public ActionResult ChangePassword(int userId, string hash) { var user = _userRepository.Get(userId); if (!_userRepository.IsHashForNewPasswordRequestValid(user, hash)) { throw new HttpException(403, "You don't have access to this page"); } var changePasswordViewModel = new ChangePasswordViewModel { Hash = hash, UserId = userId }; return View(changePasswordViewModel); }
public ActionResult ChangePassword(ChangePasswordViewModel changePasswordViewModel) { var user = _userRepository.Get(changePasswordViewModel.UserId); if (!_userRepository.IsHashForNewPasswordRequestValid(user, changePasswordViewModel.Hash)) { throw new HttpException(403, "You don't have access to this page"); } if (!_passwordPolicy.Validate(changePasswordViewModel.Password)) { AddFlashMessage(null, _translationService.Translate.PasswordShouldContainAtLeast5Characters, FlashMessageType.Error, "messageContainer"); return View(changePasswordViewModel); } _userRepository.ChangePassword(user, changePasswordViewModel.Password); AddFlashMessage(null, _translationService.Translate.YourPasswordWasChangedSuccessfully, FlashMessageType.Success, "messageContainer"); return RedirectToAction("Index"); }