admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Add Change Password API for logged-in users,

Browse Source 
- Validates old password and updates to new one using UserManager
- Secured the endpoint for authenticated users only
This commit is contained in:
Pramod Mahajan 2025-06-05 16:33:57 +05:30
parent 18acfef5a0
commit 5b08b617cf
2 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Marco.Pms.Model/Dtos/Authentication/ChangePasswordDto.cs Normal file
View File

@ -0,0 +1,17 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Marco.Pms.Model.Dtos.Authentication
{
public class ChangePasswordDto
{
public string? Email { get; set; }
public string? OldPassword { get; set; }
public string? NewPassword { get; set; }
}
}

53
Marco.Pms.Services/Controllers/AuthController.cs
View File

@ -8,9 +8,11 @@ using Marco.Pms.Model.Entitlements;
using Marco.Pms.Model.Utilities; using Marco.Pms.Model.Utilities;
using MarcoBMS.Services.Helpers; using MarcoBMS.Services.Helpers;
using MarcoBMS.Services.Service; using MarcoBMS.Services.Service;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using NuGet.Common;
namespace MarcoBMS.Services.Controllers namespace MarcoBMS.Services.Controllers
{ {
@ -19,6 +21,7 @@ namespace MarcoBMS.Services.Controllers
public class AuthController : ControllerBase public class AuthController : ControllerBase
{ {
private readonly UserManager<ApplicationUser> _userManager; private readonly UserManager<ApplicationUser> _userManager;
private readonly UserHelper _userHelper;
private readonly ApplicationDbContext _context; private readonly ApplicationDbContext _context;
private readonly JwtSettings _jwtSettings; private readonly JwtSettings _jwtSettings;
private readonly RefreshTokenService _refreshTokenService; private readonly RefreshTokenService _refreshTokenService;
@ -27,7 +30,7 @@ namespace MarcoBMS.Services.Controllers
private readonly EmployeeHelper _employeeHelper; private readonly EmployeeHelper _employeeHelper;
//string tenentId = "1"; //string tenentId = "1";
public AuthController(UserManager<ApplicationUser> userManager, ApplicationDbContext context, JwtSettings jwtSettings, RefreshTokenService refreshTokenService, public AuthController(UserManager<ApplicationUser> userManager, ApplicationDbContext context, JwtSettings jwtSettings, RefreshTokenService refreshTokenService,
IEmailSender emailSender, IConfiguration configuration, EmployeeHelper employeeHelper) IEmailSender emailSender, IConfiguration configuration, EmployeeHelper employeeHelper, UserHelper userHelper)
{ {
_userManager = userManager; _userManager = userManager;
_jwtSettings = jwtSettings; _jwtSettings = jwtSettings;
@ -36,6 +39,7 @@ namespace MarcoBMS.Services.Controllers
_configuration = configuration; _configuration = configuration;
_employeeHelper = employeeHelper; _employeeHelper = employeeHelper;
_context = context; _context = context;
_userHelper= userHelper;
} }
[HttpPost("login")] [HttpPost("login")]
@ -242,5 +246,52 @@ namespace MarcoBMS.Services.Controllers
return Ok(ApiResponse<object>.SuccessResponse(new { }, "Password reset link sent.", 200)); return Ok(ApiResponse<object>.SuccessResponse(new { }, "Password reset link sent.", 200));
} }
[Authorize]
[HttpPost("change-password")]
public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordDto changePassword )
{
try
{
var loggedUser = await _userHelper.GetCurrentUserAsync();
if (changePassword.Email == null)
{
return BadRequest(ApiResponse<object>.ErrorResponse("Email is missing", "Email is missing",400));
}
ApplicationUser? requestedUser = await _userManager.FindByEmailAsync(changePassword.Email);
bool IsOldPassword = await _userManager.CheckPasswordAsync(requestedUser ?? new ApplicationUser(), changePassword.OldPassword ?? string.Empty);
if (requestedUser != null && loggedUser?.Email == requestedUser?.Email && IsOldPassword)
{
var token = await _userManager.GeneratePasswordResetTokenAsync(requestedUser ?? new ApplicationUser());
var result = await _userManager.ResetPasswordAsync(requestedUser ?? new ApplicationUser(), token, changePassword.NewPassword ?? string.Empty);
if (!result.Succeeded)
{
var errors = result.Errors.Select(e => e.Description).ToList();
return BadRequest(ApiResponse<object>.ErrorResponse("Failed to Change password", errors, 400));
}
Employee emp = await _employeeHelper.GetEmployeeByApplicationUserID(loggedUser?.Id ?? string.Empty);
await _emailSender.SendResetPasswordSuccessEmail(loggedUser?.Email ?? string.Empty, emp.FirstName + " " + emp.LastName);
return Ok(ApiResponse<object>.SuccessResponse(result.Succeeded, "Password Changed successfully.", 200));
}
return BadRequest(ApiResponse<object>.ErrorResponse("Incorrect Password and Email", "Invalid request.", 400));
}
catch(Exception exp)
{
return StatusCode(500, ApiResponse<object>.ErrorResponse("An unexpected error occurred.", exp.Message, 500));
}
}
} }
} }