public IActionResult ChangePassword(PasswordChangeModel changeModel)
{
var userCode = _userCodeService.GetUserCode(changeModel.Code, UserCodeType.PasswordReset);
if (!IsCodeValid(userCode))
{
return(R.Fail.With("expired", true).Result);
}
//check if current password needs to be checked
if (ApplicationEngine.CurrentUser.IsRegistered())
{
//we do
if (!ShouldSignIn(ApplicationEngine.CurrentUser, changeModel.CurrentPassword))
{
return(R.Fail.With("error", T("The current password is invalid")).Result);
}
}
//update the password
//first preserve the old password
_previousPasswordService.Insert(new PreviousPassword()
{
UserId = userCode.UserId,
Password = userCode.User.Password,
PasswordSalt = userCode.User.PasswordSalt,
PasswordFormat = userCode.User.PasswordFormat,
CreatedOn = DateTime.UtcNow
});
//reset the password now
_userRegistrationService.UpdatePassword(userCode.UserId, changeModel.Password,
_securitySettings.DefaultPasswordStorageFormat);
//delete the user code now
_userCodeService.Delete(x => x.UserId == userCode.UserId && x.CodeType == UserCodeType.PasswordReset);
RaiseEvent(NamedEvent.PasswordReset, userCode.User);
return(R.Success.Result);
}
public ActionResult DeleteUserCode(string id)
{
_service.Delete(id);
// According to the conventions, we have to return HTTP 204 No Content.
return(NoContent());
}