public Result ChangePassword(int userID, string currentPassword, string newPassword)
{
if (string.IsNullOrEmpty(currentPassword) || string.IsNullOrEmpty(newPassword))
{
return(new Result(false, "Bad request received."));
}
var passwordResult = _accountAccessor.GetUserPassword(userID);
if (!passwordResult.IsSuccess)
{
return(new Result(false, "User not found."));
}
var password = passwordResult.Payload;
var hashedPassword = _encryptionService.CreatePasswordHash(currentPassword, password.PasswordSalt);
if (hashedPassword == password.Password)
{
var newSaltKey = _encryptionService.CreateSaltKey(Convert.ToInt32(_configuration["PasswordSaltLength"]));
var newHashedPassword = _encryptionService.CreatePasswordHash(newPassword, newSaltKey);
_accountAccessor.ChangePassword(userID, newHashedPassword, newSaltKey);
return(new Result(true));
}
else
{
return(new Result(false, "Current password was incorrect."));
}
}
public Result ChangePassword(ChangePasswordRequest request)
{
var user = _accountAccessor.FindUserByEmail(request.Email);
if (!user.IsSuccess)
{
return(new Result(false, "Invalid request received."));
}
var saltKey = _encryptionService.CreateSaltKey(Convert.ToInt32(_configuration["PasswordSaltLength"]));
var hashedPassword = _encryptionService.CreatePasswordHash(request.NewPassword, saltKey);
_accountAccessor.ChangePassword(user.Payload.UserID, hashedPassword, saltKey);
return(new Result(true));
}