Ensure I validate before attempting to update password for reset password flow. Send some validation issues back to FE.

2025-07-09 03:04:19 -04:00 · 2021-03-13 12:28:00 -06:00 · 2021-03-13 12:28:00 -06:00 · 983078de02
commit 983078de02
parent 52b91a9b92
3 changed files with 30 additions and 9 deletions
--- a/API/Controllers/AccountController.cs
+++ b/API/Controllers/AccountController.cs
@ -5,6 +5,7 @@ using System.Threading.Tasks;
 using API.Constants;
 using API.DTOs;
 using API.Entities;
+using API.Errors;
 using API.Extensions;
 using API.Interfaces;
 using API.Interfaces.Services;
@ -39,18 +40,41 @@ namespace API.Controllers
            _logger = logger;
            _mapper = mapper;
        }
-
-        [Authorize(Policy = "RequireAdminRole")]
+        
        [HttpPost("reset-password")]
        public async Task<ActionResult> UpdatePassword(ResetPasswordDto resetPasswordDto)
        {
            _logger.LogInformation("{UserName} is changing {ResetUser}'s password", User.GetUsername(), resetPasswordDto.UserName);
            var user = await _userManager.Users.SingleAsync(x => x.UserName == resetPasswordDto.UserName);
+            var isAdmin = await _userManager.IsInRoleAsync(user, PolicyConstants.AdminRole);
+
+            if (resetPasswordDto.UserName != User.GetUsername() && !isAdmin) return Unauthorized("You are not permitted to this operation.");
+            
+            // Validate Password
+            foreach (var validator in _userManager.PasswordValidators)
+            {
+                var validationResult = await validator.ValidateAsync(_userManager, user, resetPasswordDto.Password);
+                if (!validationResult.Succeeded)
+                {
+                    return BadRequest(
+                        validationResult.Errors.Select(e => new ApiException(400, e.Code, e.Description)));
+                }
+            }
+            
            var result = await _userManager.RemovePasswordAsync(user);
-            if (!result.Succeeded) return BadRequest("Unable to update password");
+            if (!result.Succeeded)
+            {
+                _logger.LogError("Could not update password");
+                return BadRequest(result.Errors.Select(e => new ApiException(400, e.Code, e.Description)));
+            }
+            
            
            result = await _userManager.AddPasswordAsync(user, resetPasswordDto.Password);
-            if (!result.Succeeded) return BadRequest("Unable to update password");
+            if (!result.Succeeded)
+            {
+                _logger.LogError("Could not update password");
+                return BadRequest(result.Errors.Select(e => new ApiException(400, e.Code, e.Description)));
+            }
            
            _logger.LogInformation("{User}'s Password has been reset", resetPasswordDto.UserName);
            return Ok();
--- a/API/Services/CacheService.cs
+++ b/API/Services/CacheService.cs
@ -31,13 +31,10 @@ namespace API.Services

        public void EnsureCacheDirectory()
        {
-            // TODO: Replace with DirectoryService.ExistOrCreate()
            _logger.LogDebug("Checking if valid Cache directory: {CacheDirectory}", CacheDirectory);
-            var di = new DirectoryInfo(CacheDirectory);
-            if (!di.Exists)
+            if (_directoryService.ExistOrCreate(CacheDirectory))
            {
                _logger.LogError("Cache directory {CacheDirectory} is not accessible or does not exist. Creating...", CacheDirectory);
-                Directory.CreateDirectory(CacheDirectory);
            }
        }

--- a/API/Services/Tasks/ScannerService.cs
+++ b/API/Services/Tasks/ScannerService.cs
@ -63,7 +63,7 @@ namespace API.Services.Tasks
          _scannedSeries = null;
       }

-       [DisableConcurrentExecution(timeoutInSeconds: 360)] 
+       //[DisableConcurrentExecution(timeoutInSeconds: 360)] 
       public void ScanLibrary(int libraryId, bool forceUpdate)
       {
          _forceUpdate = forceUpdate;