ConfirmAuth: PasswordChange

2019-09-24 15:27:13 +03:00 · 2019-09-24 15:27:13 +03:00 · 6d815608a0
commit 6d815608a0
parent 1c506fbf1f
2 changed files with 16 additions and 4 deletions
--- a/common/ASC.Api.Core/Auth/ConfirmAuthHandler.cs
+++ b/common/ASC.Api.Core/Auth/ConfirmAuthHandler.cs
@ -52,12 +52,24 @@ namespace ASC.Api.Core.Auth
                case ConfirmType.EmailChange:
                    checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + SecurityContext.CurrentAccount.ID, key, validInterval);
                    break;
+                case ConfirmType.PasswordChange:
+                    var userHash = Request.TryGetValue("p", out var p) && p == "1";
+                    var hash = string.Empty;
+
+                    if (userHash)
+                    {
+                        var tenantId = CoreContext.TenantManager.GetCurrentTenant().TenantId;
+                        hash = CoreContext.Authentication.GetUserPasswordHash(tenantId, CoreContext.UserManager.GetUserByEmail(tenantId, _email).ID);
+                    }
+
+                    checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)), key, validInterval);
+                    break;
                default:
                    checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval);
                    break;
            }

-            var claims = new List<Claim>() 
+            var claims = new List<Claim>()
            {
                new Claim(ClaimTypes.Role, _type.ToString())
            };
--- a/products/ASC.People/Server/Controllers/PeopleController.cs
+++ b/products/ASC.People/Server/Controllers/PeopleController.cs
@ -588,7 +588,7 @@ namespace ASC.Employee.Core.Controllers

            return new ThumbnailsDataWrapper(Tenant, user.ID);
        }
-        
+
        public FormFile Base64ToImage(string base64String, string fileName)
        {
            byte[] imageBytes = Convert.FromBase64String(base64String);
@ -617,7 +617,7 @@ namespace ASC.Employee.Core.Controllers

                SecurityContext.DemandPermissions(Tenant, new UserSecurityProvider(userId), Constants.Action_EditUser);

-                var userPhoto = Base64ToImage(model.base64CroppedImage, "userPhoto_"+ userId.ToString());
+                var userPhoto = Base64ToImage(model.base64CroppedImage, "userPhoto_" + userId.ToString());
                var defaultUserPhoto = Base64ToImage(model.base64DefaultImage, "defaultPhoto" + userId.ToString());

                if (userPhoto.Length > SetupInfo.MaxImageUploadSize)
@ -867,7 +867,7 @@ namespace ASC.Employee.Core.Controllers
        }

        [Update("{userid}/password")]
-        [Authorize(AuthenticationSchemes = "confirm", Roles = "EmailChange,Administrators")]
+        [Authorize(AuthenticationSchemes = "confirm", Roles = "PasswordChange,EmailChange,Administrators")]
        public EmployeeWraperFull ChangeUserPassword(Guid userid, MemberModel memberModel)
        {
            ApiContext.AuthByClaim();