diff options
| -rw-r--r-- | backend/api/api/Controllers/UserController.cs | 23 | ||||
| -rw-r--r-- | backend/api/api/Services/UserService.cs | 1 |
2 files changed, 13 insertions, 11 deletions
diff --git a/backend/api/api/Controllers/UserController.cs b/backend/api/api/Controllers/UserController.cs index 96e75c32..0287f3cb 100644 --- a/backend/api/api/Controllers/UserController.cs +++ b/backend/api/api/Controllers/UserController.cs @@ -79,7 +79,7 @@ namespace api.Controllers // PUT api/<UserController>/changepass [HttpPut("changepass")] [Authorize(Roles = "User")] - public ActionResult PutPass([FromBody] string oldPassword, [FromBody] string newPassword) + public ActionResult PutPass([FromBody] string[] Password) { string username; var header = Request.Headers[HeaderNames.Authorization]; @@ -99,20 +99,21 @@ namespace api.Controllers User user = new User(); user = userService.GetUserUsername(username); - - string oldPass = PasswordCrypt.hashPassword(oldPassword); - string newPass = PasswordCrypt.hashPassword(newPassword); - - if (oldPass != user.Password) - return BadRequest($"Wrong old password!"); - else if (oldPass == newPassword) - return BadRequest($"Identical password!"); - else if (oldPass == user.Password) + + if(PasswordCrypt.checkPassword(Password[0], user.Password)) { - user.Password = newPass; + if(PasswordCrypt.checkPassword(Password[1], user.Password)) + { + return BadRequest($"Identical password!"); + } + + user.Password = PasswordCrypt.hashPassword(Password[1]); userService.Update(username, user); return Ok($"Succeful password change!"); } + else + return BadRequest($"Wrong old password!"); + return NoContent(); } diff --git a/backend/api/api/Services/UserService.cs b/backend/api/api/Services/UserService.cs index 847757be..f613f923 100644 --- a/backend/api/api/Services/UserService.cs +++ b/backend/api/api/Services/UserService.cs @@ -28,6 +28,7 @@ namespace api.Services } public void Update(string username, User user) { + //username koji postoji u bazi _users.ReplaceOne(user => user.Username == username, user); } public void Delete(string username) |