2020-11-20 00:07:31 +00:00
parent 0467f5f185
commit d913c7f216
3 changed files with 14 additions and 7 deletions
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -352,11 +352,18 @@ namespace AyaNova.Api.Controllers
                return BadRequest(new ApiErrorResponse(ModelState));
            }
            int nFailDelay = 3000;
-            if (string.IsNullOrWhiteSpace(resetcreds.PasswordResetCode) || string.IsNullOrWhiteSpace(resetcreds.Password))
+            if (string.IsNullOrWhiteSpace(resetcreds.PasswordResetCode))
            {
                //Make a fail wait
                await Task.Delay(nFailDelay);
-                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+                return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_REQUIRED, "PasswordResetCode", "Reset code is required"));
+            }
+
+            if (string.IsNullOrWhiteSpace(resetcreds.Password))
+            {
+                //Make a fail wait
+                await Task.Delay(nFailDelay);
+                return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_REQUIRED, "Password", "Password is required"));
            }

            //look for user with this reset code          
@@ -365,14 +372,14 @@ namespace AyaNova.Api.Controllers
            {
                //Make a fail wait
                await Task.Delay(nFailDelay);
-                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+                return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, "PasswordResetCode", "Reset code not valid"));
            }

            if (string.IsNullOrWhiteSpace(user.PasswordResetCode) || user.PasswordResetCodeExpire == null)
            {
                //Make a fail wait
                await Task.Delay(nFailDelay);
-                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
+                return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, "PasswordResetCode", "Reset code not valid"));
            }

            //vet the expiry
@@ -381,7 +388,7 @@ namespace AyaNova.Api.Controllers
            {//if reset code expired before now
             //Make a fail wait
                await Task.Delay(nFailDelay);
-                return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, "PasswordResetCodeExpire", "Reset code has expired"));
+                return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, "PasswordResetCodeExpire", "Reset code has expired"));
            }
            //Ok, were in, it's all good, accept the new password and update the user record
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
--- a/server/AyaNova/biz/UserBiz.cs
+++ b/server/AyaNova/biz/UserBiz.cs
@@ -341,7 +341,7 @@ namespace AyaNova.Biz

            var ResetCode = Hasher.GetRandomAlphanumericString(32);
            dbObject.PasswordResetCode = ResetCode;
-            dbObject.PasswordResetCodeExpire = DateTime.UtcNow.AddHours(48);//This is not enough time to issue a reset code on a friday at 5pm and use it Monday before noon, but it is more understandable and clear
+            dbObject.PasswordResetCodeExpire = DateTime.UtcNow.AddSeconds(1);//.AddHours(48);//This is not enough time to issue a reset code on a friday at 5pm and use it Monday before noon, but it is more understandable and clear
            await ct.SaveChangesAsync();

            //send message