public async Task <JsonResult> CurrentUserChangePassword(PegaUser user) { if (user.NewChangedPassword.Length < 8 || user.NewChangedPassword.Length > 30) { return(Json(ResultsItem.Error("Password changed failed: Password length must be from 8 - 30 characters."))); } if (user.NewChangedPassword != user.ConfirmNewChangedPassword) { return(Json(ResultsItem.Error("Passwords does not match."))); } if (CurrentUser.Username != user.Username) { return(Json(ResultsItem.Error("Username does not match."))); } // do-later: check if current pw is valid first. if (!AuthorizationLogic.AuthorizeUser(CurrentUser.Username, user.Password)) // Change password var pwChangeResult = await AuthorizationLogic.ChangePassword(user.Username, user.NewChangedPassword); if (!pwChangeResult.IsSuccess) { return(Json(pwChangeResult)); } HttpContext.Session.Clear(); string successMessage = "Your password has been successfully reset. Please login again"; TempData["message"] = successMessage; return(Json(ResultsItem.Success(successMessage))); }
public async Task <JsonResult> ChooseNewResetPassword(PasswordUpdateRequest passRequest) { if (passRequest.NewPassword.Length < 8 || passRequest.NewPassword.Length > 30) { return(Json(ResultsItem.Error("Password changed failed: Password length must be from 8 - 30 characters."))); } if (passRequest.NewPassword != passRequest.ConfirmNewPassword) { return(Json(ResultsItem.Error("Passwords does not match."))); } PasswordUpdateRequest savedRequest = TempData["ResetPasswordRequest"] == null ? null : Utilities.Deserialize <PasswordUpdateRequest>(TempData["ResetPasswordRequest"].ToString()); if (savedRequest == null || string.IsNullOrEmpty(savedRequest.AuthenticationHash)) { return(Json(ResultsItem.Error("Password reset form expired. Please request another password reset."))); } if (savedRequest.Username != passRequest.Username) { return(Json(ResultsItem.Error("Passwords does not match."))); } if (Utilities.GenerateHmacSHA256Hash($"{savedRequest.Username}{savedRequest.EmailAuthCode}_ptpwresetreq", "PTPWRESET") != passRequest.AuthenticationHash) { return(Json(ResultsItem.Error("Authentication failed."))); } // Change password var pwChangeResult = await AuthorizationLogic.ChangePassword(passRequest.Username, passRequest.NewPassword); if (!pwChangeResult.IsSuccess) { return(Json(pwChangeResult)); } string successMessage = "Your password has been successfully reset. Please login again"; TempData["message"] = successMessage; return(Json(ResultsItem.Success(successMessage))); }