Add password changing

2025-10-17 11:02:50 +09:00
parent 5ae278eeca
commit 241171de17
7 changed files with 154 additions and 6 deletions
--- a/Hcs.WebApp/Controllers/IdentityController.cs
+++ b/Hcs.WebApp/Controllers/IdentityController.cs
@ -1,11 +1,14 @@
 using Hcs.WebApp.Data;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Radzen;
+using System.Security.Claims;

 namespace Hcs.WebApp.Controllers
 {
-    [Route("identity/[action]")]
+    [Route("identity/")]
+    [Authorize]
    public class IdentityController(
        IUserStore<AppUser> userStore,
        UserManager<AppUser> userManager,
@ -16,6 +19,8 @@ namespace Hcs.WebApp.Controllers
        private readonly SignInManager<AppUser> signInManager = signInManager;

        [HttpPost]
+        [Route("register")]
+        [AllowAnonymous]
        public async Task<IActionResult> Register(string userName, string password, string returnUrl)
        {
            var user = Activator.CreateInstance<AppUser>();
@ -24,7 +29,7 @@ namespace Hcs.WebApp.Controllers
            var result = await userManager.CreateAsync(user, password);
            if (!result.Succeeded)
            {
-                var error = string.Join(", ", result.Errors.Select(error => error.Description));
+                var error = string.Join(", ", result.Errors.Select(x => x.Description));
                if (!string.IsNullOrEmpty(returnUrl))
                {
                    return Redirect($"/account/register?error={error}&returnUrl={Uri.EscapeDataString(returnUrl)}");
@ -46,6 +51,8 @@ namespace Hcs.WebApp.Controllers
        }

        [HttpPost]
+        [Route("login")]
+        [AllowAnonymous]
        public async Task<IActionResult> Login(string userName, string password, string returnUrl)
        {
            var result = await signInManager.PasswordSignInAsync(userName, password, false, false);
@ -69,11 +76,29 @@ namespace Hcs.WebApp.Controllers
            return Redirect(returnUrl);
        }

+        [HttpGet]
+        [Route("logout")]
        public async Task<IActionResult> Logout()
        {
            await signInManager.SignOutAsync();

            return Redirect("/");
        }
+
+        [HttpPost]
+        [Route("change-password")]
+        public async Task<IActionResult> ChangePassword(string oldPassword, string newPassword)
+        {
+            var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
+            var user = await userManager.FindByIdAsync(userId);
+            var result = await userManager.ChangePasswordAsync(user, oldPassword, newPassword);
+            if (result.Succeeded)
+            {
+                return Ok();
+            }
+
+            var message = string.Join(", ", result.Errors.Select(x => x.Description));
+            return BadRequest(message);
+        }
    }
 }