dodanie zmian z resetem hasła oraz zmianą hasła przez usera, zmiana podejścia do szyfrowania haseł

Controllers/UserController.cs

@@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using FirmTracker_Server.Entities;
 using System.Security.Claims;
+using FirmTracker_Server.Exceptions;
 
 namespace FirmTracker_Server.Controllers
 {
@@ -50,6 +51,69 @@ namespace FirmTracker_Server.Controllers
             }
             return Ok(roleClaim);
         }
+
+        [HttpPost("change-password")]
+        [Authorize(Roles = Roles.User + "," + Roles.Admin)]
+        public ActionResult ChangePassword([FromBody] ChangePasswordDto dto)
+        {
+            if (!ModelState.IsValid)
+            {
+                return BadRequest("Invalid data.");
+            }
+
+            // Get the user ID from the claims of the authenticated user
+            var userIdClaim = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
+
+            if (userIdClaim == null || !int.TryParse(userIdClaim, out var userId))
+            {
+                return Unauthorized("User ID not found.");
+            }
+
+            try
+            {
+                // Pass the userId to the service to find the user
+                var success = UserService.ChangePassword(userId, dto);
+                if (!success)
+                {
+                    return BadRequest("Password change failed.");
+                }
+
+                return Ok("Password changed successfully.");
+            }
+            catch (WrongUserOrPasswordException ex)
+            {
+                return BadRequest(ex.Message);
+            }
+            catch (Exception ex)
+            {
+                return StatusCode(500, "An error occurred: " + ex.Message);
+            }
+        }
+        [HttpPost("reset-password")]
+        [Authorize(Roles = Roles.Admin)]
+        public ActionResult ResetPassword([FromBody] ResetPasswordDto dto)
+        {
+            if (!ModelState.IsValid)
+            {
+                return BadRequest("Invalid data.");
+            }
+
+            try
+            {
+                // Reset password for the user
+                var success = UserService.ResetPassword(dto.UserMail, dto.NewPassword);
+                if (!success)
+                {
+                    return BadRequest("Password reset failed.");
+                }
+
+                return Ok("Password has been successfully reset.");
+            }
+            catch (Exception ex)
+            {
+                return StatusCode(500, "An error occurred: " + ex.Message);
+            }
+        }
         // New method to get all users
         /* [HttpGet("all")]
          [AllowAnonymous]

Models/ChangePasswordDto.cs

@@ -0,0 +1,8 @@
+namespace FirmTracker_Server.Models
+{
+    public class ChangePasswordDto
+    {
+        public string OldPassword { get; set; }
+        public string NewPassword { get; set; }
+    }
+}

Models/ResetPasswordDto.cs

@@ -0,0 +1,8 @@
+namespace FirmTracker_Server.Models
+{
+    public class ResetPasswordDto
+    {
+        public string UserMail { get; set; }  
+        public string NewPassword { get; set; }  
+    }
+}

Program.cs

@@ -73,9 +73,10 @@ namespace FirmTracker_Server
             builder.Services.AddCors(options =>
             {
                 options.AddPolicy("AllowSpecificOrigin",
-                    policy => policy.WithOrigins("http://localhost:3000")
+                    policy => policy.WithOrigins("http://localhost:3000", "https://localhost:7039", "https://localhost:5075", "https://localhost:3000")
                         .AllowAnyHeader()
-                        .AllowAnyMethod());
+                        .AllowAnyMethod()
+                        .AllowCredentials());
             });
             builder.Services.ConfigureAutoMapper();
             builder.Services.ConfigureServiceInjection();
@@ -122,8 +123,8 @@ namespace FirmTracker_Server
             {
                 Console.WriteLine("Nie uda³o siê uruchomiæ swaggera");
             }
-            app.UseHttpsRedirection();
 
+            app.UseRouting();
             app.UseCors("AllowSpecificOrigin");
 
 

Services/UserService.cs

@@ -23,6 +23,8 @@ namespace FirmTracker_Server.Services
         UserDto GetById(int id);
         int AddUser(CreateUserDto dto);
         string CreateTokenJwt(LoginDto dto);
+        bool ChangePassword(int userMail, ChangePasswordDto dto);
+        bool ResetPassword(string userId, string newPassword);
 
     }
 
@@ -54,12 +56,13 @@ namespace FirmTracker_Server.Services
             }
         }
 
+
         public int AddUser(CreateUserDto dto)
         {
             var user = Mapper.Map<User>(dto);
 
             // Encrypt or hash the password based on NewEncryption flag
-            user.PassHash = dto.NewEncryption ? SimplerAES.Encrypt(dto.Password) : PasswordHasher.HashPassword(user, dto.Password);
+            user.PassHash = SimplerAES.Encrypt(dto.Password); //: PasswordHasher.HashPassword(user, dto.Password);
             user.Role = CultureInfo.CurrentCulture.TextInfo.ToTitleCase(dto.Role.ToLower());
 
             using (var session = SessionFactory.OpenSession())
@@ -78,7 +81,75 @@ namespace FirmTracker_Server.Services
                 }
             }
         }
+        public bool ChangePassword(int userId, ChangePasswordDto dto)
+        {
+            using (var session = SessionFactory.OpenSession())
+            using (var transaction = session.BeginTransaction())
+            {
+                // Find user by ID
+                var user = session.Get<User>(userId);
+                if (user == null)
+                {
+                    throw new WrongUserOrPasswordException("User not found.");
+                }
 
+                // Verify old password
+                var oldPasswordCorrect = false;
+                if (user.NewEncryption)
+                {
+                    oldPasswordCorrect = SimplerAES.Decrypt(user.PassHash) == SimplerAES.Decrypt(dto.OldPassword);
+                }
+                else
+                {
+                    oldPasswordCorrect = SimplerAES.Decrypt(user.PassHash) == SimplerAES.Decrypt(dto.OldPassword);
+                }
+
+                if (!oldPasswordCorrect)
+                {
+                    throw new WrongUserOrPasswordException("The old password is incorrect.");
+                }
+
+               
+                if (user.NewEncryption)
+                {
+                    user.PassHash = SimplerAES.Encrypt(dto.NewPassword);
+                }
+                else
+                {
+                    user.PassHash = SimplerAES.Encrypt(dto.NewPassword);
+                }
+
+                session.Update(user);
+                transaction.Commit();
+                return true;
+            }
+        }
+        public bool ResetPassword(string userMail, string newPassword)
+        {
+            using (var session = SessionFactory.OpenSession())
+            using (var transaction = session.BeginTransaction())
+            {
+                var user = session.Get<User>(userMail);
+                if (user == null)
+                {
+                    throw new Exception("User not found");
+                }
+
+                // Encrypt or hash the new password
+                if (user.NewEncryption)
+                {
+                    user.PassHash = SimplerAES.Encrypt(newPassword); // Or apply hashing if needed
+                }
+                else
+                {
+                    user.PassHash = SimplerAES.Encrypt(newPassword);
+                }
+
+                session.Update(user);
+                transaction.Commit();
+                return true;
+            }
+        }
         public string CreateTokenJwt(LoginDto dto)
         {
             User user = null;