2020-11-19 00:55:47 +00:00
parent f21e66de08
commit a255aab73c
6 changed files with 88 additions and 88 deletions
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -71,10 +71,10 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }

-        
+

 #if (DEBUG)
-          
+

            #region TESTING

@@ -330,6 +330,53 @@ namespace AyaNova.Api.Controllers
            //return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
        }

+
+        /// <summary>
+        /// Change Password via reset token
+        /// </summary>    
+        /// <param name="resetcreds"></param>
+        /// <returns></returns>       
+        [HttpPost("resetpassword")]
+        public async Task<IActionResult> ResetPassword([FromBody] AuthController.ResetPasswordParam resetcreds)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+
+            if (!ModelState.IsValid)
+            {
+                return BadRequest(new ApiErrorResponse(ModelState));
+            }
+            int nFailDelay = 3000;
+            if (string.IsNullOrWhiteSpace(resetcreds.PasswordResetCode) || string.IsNullOrWhiteSpace(resetcreds.Password))
+            {
+                //Make a fail wait
+                await Task.Delay(nFailDelay);
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+            }
+
+            //look for user with this reset code          
+            var user = await ct.User.AsNoTracking().Where(z => z.PasswordResetCode == resetcreds.PasswordResetCode).FirstOrDefaultAsync();
+            if (user == null)
+            {
+                //Make a fail wait
+                await Task.Delay(nFailDelay);
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+            }
+
+            //vet the expiry
+            var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero);
+            if (user.PasswordResetCodeExpire < utcNow.DateTime)
+            {//if reset code expired before now
+             //Make a fail wait
+                await Task.Delay(nFailDelay);
+                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, "PasswordResetCodeExpire", "Reset code has expired"));
+            }
+            //Ok, were in, it's all good, accept the new password and update the user record
+            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
+            await biz.ChangePasswordAsync(user.Id, resetcreds.Password);
+            return NoContent();
+        }
+
        //------------------------------------------------------

        public class CredentialsParam
@@ -356,5 +403,14 @@ namespace AyaNova.Api.Controllers
        }


+        public class ResetPasswordParam
+        {
+            [System.ComponentModel.DataAnnotations.Required]
+            public string PasswordResetCode { get; set; }
+            [System.ComponentModel.DataAnnotations.Required]
+            public string Password { get; set; }
+
+        }
+
    }//eoc
 }//eons