Пример #1
0
        public async Task <ActionResult> UpdateUserPassword(long id,
                                                            [FromBody] UserPasswordPatchDTO userPasswordPatchDTO)
        {
            await _bll.Identity.UpdatePasswordAsync(id, userPasswordPatchDTO);

            return(Ok());
        }
Пример #2
0
        public async Task UpdatePasswordAsync(long id, UserPasswordPatchDTO userPasswordPatchDTO)
        {
            if (id != userPasswordPatchDTO.Id)
            {
                throw new ValidationException("Идентификаторы должны совпадать");
            }

            var user = await _userManager.FindByIdAsync(userPasswordPatchDTO.Id.ToString());

            if (user == null)
            {
                throw new NotFoundException("Пользователь не найден");
            }

            var currentUser = await _userManager.GetUserAsync(User);

            if (!await UserHasAccessToUser(await _userManager.GetUserAsync(User), user))
            {
                throw new ValidationException("Ошибка доступа");
            }

            if (await _userManager.IsInRoleAsync(currentUser, "User") || currentUser.Id == user.Id)
            {
                var result = await _userManager.ChangePasswordAsync(user, userPasswordPatchDTO.CurrentPassword,
                                                                    userPasswordPatchDTO.NewPassword);

                if (!result.Succeeded)
                {
                    throw new ValidationException("Неверный пароль");
                }

                await _signInManager.RefreshSignInAsync(user);

                _logger.LogInformation($"Роль пользователя, {user.Email}, успешно изменен");

                return;
            }

            var passwordValidator = new PasswordValidator <AppUser>();
            var valid             = await passwordValidator.ValidateAsync(_userManager, null !, userPasswordPatchDTO.NewPassword);

            if (!valid.Succeeded)
            {
                throw new ValidationException("Неверный пароль");
            }

            await _userManager.RemovePasswordAsync(user);

            await _userManager.AddPasswordAsync(user, userPasswordPatchDTO.NewPassword);
        }