public async Task <IHttpActionResult> Login(OAuthPasswordCredentialsBindingModel model) { if (model == null) { return(OAuthBadRequest(OAuthAccessTokenError.InvalidRequest)); } if (model.grant_type != "password") { return(OAuthBadRequest(OAuthAccessTokenError.UnsupportedGrantType)); } if (!await IdentityStore.ValidateLocalLogin(model.username, model.password)) { return(OAuthBadRequest(OAuthAccessTokenError.InvalidRequest, "The user name or password provided is incorrect.")); } string userId = await IdentityStore.GetUserIdForLocalLogin(model.username); ClaimsIdentity identity = await GetIdentityAsync(userId); string token = CreateAccessToken(identity); IUser user = await IdentityStore.Context.Users.Find(userId); return(OAuthAccessToken(token, "bearer", user.UserName)); }
public async Task <IHttpActionResult> ChangePassword(ChangePasswordBindingModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } if (!await IdentityStore.ValidateLocalLogin(User.Identity.GetUserName(), model.OldPassword)) { return(BadRequest("The current password is incorrect.")); } if (!await IdentityStore.Context.Secrets.Update(User.Identity.GetUserName(), model.NewPassword)) { return(BadRequest("The new password is invalid.")); } await IdentityStore.Context.SaveChanges(); return(OK()); }