public async Task <IActionResult> PatchUser(string id, PatchUserModel patchUserModel) { try { if (!Guid.TryParse(id, out Guid userId)) { throw new GuidException("Invalid id", this.GetType().Name, "PatchUser", "400"); } await _userRepository.PatchUser(id, patchUserModel); return(NoContent()); } catch (MovieMindException e) { if (e.MovieMindError.Status.Equals("404")) { return(NotFound(e.MovieMindError)); } else if (e.MovieMindError.Status.Equals("403")) { return(new ObjectResult(e.MovieMindError) { StatusCode = (int)HttpStatusCode.Forbidden }); } else { return(BadRequest(e.MovieMindError)); } } }
[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks public async Task <IActionResult> ChangePassword(string id, PatchUserModel patchUserModel) { try { AuthorizeHelper.Authorize(this.HttpContext, "Guest", this.GetType().Name, "ChangePassword", "user"); if (patchUserModel.NewPassword != patchUserModel.ConfirmNewPassword) { ModelState.AddModelError("ConfirmNewPassword", "Wachtwoorden komen niet overeen"); } if (ModelState.IsValid) { await _moviemindAPIService.PatchModel <PatchUserModel>(id, patchUserModel, "users"); return(RedirectToRoute(new { action = "Index", controller = "Home" })); } return(View(patchUserModel)); } catch (MovieMindException e) { return(ErrorHelper.HandleError(e, this.View(patchUserModel))); } }
public async Task PatchUser(string id, PatchUserModel patchUserModel) { if (_user.Claims.Where(x => x.Type.Contains("role")).Count() == 1 && _user.IsInRole("Guest") && _user.Identity.Name != id.ToString()) { throw new ForbiddenException("No access to change this user's password", this.GetType().Name, "PatchUser", "403"); } User user = await _context.Users.FirstOrDefaultAsync(x => x.Id == Guid.Parse(id)); if (user == null) { throw new EntityException("User not found", this.GetType().Name, "PatchUser", "404"); } IdentityResult result = await _userManager.ChangePasswordAsync(user, patchUserModel.CurrentPassword, patchUserModel.NewPassword); if (!result.Succeeded) { throw new IdentityException(result.Errors.First().Description, this.GetType().Name, "PatchUser", "400"); } }