social-media/backend/Modules/Identity/Handlers/ResetPassword.cs

using Hutopy.Modules.Identity.Data;
using Microsoft.AspNetCore.Identity;

namespace Hutopy.Modules.Identity.Handlers;

[PublicAPI]
public record ResetPasswordRequest(
    string Email,
    string Token,
    string NewPassword);

[PublicAPI]
public class ResetPasswordHandler(
    UserManager userManager)
    : Endpoint<ResetPasswordRequest>
{
    public override void Configure()
    {
        AllowAnonymous();
        Post("/api/users/reset-password");
        Options(o => o.WithTags("Users"));
    }

    public override async Task HandleAsync(
        ResetPasswordRequest request,
        CancellationToken ct)
    {
        // Find user by email
        User? user = await userManager.FindByEmailAsync(request.Email);
        if (user is null)
        {
            await SendStringAsync(
                "Invalid request",
                400,
                cancellation: ct);
            return;
        }

        // Reset password with token
        IdentityResult result = await userManager.ResetPasswordAsync(
            user,
            request.Token,
            request.NewPassword);

        if (!result.Succeeded)
        {
            await SendStringAsync(
                "Invalid or expired token",
                400,
                cancellation: ct);
            return;
        }

        await SendOkAsync(ct);
    }
}