abzarasadi/Pages/Admin/ChangePassword/Index.cshtml.cs

using AsadiTools.Data;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using System.ComponentModel.DataAnnotations;
using System.Security.Claims;

namespace AsadiTools.Pages.Admin.ChangePassword;

[Authorize(AuthenticationSchemes = "AdminCookie")]
public class ChangePasswordModel(AppDbContext db) : PageModel
{
    [BindProperty] public ChangePasswordInput Input { get; set; } = new();
    public string? ErrorMessage { get; private set; }
    public bool Success { get; private set; }

    public void OnGet() { }

    public async Task<IActionResult> OnPostAsync()
    {
        if (!ModelState.IsValid) return Page();

        var userId = int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier)!);
        var user = await db.AdminUsers.FindAsync(userId);
        if (user is null) return RedirectToPage("/Admin/Login");

        if (!BCrypt.Net.BCrypt.Verify(Input.CurrentPassword, user.PasswordHash))
        {
            ErrorMessage = "رمز عبور فعلی اشتباه است";
            return Page();
        }

        if (Input.NewPassword != Input.ConfirmPassword)
        {
            ErrorMessage = "رمز عبور جدید و تکرار آن یکسان نیستند";
            return Page();
        }

        user.PasswordHash = BCrypt.Net.BCrypt.HashPassword(Input.NewPassword);
        await db.SaveChangesAsync();
        Success = true;
        return Page();
    }
}

public class ChangePasswordInput
{
    [Required] public string CurrentPassword { get; set; } = string.Empty;
    [Required, MinLength(6)] public string NewPassword { get; set; } = string.Empty;
    [Required] public string ConfirmPassword { get; set; } = string.Empty;
}