admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-11-19 00:55:47 +00:00
parent f21e66de08
commit a255aab73c
6 changed files with 88 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
server/AyaNova/Controllers/AuthController.cs
View File

@@ -71,10 +71,10 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
#if (DEBUG)
#region TESTING
@@ -330,6 +330,53 @@ namespace AyaNova.Api.Controllers
//return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
}
/// <summary>
/// Change Password via reset token
/// </summary>
/// <param name="resetcreds"></param>
/// <returns></returns>
[HttpPost("resetpassword")]
public async Task<IActionResult> ResetPassword([FromBody] AuthController.ResetPasswordParam resetcreds)
{
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
int nFailDelay = 3000;
if (string.IsNullOrWhiteSpace(resetcreds.PasswordResetCode) || string.IsNullOrWhiteSpace(resetcreds.Password))
{
//Make a fail wait
await Task.Delay(nFailDelay);
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
}
//look for user with this reset code
var user = await ct.User.AsNoTracking().Where(z => z.PasswordResetCode == resetcreds.PasswordResetCode).FirstOrDefaultAsync();
if (user == null)
{
//Make a fail wait
await Task.Delay(nFailDelay);
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
}
//vet the expiry
var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero);
if (user.PasswordResetCodeExpire < utcNow.DateTime)
{//if reset code expired before now
//Make a fail wait
await Task.Delay(nFailDelay);
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, "PasswordResetCodeExpire", "Reset code has expired"));
}
//Ok, were in, it's all good, accept the new password and update the user record
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
await biz.ChangePasswordAsync(user.Id, resetcreds.Password);
return NoContent();
}
//------------------------------------------------------
public class CredentialsParam
@@ -356,5 +403,14 @@ namespace AyaNova.Api.Controllers
}
public class ResetPasswordParam
{
[System.ComponentModel.DataAnnotations.Required]
public string PasswordResetCode { get; set; }
[System.ComponentModel.DataAnnotations.Required]
public string Password { get; set; }
}
}//eoc
}//eons

71
server/AyaNova/Controllers/UserController.cs
View File

@@ -111,65 +111,6 @@ namespace AyaNova.Api.Controllers
}
// /// <summary>
// /// Put (update) User
// /// (Login and / or Password are not changed if set to null / omitted)
// /// </summary>
// /// <param name="id"></param>
// /// <param name="inObj"></param>
// /// <returns></returns>
// [HttpPut("{id}")]
// public async Task<IActionResult> PutUser([FromRoute] long id, [FromBody] User inObj)
// {
// if (!serverState.IsOpen)
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
// if (!ModelState.IsValid)
// {
// return BadRequest(new ApiErrorResponse(ModelState));
// }
// var o = await ct.User.SingleOrDefaultAsync(z => z.Id == id);
// if (o == null)
// {
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
// }
// //Instantiate the business object handler
// UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
// if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
// {
// return StatusCode(403, new ApiNotAuthorizedResponse());
// }
// try
// {
// if (!await biz.PutAsync(o, inObj))
// return BadRequest(new ApiErrorResponse(biz.Errors));
// }
// catch (DbUpdateConcurrencyException)
// {
// if (!UserExists(id))
// {
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
// }
// else
// {
// //exists but was changed by another user
// //I considered returning new and old record, but where would it end?
// //Better to let the client decide what to do than to send extra data that is not required
// return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
// }
// }
// return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }));
// }
/// <summary>
/// Create User
/// </summary>
@@ -376,16 +317,16 @@ namespace AyaNova.Api.Controllers
return Ok(ApiOkResponse.Response(u.UserType != UserType.Customer && u.UserType != UserType.HeadOffice));
}
/// <summary>
/// Generate new random credentials for User
/// and email them to the user
/// <summary>
/// Generate time limited password reset code for User
/// and email to them
///
/// </summary>
/// <param name="id">User id</param>
/// <param name="apiVersion">From route path</param>
/// <returns>NoContent</returns>
[HttpPost("generate-creds-email/{id}")]
public async Task<IActionResult> GenerateCredsAndEmailUser([FromRoute] long id, ApiVersion apiVersion)
[HttpPost("send-reset-code/{id}")]
public async Task<IActionResult> SendPasswordResetCode([FromRoute] long id, ApiVersion apiVersion)
{
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
@@ -394,7 +335,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
bool successfulOperation=await biz.GenerateCredsAndEmailUser(id);
bool successfulOperation = await biz.SendPasswordResetCode(id);
if (successfulOperation == false)
return BadRequest(new ApiErrorResponse(biz.Errors));
else