Merge pull request 'pramod_Task#465 : Implemented Change Password API for authenticated users' (#82) from pramod_Task#465 into Issue_Jun_1W_2

Reviewed-on: #82
2025-06-05 11:46:20 +00:00 · 2025-06-05 11:46:20 +00:00 · 1cb7a9fea8
commit 1cb7a9fea8
parent 7ef2c720cb 5b08b617cf
2 changed files with 69 additions and 1 deletions
--- a/Marco.Pms.Model/Dtos/Authentication/ChangePasswordDto.cs
+++ b/Marco.Pms.Model/Dtos/Authentication/ChangePasswordDto.cs
@ -0,0 +1,17 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Marco.Pms.Model.Dtos.Authentication
+{
+    public class ChangePasswordDto
+    {
+        public string? Email { get; set; }
+
+        public string? OldPassword { get; set; } 
+
+        public string? NewPassword { get; set; }
+    }
+}
--- a/Marco.Pms.Services/Controllers/AuthController.cs
+++ b/Marco.Pms.Services/Controllers/AuthController.cs
@ -8,9 +8,11 @@ using Marco.Pms.Model.Entitlements;
 using Marco.Pms.Model.Utilities;
 using MarcoBMS.Services.Helpers;
 using MarcoBMS.Services.Service;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
+using NuGet.Common;

 namespace MarcoBMS.Services.Controllers
 {
@ -19,6 +21,7 @@ namespace MarcoBMS.Services.Controllers
    public class AuthController : ControllerBase
    {
        private readonly UserManager<ApplicationUser> _userManager;
+        private readonly UserHelper _userHelper;
        private readonly ApplicationDbContext _context;
        private readonly JwtSettings _jwtSettings;
        private readonly RefreshTokenService _refreshTokenService;
@ -27,7 +30,7 @@ namespace MarcoBMS.Services.Controllers
        private readonly EmployeeHelper _employeeHelper;
        //string tenentId = "1";
        public AuthController(UserManager<ApplicationUser> userManager, ApplicationDbContext context, JwtSettings jwtSettings, RefreshTokenService refreshTokenService,
-            IEmailSender emailSender, IConfiguration configuration, EmployeeHelper employeeHelper)
+            IEmailSender emailSender, IConfiguration configuration, EmployeeHelper employeeHelper, UserHelper userHelper)
        {
            _userManager = userManager;
            _jwtSettings = jwtSettings;
@ -36,6 +39,7 @@ namespace MarcoBMS.Services.Controllers
            _configuration = configuration;
            _employeeHelper = employeeHelper;
            _context = context;
+            _userHelper= userHelper;
        }

        [HttpPost("login")]
@ -313,5 +317,52 @@ namespace MarcoBMS.Services.Controllers

            return Ok(ApiResponse<object>.SuccessResponse(new { }, "Password reset link sent.", 200));
        }
+
+
+        [Authorize]
+        [HttpPost("change-password")]
+        public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordDto changePassword )
+        {
+            
+            try
+            {
+                var loggedUser = await _userHelper.GetCurrentUserAsync();
+                if (changePassword.Email == null)
+                {
+                    return BadRequest(ApiResponse<object>.ErrorResponse("Email is missing", "Email is missing",400));
+                }
+                ApplicationUser? requestedUser = await _userManager.FindByEmailAsync(changePassword.Email);
+                bool IsOldPassword = await _userManager.CheckPasswordAsync(requestedUser ?? new ApplicationUser(), changePassword.OldPassword ?? string.Empty);
+                if (requestedUser != null && loggedUser?.Email == requestedUser?.Email && IsOldPassword)
+                {
+                    var token = await _userManager.GeneratePasswordResetTokenAsync(requestedUser ?? new ApplicationUser());
+
+                    var result = await _userManager.ResetPasswordAsync(requestedUser ?? new ApplicationUser(), token, changePassword.NewPassword ?? string.Empty);
+
+
+                    if (!result.Succeeded)
+                    {
+                        var errors = result.Errors.Select(e => e.Description).ToList();
+                        return BadRequest(ApiResponse<object>.ErrorResponse("Failed to Change password", errors, 400));
+                    }
+
+
+                    Employee emp = await _employeeHelper.GetEmployeeByApplicationUserID(loggedUser?.Id ?? string.Empty);
+                    await _emailSender.SendResetPasswordSuccessEmail(loggedUser?.Email ?? string.Empty, emp.FirstName + " " + emp.LastName);
+
+                    return Ok(ApiResponse<object>.SuccessResponse(result.Succeeded, "Password Changed successfully.", 200));
+
+                }
+
+                return BadRequest(ApiResponse<object>.ErrorResponse("Incorrect Password and Email", "Invalid request.", 400));
+
+            }
+            catch(Exception exp)
+            {
+                return StatusCode(500, ApiResponse<object>.ErrorResponse("An unexpected error occurred.", exp.Message, 500));
+            }
+
+        }
+
    }
 }