From 6d815608a0fd517aaf21611ecf341de152f88542 Mon Sep 17 00:00:00 2001 From: pavelbannov Date: Tue, 24 Sep 2019 15:27:13 +0300 Subject: [PATCH] ConfirmAuth: PasswordChange --- common/ASC.Api.Core/Auth/ConfirmAuthHandler.cs | 14 +++++++++++++- .../Server/Controllers/PeopleController.cs | 6 +++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/common/ASC.Api.Core/Auth/ConfirmAuthHandler.cs b/common/ASC.Api.Core/Auth/ConfirmAuthHandler.cs index 5fc3ae1248..f98b6a82e1 100644 --- a/common/ASC.Api.Core/Auth/ConfirmAuthHandler.cs +++ b/common/ASC.Api.Core/Auth/ConfirmAuthHandler.cs @@ -52,12 +52,24 @@ namespace ASC.Api.Core.Auth case ConfirmType.EmailChange: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + SecurityContext.CurrentAccount.ID, key, validInterval); break; + case ConfirmType.PasswordChange: + var userHash = Request.TryGetValue("p", out var p) && p == "1"; + var hash = string.Empty; + + if (userHash) + { + var tenantId = CoreContext.TenantManager.GetCurrentTenant().TenantId; + hash = CoreContext.Authentication.GetUserPasswordHash(tenantId, CoreContext.UserManager.GetUserByEmail(tenantId, _email).ID); + } + + checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)), key, validInterval); + break; default: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval); break; } - var claims = new List() + var claims = new List() { new Claim(ClaimTypes.Role, _type.ToString()) }; diff --git a/products/ASC.People/Server/Controllers/PeopleController.cs b/products/ASC.People/Server/Controllers/PeopleController.cs index e46a9d3ab9..90a46d47b7 100644 --- a/products/ASC.People/Server/Controllers/PeopleController.cs +++ b/products/ASC.People/Server/Controllers/PeopleController.cs @@ -588,7 +588,7 @@ namespace ASC.Employee.Core.Controllers return new ThumbnailsDataWrapper(Tenant, user.ID); } - + public FormFile Base64ToImage(string base64String, string fileName) { byte[] imageBytes = Convert.FromBase64String(base64String); @@ -617,7 +617,7 @@ namespace ASC.Employee.Core.Controllers SecurityContext.DemandPermissions(Tenant, new UserSecurityProvider(userId), Constants.Action_EditUser); - var userPhoto = Base64ToImage(model.base64CroppedImage, "userPhoto_"+ userId.ToString()); + var userPhoto = Base64ToImage(model.base64CroppedImage, "userPhoto_" + userId.ToString()); var defaultUserPhoto = Base64ToImage(model.base64DefaultImage, "defaultPhoto" + userId.ToString()); if (userPhoto.Length > SetupInfo.MaxImageUploadSize) @@ -867,7 +867,7 @@ namespace ASC.Employee.Core.Controllers } [Update("{userid}/password")] - [Authorize(AuthenticationSchemes = "confirm", Roles = "EmailChange,Administrators")] + [Authorize(AuthenticationSchemes = "confirm", Roles = "PasswordChange,EmailChange,Administrators")] public EmployeeWraperFull ChangeUserPassword(Guid userid, MemberModel memberModel) { ApiContext.AuthByClaim();