protected async Task <IResult> UpdatePasswordAsync(string userid, UpdatePasswordInfo req) { var requestuserid = Context.UserID; // Only allow calls by logged in users if (string.IsNullOrWhiteSpace(requestuserid)) { return(Forbidden); } if (new [] { req?.Current, req?.New, req?.Repeated }.Any(x => string.IsNullOrWhiteSpace(x))) { return(Status(BadRequest, "One or more fields are missing")); } if (req.New != req.Repeated) { return(Status(BadRequest, "The new password does not match the repeated one")); } Services.PasswordPolicy.ValidatePassword(req.New); var isself = IsSelfUser(userid); try { return(await DB.RunInTransactionAsync(db => { var isadmin = Services.AdminHelper.IsAdmin(db, requestuserid); if (!isself && !isadmin) { return Forbidden; } var user = db.SelectItemById <Database.User>(userid); if (!isadmin && !Ceen.Security.PBKDF2.ComparePassword(req.Current, user.Password)) { return Status(BadRequest, "The current password is not correct"); } user.Password = Ceen.Security.PBKDF2.CreatePBKDF2(req.New); db.UpdateItem(user); return OK; })); } catch (Exception ex) { var t = Ceen.Extras.CRUDExceptionHelper.WrapExceptionMessage(ex); if (t != null) { return(t); } throw; } }
public Task <IResult> Put(UpdatePasswordInfo req) { // Non-admin users can only update their own password return(UpdatePasswordAsync(Context.UserID, req)); }
public Task <IResult> Put(string userid, UpdatePasswordInfo req) { // Admin users can change password for all users return(UpdatePasswordAsync(userid, req)); }