public IHttpActionResult Post(CreateUserModel model)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
bool exists;
using (var tran = transactionCreator.GetTransaction())
{
var existingUser = userQuery.Get(model.username);
if (existingUser == null)
{
userCreator.Add(model.username, model.password);
exists = false;
}
else
{
passwordChanger.ChangePassword(existingUser, model.password);
exists = true;
}
tran.Commit();
}
return(Ok(exists? $"The existing user '{model.username}' was updated" : $"The user '{model.username}' was created"));
}
public PasswordChangeResponse ChangeOwnPassword(PasswordChangeRequest request)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
using (var tran = transactionCreator.GetTransaction())
{
var user = userReader.RequireCurrentUser();
if (!IsExistingPasswordCorrect(request.ExistingPassword, user))
{
return new PasswordChangeResponse {
ExistingPasswordIncorrect = true
}
}
;
if (request.ConfirmNewPassword != request.NewPassword)
{
return new PasswordChangeResponse {
NewPasswordDoesNotMatchConfirmation = true
}
}
;
if (!policy.IsPasswordOk(request.NewPassword, user))
{
return new PasswordChangeResponse {
NewPasswordDoesNotSatisfyPolicy = true
}
}
;
updater.ChangePassword(user, request.NewPassword);
tran.Commit();
}
return(new PasswordChangeResponse());
}
bool IsExistingPasswordCorrect(string password, User user)
{
var credentials = new LoginCredentials
{
Password = password,
Username = user.Username,
};
return(authService.Authenticate(credentials).Success);
}
