Ensure I validate before attempting to update password for reset password flow. Send some validation issues back to FE.

API/Controllers/AccountController.cs

@@ -5,6 +5,7 @@ using System.Threading.Tasks;
 using API.Constants;
 using API.DTOs;
 using API.Entities;
+using API.Errors;
 using API.Extensions;
 using API.Interfaces;
 using API.Interfaces.Services;
@@ -40,17 +41,40 @@ namespace API.Controllers
             _mapper = mapper;
         }
         
-        [Authorize(Policy = "RequireAdminRole")]
         [HttpPost("reset-password")]
         public async Task<ActionResult> UpdatePassword(ResetPasswordDto resetPasswordDto)
         {
             _logger.LogInformation("{UserName} is changing {ResetUser}'s password", User.GetUsername(), resetPasswordDto.UserName);
             var user = await _userManager.Users.SingleAsync(x => x.UserName == resetPasswordDto.UserName);
+            var isAdmin = await _userManager.IsInRoleAsync(user, PolicyConstants.AdminRole);
+
+            if (resetPasswordDto.UserName != User.GetUsername() && !isAdmin) return Unauthorized("You are not permitted to this operation.");
+            
+            // Validate Password
+            foreach (var validator in _userManager.PasswordValidators)
+            {
+                var validationResult = await validator.ValidateAsync(_userManager, user, resetPasswordDto.Password);
+                if (!validationResult.Succeeded)
+                {
+                    return BadRequest(
+                        validationResult.Errors.Select(e => new ApiException(400, e.Code, e.Description)));
+                }
+            }
+            
             var result = await _userManager.RemovePasswordAsync(user);
-            if (!result.Succeeded) return BadRequest("Unable to update password");
+            if (!result.Succeeded)
+            {
+                _logger.LogError("Could not update password");
+                return BadRequest(result.Errors.Select(e => new ApiException(400, e.Code, e.Description)));
+            }
+            
             
             result = await _userManager.AddPasswordAsync(user, resetPasswordDto.Password);
-            if (!result.Succeeded) return BadRequest("Unable to update password");
+            if (!result.Succeeded)
+            {
+                _logger.LogError("Could not update password");
+                return BadRequest(result.Errors.Select(e => new ApiException(400, e.Code, e.Description)));
+            }
             
             _logger.LogInformation("{User}'s Password has been reset", resetPasswordDto.UserName);
             return Ok();

API/Services/CacheService.cs

@@ -31,13 +31,10 @@ namespace API.Services
 
         public void EnsureCacheDirectory()
         {
-            // TODO: Replace with DirectoryService.ExistOrCreate()
             _logger.LogDebug("Checking if valid Cache directory: {CacheDirectory}", CacheDirectory);
-            var di = new DirectoryInfo(CacheDirectory);
+            if (_directoryService.ExistOrCreate(CacheDirectory))
-            if (!di.Exists)
             {
                 _logger.LogError("Cache directory {CacheDirectory} is not accessible or does not exist. Creating...", CacheDirectory);
-                Directory.CreateDirectory(CacheDirectory);
             }
         }
 

API/Services/Tasks/ScannerService.cs

@@ -63,7 +63,7 @@ namespace API.Services.Tasks
           _scannedSeries = null;
        }
 
-       [DisableConcurrentExecution(timeoutInSeconds: 360)] 
+       //[DisableConcurrentExecution(timeoutInSeconds: 360)] 
        public void ScanLibrary(int libraryId, bool forceUpdate)
        {
           _forceUpdate = forceUpdate;