public async Task <IActionResult> ChangePassword([FromBody] Secrets secrets) { //TODO: Here is a bug that any user even without token can change password for any one. //We should check that if user change password for himself its ok, or admin can change password. _log.LogInfo("Get new password."); if (!ModelState.IsValid) { _log.LogError("Incorrect input."); return(BadRequest(ModelState)); } if (await _appDbContext.ChangePassword(secrets) == null) { _log.LogError("Invalid input, null password."); return(BadRequest(Errors.AddErrorToModelState("changesFailure", "Invalid input.", ModelState))); } _log.LogInfo("Change password."); return(Ok()); }