.vscode/launch.json

@@ -53,7 +53,7 @@
         "AYANOVA_FOLDER_USER_FILES": "c:\\temp\\RavenTestData\\userfiles",
         "AYANOVA_FOLDER_BACKUP_FILES": "c:\\temp\\RavenTestData\\backupfiles",
         "AYANOVA_FOLDER_TEMPORARY_SERVER_FILES": "c:\\temp\\RavenTestData\\tempfiles",
-        "AYANOVA_SERVER_TEST_MODE": "true",
+        "AYANOVA_SERVER_TEST_MODE": "false",
         "AYANOVA_SERVER_TEST_MODE_SEEDLEVEL": "small",
         "AYANOVA_SERVER_TEST_MODE_TZ_OFFSET": "-7",
         "AYANOVA_BACKUP_PG_DUMP_PATH": "C:\\data\\code\\postgres_13\\bin\\"

server/AyaNova/Controllers/AuthController.cs

@@ -352,11 +352,18 @@ namespace AyaNova.Api.Controllers
                 return BadRequest(new ApiErrorResponse(ModelState));
             }
             int nFailDelay = 3000;
-            if (string.IsNullOrWhiteSpace(resetcreds.PasswordResetCode) || string.IsNullOrWhiteSpace(resetcreds.Password))
+            if (string.IsNullOrWhiteSpace(resetcreds.PasswordResetCode))
             {
                 //Make a fail wait
                 await Task.Delay(nFailDelay);
-                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+                return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_REQUIRED, "PasswordResetCode", "Reset code is required"));
+            }
+
+            if (string.IsNullOrWhiteSpace(resetcreds.Password))
+            {
+                //Make a fail wait
+                await Task.Delay(nFailDelay);
+                return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_REQUIRED, "Password", "Password is required"));
             }
 
             //look for user with this reset code          
@@ -365,14 +372,14 @@ namespace AyaNova.Api.Controllers
             {
                 //Make a fail wait
                 await Task.Delay(nFailDelay);
-                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+                return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, "PasswordResetCode", "Reset code not valid"));
             }
 
             if (string.IsNullOrWhiteSpace(user.PasswordResetCode) || user.PasswordResetCodeExpire == null)
             {
                 //Make a fail wait
                 await Task.Delay(nFailDelay);
-                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+                return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, "PasswordResetCode", "Reset code not valid"));
             }
 
             //vet the expiry
@@ -381,7 +388,7 @@ namespace AyaNova.Api.Controllers
             {//if reset code expired before now
              //Make a fail wait
                 await Task.Delay(nFailDelay);
-                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, "PasswordResetCodeExpire", "Reset code has expired"));
+                return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, "PasswordResetCodeExpire", "Reset code has expired"));
             }
             //Ok, were in, it's all good, accept the new password and update the user record
             UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

server/AyaNova/biz/UserBiz.cs

@@ -341,7 +341,7 @@ namespace AyaNova.Biz
 
             var ResetCode = Hasher.GetRandomAlphanumericString(32);
             dbObject.PasswordResetCode = ResetCode;
-            dbObject.PasswordResetCodeExpire = DateTime.UtcNow.AddHours(48);//This is not enough time to issue a reset code on a friday at 5pm and use it Monday before noon, but it is more understandable and clear
+            dbObject.PasswordResetCodeExpire = DateTime.UtcNow.AddSeconds(1);//.AddHours(48);//This is not enough time to issue a reset code on a friday at 5pm and use it Monday before noon, but it is more understandable and clear
             await ct.SaveChangesAsync();
 
             //send message