Ensure I validate before attempting to update password for reset password flow. Send some validation issues back to FE.

This commit is contained in:
Joseph Milazzo 2021-03-13 12:28:00 -06:00
parent 52b91a9b92
commit 983078de02
3 changed files with 30 additions and 9 deletions

View File

@ -5,6 +5,7 @@ using System.Threading.Tasks;
using API.Constants;
using API.DTOs;
using API.Entities;
using API.Errors;
using API.Extensions;
using API.Interfaces;
using API.Interfaces.Services;
@ -39,18 +40,41 @@ namespace API.Controllers
_logger = logger;
_mapper = mapper;
}
[Authorize(Policy = "RequireAdminRole")]
[HttpPost("reset-password")]
public async Task<ActionResult> UpdatePassword(ResetPasswordDto resetPasswordDto)
{
_logger.LogInformation("{UserName} is changing {ResetUser}'s password", User.GetUsername(), resetPasswordDto.UserName);
var user = await _userManager.Users.SingleAsync(x => x.UserName == resetPasswordDto.UserName);
var isAdmin = await _userManager.IsInRoleAsync(user, PolicyConstants.AdminRole);
if (resetPasswordDto.UserName != User.GetUsername() && !isAdmin) return Unauthorized("You are not permitted to this operation.");
// Validate Password
foreach (var validator in _userManager.PasswordValidators)
{
var validationResult = await validator.ValidateAsync(_userManager, user, resetPasswordDto.Password);
if (!validationResult.Succeeded)
{
return BadRequest(
validationResult.Errors.Select(e => new ApiException(400, e.Code, e.Description)));
}
}
var result = await _userManager.RemovePasswordAsync(user);
if (!result.Succeeded) return BadRequest("Unable to update password");
if (!result.Succeeded)
{
_logger.LogError("Could not update password");
return BadRequest(result.Errors.Select(e => new ApiException(400, e.Code, e.Description)));
}
result = await _userManager.AddPasswordAsync(user, resetPasswordDto.Password);
if (!result.Succeeded) return BadRequest("Unable to update password");
if (!result.Succeeded)
{
_logger.LogError("Could not update password");
return BadRequest(result.Errors.Select(e => new ApiException(400, e.Code, e.Description)));
}
_logger.LogInformation("{User}'s Password has been reset", resetPasswordDto.UserName);
return Ok();

View File

@ -31,13 +31,10 @@ namespace API.Services
public void EnsureCacheDirectory()
{
// TODO: Replace with DirectoryService.ExistOrCreate()
_logger.LogDebug("Checking if valid Cache directory: {CacheDirectory}", CacheDirectory);
var di = new DirectoryInfo(CacheDirectory);
if (!di.Exists)
if (_directoryService.ExistOrCreate(CacheDirectory))
{
_logger.LogError("Cache directory {CacheDirectory} is not accessible or does not exist. Creating...", CacheDirectory);
Directory.CreateDirectory(CacheDirectory);
}
}

View File

@ -63,7 +63,7 @@ namespace API.Services.Tasks
_scannedSeries = null;
}
[DisableConcurrentExecution(timeoutInSeconds: 360)]
//[DisableConcurrentExecution(timeoutInSeconds: 360)]
public void ScanLibrary(int libraryId, bool forceUpdate)
{
_forceUpdate = forceUpdate;