From c77852e3935319559a3021c0bd74383731a72767 Mon Sep 17 00:00:00 2001
From: Ivan Ljubisavljevic <ivan996sk@gmail.com>
Date: Wed, 23 Mar 2022 12:13:31 +0100
Subject: User password change FIX

---
 backend/api/api/Controllers/UserController.cs | 23 ++++++++++++-----------
 backend/api/api/Services/UserService.cs       |  1 +
 2 files changed, 13 insertions(+), 11 deletions(-)

(limited to 'backend/api')

diff --git a/backend/api/api/Controllers/UserController.cs b/backend/api/api/Controllers/UserController.cs
index 96e75c32..0287f3cb 100644
--- a/backend/api/api/Controllers/UserController.cs
+++ b/backend/api/api/Controllers/UserController.cs
@@ -79,7 +79,7 @@ namespace api.Controllers
         // PUT api/<UserController>/changepass 
         [HttpPut("changepass")]
         [Authorize(Roles = "User")]
-        public ActionResult PutPass([FromBody] string oldPassword, [FromBody] string newPassword)
+        public ActionResult PutPass([FromBody] string[] Password)
         {
             string username;
             var header = Request.Headers[HeaderNames.Authorization];
@@ -99,20 +99,21 @@ namespace api.Controllers
             User user = new User();
 
             user = userService.GetUserUsername(username);
-
-            string oldPass = PasswordCrypt.hashPassword(oldPassword);
-            string newPass = PasswordCrypt.hashPassword(newPassword);
-
-            if (oldPass != user.Password)
-                return BadRequest($"Wrong old password!");
-            else if (oldPass == newPassword)
-                return BadRequest($"Identical password!");
-            else if (oldPass == user.Password)
+            
+            if(PasswordCrypt.checkPassword(Password[0], user.Password))
             {
-                user.Password = newPass;
+                if(PasswordCrypt.checkPassword(Password[1], user.Password))
+                {
+                    return BadRequest($"Identical password!");
+                }
+
+                user.Password = PasswordCrypt.hashPassword(Password[1]);
                 userService.Update(username, user);
                 return Ok($"Succeful password change!");
             }
+            else
+                return BadRequest($"Wrong old password!");
+
 
             return NoContent();
         }
diff --git a/backend/api/api/Services/UserService.cs b/backend/api/api/Services/UserService.cs
index 847757be..f613f923 100644
--- a/backend/api/api/Services/UserService.cs
+++ b/backend/api/api/Services/UserService.cs
@@ -28,6 +28,7 @@ namespace api.Services
         }
         public void Update(string username, User user)
         {
+            //username koji postoji u bazi
             _users.ReplaceOne(user => user.Username == username, user);
         }
         public void Delete(string username)
-- 
cgit v1.2.3