diff --git a/.vscode/launch.json b/.vscode/launch.json index 8fd97968..0e2049e9 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -53,7 +53,7 @@ "AYANOVA_FOLDER_USER_FILES": "c:\\temp\\RavenTestData\\userfiles", "AYANOVA_FOLDER_BACKUP_FILES": "c:\\temp\\RavenTestData\\backupfiles", "AYANOVA_FOLDER_TEMPORARY_SERVER_FILES": "c:\\temp\\RavenTestData\\tempfiles", - "AYANOVA_SERVER_TEST_MODE": "true", + "AYANOVA_SERVER_TEST_MODE": "false", "AYANOVA_SERVER_TEST_MODE_SEEDLEVEL": "small", "AYANOVA_SERVER_TEST_MODE_TZ_OFFSET": "-7", "AYANOVA_BACKUP_PG_DUMP_PATH": "C:\\data\\code\\postgres_13\\bin\\" diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs index a94df880..be2bac0d 100644 --- a/server/AyaNova/Controllers/AuthController.cs +++ b/server/AyaNova/Controllers/AuthController.cs @@ -352,11 +352,18 @@ namespace AyaNova.Api.Controllers return BadRequest(new ApiErrorResponse(ModelState)); } int nFailDelay = 3000; - if (string.IsNullOrWhiteSpace(resetcreds.PasswordResetCode) || string.IsNullOrWhiteSpace(resetcreds.Password)) + if (string.IsNullOrWhiteSpace(resetcreds.PasswordResetCode)) { //Make a fail wait await Task.Delay(nFailDelay); - return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED)); + return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_REQUIRED, "PasswordResetCode", "Reset code is required")); + } + + if (string.IsNullOrWhiteSpace(resetcreds.Password)) + { + //Make a fail wait + await Task.Delay(nFailDelay); + return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_REQUIRED, "Password", "Password is required")); } //look for user with this reset code @@ -365,14 +372,14 @@ namespace AyaNova.Api.Controllers { //Make a fail wait await Task.Delay(nFailDelay); - return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED)); + return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, "PasswordResetCode", "Reset code not valid")); } if (string.IsNullOrWhiteSpace(user.PasswordResetCode) || user.PasswordResetCodeExpire == null) { //Make a fail wait await Task.Delay(nFailDelay); - return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED)); + return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, "PasswordResetCode", "Reset code not valid")); } //vet the expiry @@ -381,7 +388,7 @@ namespace AyaNova.Api.Controllers {//if reset code expired before now //Make a fail wait await Task.Delay(nFailDelay); - return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, "PasswordResetCodeExpire", "Reset code has expired")); + return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, "PasswordResetCodeExpire", "Reset code has expired")); } //Ok, were in, it's all good, accept the new password and update the user record UserBiz biz = UserBiz.GetBiz(ct, HttpContext); diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs index 821ef524..3e1b9acc 100644 --- a/server/AyaNova/biz/UserBiz.cs +++ b/server/AyaNova/biz/UserBiz.cs @@ -341,7 +341,7 @@ namespace AyaNova.Biz var ResetCode = Hasher.GetRandomAlphanumericString(32); dbObject.PasswordResetCode = ResetCode; - dbObject.PasswordResetCodeExpire = DateTime.UtcNow.AddHours(48);//This is not enough time to issue a reset code on a friday at 5pm and use it Monday before noon, but it is more understandable and clear + dbObject.PasswordResetCodeExpire = DateTime.UtcNow.AddSeconds(1);//.AddHours(48);//This is not enough time to issue a reset code on a friday at 5pm and use it Monday before noon, but it is more understandable and clear await ct.SaveChangesAsync(); //send message