Add change password

a6f3a3c6 · Koolapong Kongpitak · a4653c04 · a6f3a3c6
Commit a6f3a3c6 authored 4 years ago by Koolapong Kongpitak
Hide whitespace changes
Inline Side-by-side

Showing

with 49 additions and 0 deletions
+49 -0
--- a/SYSCore/Controllers/SystemApiController.cs
+++ b/SYSCore/Controllers/SystemApiController.cs
@@ -155,6 +155,47 @@ namespace SYS_Core.Controllers

        #endregion

+        #region changePwd
+        [HttpPost, Route("ChangePwd")]
+        public IHttpActionResult ChangePwd([FromBody] ChangePwdModel pCPwd)
+        {
+            if(pCPwd.newpassword != pCPwd.confirmpassword)
+            {
+                return ResponseMessage(Request.CreateResponse(HttpStatusCode.NotAcceptable, "Please check new password and confirm new password."));
+            }
+
+            OracleCommand cmd = new OracleCommand();
+
+            //check username & password
+            cmd.CommandText = "SP_NP_CH_PWD_CHK";
+            cmd.Parameters.Add("P_SK_USER_ID", OracleDbType.Varchar2).Value = pCPwd.username;
+            cmd.Parameters.Add("P_PASSWORD", OracleDbType.Varchar2).Value = pCPwd.oldpassword;
+            cmd.Parameters.Add("P_NEW_PASSWORD", OracleDbType.Varchar2).Value = pCPwd.newpassword;
+            cmd.Parameters.Add("R_STATUS", OracleDbType.Varchar2, 10).Direction = ParameterDirection.Output;
+            cmd = oOracledb.SqlQueryReturnValue(cmd);
+
+            if(cmd.Parameters["R_STATUS"].Value.ToString() == "Pass")
+            {
+                cmd = new OracleCommand();
+                cmd.CommandText = "SP_NP_CH_PWD";
+                cmd.Parameters.Add("P_SK_USER_ID", OracleDbType.Varchar2).Value = pCPwd.username;
+                cmd.Parameters.Add("P_NEW_PASSWORD", OracleDbType.Varchar2).Value = pCPwd.newpassword;
+                cmd = oOracledb.SqlQueryReturnValue(cmd);
+            } 
+            else if (cmd.Parameters["R_STATUS"].Value.ToString() == "Fail")
+            {
+                return ResponseMessage(Request.CreateResponse(HttpStatusCode.NotAcceptable, "Incorrect current password."));
+            } 
+            else if (cmd.Parameters["R_STATUS"].Value.ToString() == "Used")
+            {
+                return ResponseMessage(Request.CreateResponse(HttpStatusCode.NotAcceptable, "Password should not same with used password."));
+            }
+
+            return Ok();
+        }
+
+        #endregion
+
        [HttpGet, Route("GetSystemMenu")]
        [Authorize]
        public IHttpActionResult GetSystemMenu()
@@ -1107,5 +1148,13 @@ namespace SYS_Core.Controllers
        public string FILE_NAME { get; set; }
        public string FILE_LOCATION { get; set; }
    }
+
+    public class ChangePwdModel
+    {
+        public string username { get; set; }
+        public string oldpassword { get; set; }
+        public string newpassword { get; set; }
+        public string confirmpassword { get; set; }
+    }
 }