This commit is contained in:
@@ -368,6 +368,13 @@ namespace AyaNova.Api.Controllers
|
||||
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(user.PasswordResetCode) || user.PasswordResetCodeExpire == null)
|
||||
{
|
||||
//Make a fail wait
|
||||
await Task.Delay(nFailDelay);
|
||||
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
|
||||
}
|
||||
|
||||
//vet the expiry
|
||||
var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero);
|
||||
if (user.PasswordResetCodeExpire < utcNow.DateTime)
|
||||
@@ -384,7 +391,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
/// <summary>
|
||||
/// Generate time limited password reset code for User
|
||||
/// and email to them
|
||||
/// and email link to them so they can set their password
|
||||
///
|
||||
/// </summary>
|
||||
/// <param name="id">User id</param>
|
||||
|
||||
@@ -301,6 +301,11 @@ namespace AyaNova.Biz
|
||||
{
|
||||
User dbObject = await ct.User.FirstOrDefaultAsync(z => z.Id == userId);
|
||||
dbObject.Password = Hasher.hash(dbObject.Salt, newPassword);
|
||||
|
||||
//remove reseet code and date so it can't be used again
|
||||
dbObject.PasswordResetCode=null;
|
||||
dbObject.DlKeyExpire=null;
|
||||
|
||||
await ct.SaveChangesAsync();
|
||||
|
||||
//Log modification and save context
|
||||
|
||||
Reference in New Issue
Block a user