/// <summary>
/// This method sends HTTP POST request with old and new passowrds in the PasswordChangeStructure
/// to the server to change user's password.
/// </summary>
/// <param name="passwords">PasswordChangeStructure containing old and new passwords</param>
/// <param name="token">JWT authentication token</param>
/// <returns>Response from the server.</returns>
public async Task <HttpResponseMessage> ChangePassword(PasswordChangeStructure passwords, JWTToken token)
{
// Serialize passwords
string jsonPasswordsData = JsonConvert.SerializeObject(passwords);
var jsonDataContent = new StringContent(jsonPasswordsData, Encoding.UTF8, "application/json");
// Add JWT token value to the authorization header
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token.Value);
var address = new Uri(client.BaseAddress.OriginalString + "/settings/password");
return(await client.PostAsync(address, jsonDataContent));
}
public IActionResult PasswordChange([FromBody] PasswordChangeStructure passwords)
{
// List of messages to return to the client
var messages = new List <Message>();
// Authentication
var controllerHelper = new ControllerHelper(context);
var authUserModel = controllerHelper.Authenticate(HttpContext.User.Identity as ClaimsIdentity);
if (authUserModel == null)
{
return(Unauthorized());
}
// Authorization - none, because every logged user is authorized to change an own password.
#region VALIDATIONS
// All passwords must not be null or empty strings
if (String.IsNullOrEmpty(passwords.OldPassword) ||
String.IsNullOrEmpty(passwords.NewPassword) ||
String.IsNullOrEmpty(passwords.NewPasswordCopy))
{
messages.Add(new Message(MessageTypeEnum.Error,
5001,
new List <string>()));
return(BadRequest(messages));
}
// Both new passwords must be equal
if (passwords.NewPassword != passwords.NewPasswordCopy)
{
messages.Add(new Message(MessageTypeEnum.Error,
5002,
new List <string>()));
return(BadRequest(messages));
}
// Old password must be correct
if (authUserModel.PasswordHash != PasswordHelper.ComputeHash(authUserModel.PasswordSalt + passwords.OldPassword))
{
messages.Add(new Message(MessageTypeEnum.Error,
5003,
new List <string>()));
return(BadRequest(messages));
}
// If passwords are required to be safer by application descriptor
if (authUserModel.Application.ApplicationDescriptor.SystemDatasets.UsersDatasetDescriptor.PasswordAttribute.Safer == true)
{
var sharedValidationHelper = new SharedValidationHelper();
if (!sharedValidationHelper.IsPasswordSafer(passwords.NewPassword))
{
messages.Add(new Message(MessageTypeEnum.Error,
5004,
new List <string>()));
return(BadRequest(messages));
}
}
// If minimal password length is set
var minPasswordLength = authUserModel.Application.ApplicationDescriptor.SystemDatasets.UsersDatasetDescriptor.PasswordAttribute.Min;
if (minPasswordLength != null)
{
if (passwords.NewPassword.Length < minPasswordLength)
{
messages.Add(new Message(MessageTypeEnum.Error,
5006,
new List <string>()
{
minPasswordLength.ToString(),
passwords.NewPassword.Length.ToString()
}));
return(BadRequest(messages));
}
}
#endregion
// Setting new password
var userRepository = new UserRepository(context);
userRepository.SetPassword(authUserModel, passwords.NewPassword);
messages.Add(new Message(MessageTypeEnum.Info,
5005,
new List <string>()));
return(Ok(messages));
}