3 files changed, 76 insertions, 0 deletions
diff --git a/Timeline/Controllers/UserController.cs b/Timeline/Controllers/UserController.cs
index 59c7a48c..552bfb2f 100644
--- a/Timeline/Controllers/UserController.cs
+++ b/Timeline/Controllers/UserController.cs
@@ -78,5 +78,22 @@ namespace Timeline.Controllers
                     throw new Exception("Uncreachable code.");
             }
         }
+
+        [HttpPost("userop/changepassword"), Authorize]
+        public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordRequest request)
+        {
+            var result = await _userService.ChangePassword(User.Identity.Name, request.OldPassword, request.NewPassword);
+            switch (result)
+            {
+                case ChangePasswordResult.Success:
+                    return Ok(ChangePasswordResponse.Success);
+                case ChangePasswordResult.BadOldPassword:
+                    return Ok(ChangePasswordResponse.BadOldPassword);
+                case ChangePasswordResult.NotExists:
+                    return Ok(ChangePasswordResponse.NotExists);
+                default:
+                    throw new Exception("Uncreachable code.");
+            }
+        }
     }
 }
diff --git a/Timeline/Entities/Http/User.cs b/Timeline/Entities/Http/User.cs
index 24952ac7..d42ca088 100644
--- a/Timeline/Entities/Http/User.cs
+++ b/Timeline/Entities/Http/User.cs
@@ -23,4 +23,21 @@
         public static ReturnCodeMessageResponse Deleted { get; } = new ReturnCodeMessageResponse(DeletedCode, "A existing user is deleted.");
         public static ReturnCodeMessageResponse NotExists { get; } = new ReturnCodeMessageResponse(NotExistsCode, "User with given name does not exists.");
     }
+
+    public class ChangePasswordRequest
+    {
+        public string OldPassword { get; set; }
+        public string NewPassword { get; set; }
+    }
+
+    public static class ChangePasswordResponse
+    {
+        public const int SuccessCode = 0;
+        public const int BadOldPasswordCode = 1;
+        public const int NotExistsCode = 2;
+
+        public static ReturnCodeMessageResponse Success { get; } = new ReturnCodeMessageResponse(SuccessCode, "Success to change password.");
+        public static ReturnCodeMessageResponse BadOldPassword { get; } = new ReturnCodeMessageResponse(BadOldPasswordCode, "Old password is wrong.");
+        public static ReturnCodeMessageResponse NotExists { get; } = new ReturnCodeMessageResponse(NotExistsCode, "Username does not exists, please update token.");
+    }
 }
diff --git a/Timeline/Services/UserService.cs b/Timeline/Services/UserService.cs
index 8615d0c5..75ad3331 100644
--- a/Timeline/Services/UserService.cs
+++ b/Timeline/Services/UserService.cs
@@ -49,6 +49,22 @@ namespace Timeline.Services
         NotExists
     }
 
+    public enum ChangePasswordResult
+    {
+        /// <summary>
+        /// Success to change password.
+        /// </summary>
+        Success,
+        /// <summary>
+        /// The user does not exists.
+        /// </summary>
+        NotExists,
+        /// <summary>
+        /// Old password is wrong.
+        /// </summary>
+        BadOldPassword
+    }
+
     public interface IUserService
     {
         /// <summary>
@@ -113,6 +129,17 @@ namespace Timeline.Services
         /// <returns><see cref="DeleteUserResult.Deleted"/> if the user is deleted.
         /// <see cref="DeleteUserResult.NotExists"/> if the user doesn't exist.</returns>
         Task<DeleteUserResult> DeleteUser(string username);
+
+        /// <summary>
+        /// Try to change a user's password with old password.
+        /// </summary>
+        /// <param name="username">The name of user to change password of.</param>
+        /// <param name="oldPassword">The user's old password.</param>
+        /// <param name="newPassword">The user's new password.</param>
+        /// <returns><see cref="ChangePasswordResult.Success"/> if success.
+        /// <see cref="ChangePasswordResult.NotExists"/> if user does not exist.
+        /// <see cref="ChangePasswordResult.BadOldPassword"/> if old password is wrong.</returns>
+        Task<ChangePasswordResult> ChangePassword(string username, string oldPassword, string newPassword);
     }
 
     public class UserService : IUserService
@@ -252,5 +279,20 @@ namespace Timeline.Services
             await _databaseContext.SaveChangesAsync();
             return DeleteUserResult.Deleted;
         }
+
+        public async Task<ChangePasswordResult> ChangePassword(string username, string oldPassword, string newPassword)
+        {
+            var user = await _databaseContext.Users.Where(u => u.Name == username).SingleOrDefaultAsync();
+            if (user == null)
+                return ChangePasswordResult.NotExists;
+
+            var verifyResult = _passwordService.VerifyPassword(user.EncryptedPassword, oldPassword);
+            if (!verifyResult)
+                return ChangePasswordResult.BadOldPassword;
+
+            user.EncryptedPassword = _passwordService.HashPassword(newPassword);
+            await _databaseContext.SaveChangesAsync();
+            return ChangePasswordResult.Success;
+        }
     }
 }