Task SetUserPasswordAfterReset(AmazonDynamoDBClient dbClient, SetUserPasswordAfterResetRequest setUserPasswordAfterResetRequest) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertValid(setUserPasswordAfterResetRequest); Debug.AssertString(setUserPasswordAfterResetRequest.resetPasswordLinkId); Debug.AssertEmail(setUserPasswordAfterResetRequest.emailAddress); Debug.AssertPassword(setUserPasswordAfterResetRequest.newPassword); // Find the valid link Link link = await IdentityServiceLogicLayer.FindValidLink(dbClient, setUserPasswordAfterResetRequest.resetPasswordLinkId, IdentityServiceLogicLayer.LINK_TYPE_RESET_PASSWORD); Debug.AssertValidOrNull(link); if (link != null) { // Valid link exists Debug.Tested(); Debug.AssertID(link.UserID); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, link.UserID, true); Debug.AssertValidOrNull(user); if (user != null) { Debug.Tested(); Debug.AssertEmail(user.EmailAddress); if (user.EmailAddress == setUserPasswordAfterResetRequest.emailAddress) { // Email address matches user's email address Debug.Tested(); // Make changes user.PasswordHash = Helper.Hash(setUserPasswordAfterResetRequest.newPassword); user.Locked = false; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); // Revoke link link.Revoked = true; //??++SAVE LINK } else { Debug.Tested(); throw new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS, new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS)); } } else { // User does not exist - may have been closed (and possibly subsequently deleted). Debug.Tested(); throw new Exception(SharedLogicLayer.ERROR_INVALID_LINK_USER, new Exception(SharedLogicLayer.ERROR_INVALID_LINK_USER)); } } else { Debug.Tested(); throw new Exception(SharedLogicLayer.ERROR_INVALID_LINK, new Exception(SharedLogicLayer.ERROR_INVALID_LINK)); } }