Added password reset request

Rolly-M · May 14, 2018 · 8cb97d2 · 8cb97d2
1 parent e5cf40f
commit 8cb97d2
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 0 deletions.
diff --git a/Controllers/PasswordResetsController.cs b/Controllers/PasswordResetsController.cs
@@ -0,0 +1,49 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using System.Security.Cryptography;
+using dvcsharp_core_api.Models;
+using dvcsharp_core_api.Data;
+
+namespace dvcsharp_core_api
+{
+   [Route("api/[controller]")]
+   public class PasswordResetsController : Controller
+   {
+      private readonly GenericDataContext _context;
+
+      public PasswordResetsController(GenericDataContext context)
+      {
+         _context = context;
+      }
+
+      [HttpPost]
+      public IActionResult Post([FromBody] PasswordResetRequest passwordResetRequest)
+      {
+         if(!ModelState.IsValid)
+         {
+            return BadRequest(ModelState);
+         }
+
+         var exitingUser = _context.Users.
+            Where(b => b.email == passwordResetRequest.email).
+            FirstOrDefault();
+
+         if(exitingUser != null) {
+            ModelState.AddModelError("email", "Email address does not exist");
+            return BadRequest(ModelState);
+         }
+
+         var md5 = MD5.Create();
+         var hash = md5.ComputeHash(System.Text.Encoding.ASCII.GetBytes(passwordResetRequest.email));
+
+         passwordResetRequest.key = BitConverter.ToString(hash).Replace("-", "").ToLowerInvariant();
+         _context.PasswordResetRequests.Add(passwordResetRequest);
+         _context.SaveChanges();
+
+         return Ok();
+      }
+   }
+}
diff --git a/Data/GenericDataContext.cs b/Data/GenericDataContext.cs
@@ -10,5 +10,6 @@ public GenericDataContext(DbContextOptions<GenericDataContext> options) : base(o
       }
 
       public DbSet<User> Users { get; set; }
+      public DbSet<PasswordResetRequest> PasswordResetRequests { get; set; }
    }
 }
diff --git a/Models/PasswordResetRequest.cs b/Models/PasswordResetRequest.cs
@@ -0,0 +1,13 @@
+using System;
+using System.ComponentModel.DataAnnotations;
+
+namespace dvcsharp_core_api.Models
+{
+   public class PasswordResetRequest
+   {
+      public string key { get; set; }
+      public string email { get; set; }
+      public string password { get; set; }
+      public string passwordConfirmation { get; set; }
+   }
+}
diff --git a/README.md b/README.md
@@ -32,3 +32,4 @@ dotnet watch run
 
 * Authentication is custom. It should be replaced with Identity Framework
 * Hardcoded JWT secret and other validation info
+* Weak password reset - same as DVJA
-Original file line number
+Diff line change
@@ Expand Up @@
           }
           public DbSet<User> Users { get; set; }
+          public DbSet<PasswordResetRequest> PasswordResetRequests { get; set; }
        }
     }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -32,3 +32,4 @@ dotnet watch run

		* Authentication is custom. It should be replaced with Identity Framework
		* Hardcoded JWT secret and other validation info
		* Weak password reset - same as DVJA